Results 1 to 9 of 9

Thread: Win32.Agent.adb won't disappear

  1. #1
    Junior Member
    Join Date
    May 2012
    Location
    portugal
    Posts
    5

    Default Win32.Agent.adb won't disappear

    Hi,
    My spybot has detected a trojan called win32.agent.adb. Even though spybot corrected it, the trojan appeared again after I did the second scan.
    I think this trojan might be the one responsible for this ---» ´´~~ and ^^ (duplication of accent marks)... :s

    Could you please help me with this issue?

    Thank you for your time and help! =)

    Here is the DDS report:

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421
    Run by User at 9:00:04 on 2012-05-04
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.351.2070.18.8096.5598 [GMT 1:00]
    .
    AV: G Data InternetSecurity 2011 *Enabled/Updated* {54ACC2FC-837E-E665-7A92-5352D560D5EF}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: G Data Personal Firewall *Enabled* {6C9743D9-C911-E73D-51CD-FA672BB39294}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\FBAgent.exe
    C:\Windows\system32\WLANExt.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
    C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
    C:\Program Files (x86)\Common Files\InstantOn\InsOnSrv.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\AsScrPro.exe
    C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
    C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
    C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
    C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
    C:\Program Files\P4G\BatteryLife.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
    C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
    C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe
    C:\Program Files (x86)\Common Files\InstantOn\InsOnWMI.exe
    C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlX64.exe
    C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
    C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    C:\ASUS.SYS\SIONExportService.exe
    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Program Files\Intel\TurboBoost\TurboBoost.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Windows\SysWOW64\ACEngSvr.exe
    C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files (x86)\uTorrent\uTorrent.exe
    C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\servicing\TrustedInstaller.exe
    C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
    C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
    C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
    C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
    C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
    C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
    C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe
    C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
    C:\Program Files (x86)\Common Files\G Data\AVKProxy\AvkBap64.exe
    C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Windows\SysWOW64\NOTEPAD.EXE
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.pt/
    uDefault_Page_URL = hxxp://asus.msn.com
    mStart Page = hxxp://asus.msn.com
    mWinlogon: Userinit=userinit.exe
    BHO: G Data WebFilter: {0124123d-61b4-456f-af86-78c53a0790c5} - C:\Program Files (x86)\G Data\InternetSecurity\WebFilter\AvkWebIE.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB: G Data WebFilter: {0124123d-61b4-456f-af86-78c53a0790c5} - C:\Program Files (x86)\G Data\InternetSecurity\WebFilter\AvkWebIE.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
    uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
    uRun: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
    uRun: [AdobeBridge]
    uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    mRun: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"
    mRun: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe /S
    mRun: [SonicMasterTray] C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe
    mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
    mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
    mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
    mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
    mRun: [RemoteControl10] "C:\Program Files (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe"
    mRun: [UpdatePSTShortCut] "C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Cyberlink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
    mRun: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
    mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
    mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
    mRun: [G Data AntiVirus Tray Application] C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe
    mRun: [GDFirewallTray] C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe
    mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
    StartupFolder: C:\Users\User\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
    StartupFolder: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PHOTOS~2.EXE
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ASUSVI~1.LNK - C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FANCYS~1.LNK - C:\Windows\Installer\{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}\_77B5857C27147149171BE7.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: E&xportar para o Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    TCP: DhcpNameServer = 213.13.175.65 212.55.154.174 212.55.154.190
    TCP: Interfaces\{6C69B304-E3A8-4A52-BFDB-01262BE32BDF} : DhcpNameServer = 213.13.175.65 212.55.154.174 212.55.154.190
    TCP: Interfaces\{6C69B304-E3A8-4A52-BFDB-01262BE32BDF}\079647164616 : DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{6C69B304-E3A8-4A52-BFDB-01262BE32BDF}\4586F6D637F6E6244423446383 : DhcpNameServer = 192.168.1.254 192.168.1.254
    TCP: Interfaces\{6C69B304-E3A8-4A52-BFDB-01262BE32BDF}\56465727F616D6 : DhcpNameServer = 193.137.16.65 193.137.16.145 193.137.16.75
    TCP: Interfaces\{6C69B304-E3A8-4A52-BFDB-01262BE32BDF}\C464D265F646 : DhcpNameServer = 192.168.25.2
    TCP: Interfaces\{94A59F7C-B91E-44A0-8A1B-28CABCA82446} : DhcpNameServer = 192.168.25.2
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    {0124123D-61B4-456f-AF86-78C53A0790C5}
    {53707962-6F74-2D53-2644-206D7942484F}
    {72853161-30C5-4D22-B7F9-0BBC1D38A37E}
    {9030D464-4C02-4ABF-8ECC-5164760863C6}
    {AA58ED58-01DD-4d91-8333-CF10577473F7}
    {0124123D-61B4-456f-AF86-78C53A0790C5}
    {2318C2B1-4965-11d4-9B18-009027A5CD4F}
    mRun-x64: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"
    mRun-x64: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe /S
    mRun-x64: [SonicMasterTray] C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe
    mRun-x64: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
    mRun-x64: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
    mRun-x64: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
    mRun-x64: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
    mRun-x64: [RemoteControl10] "C:\Program Files (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe"
    mRun-x64: [UpdatePSTShortCut] "C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Cyberlink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
    mRun-x64: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
    mRun-x64: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
    mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
    mRun-x64: [G Data AntiVirus Tray Application] C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe
    mRun-x64: [GDFirewallTray] C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe
    mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
    AppInit_DLLs-X64: C:\Windows\SysWOW64\nvinit.dll
    SEH-X64: {B5A7F190-DDA6-4420-B3BA-52453494E6CD}: Groove GFS Stub Execution Hook
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 GDBehave;GDBehave;C:\Windows\system32\drivers\GDBehave.sys --> C:\Windows\system32\drivers\GDBehave.sys [?]
    R0 nvpciflt;nvpciflt;C:\Windows\system32\DRIVERS\nvpciflt.sys --> C:\Windows\system32\DRIVERS\nvpciflt.sys [?]
    R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-5-26 17536]
    R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
    R1 GDMnIcpt;GDMnIcpt;\??\C:\Windows\system32\drivers\MiniIcpt.sys --> C:\Windows\system32\drivers\MiniIcpt.sys [?]
    R1 gdwfpcd;G DATA WFP CD;C:\Windows\system32\drivers\gdwfpcd64.sys --> C:\Windows\system32\drivers\gdwfpcd64.sys [?]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 AFBAgent;AFBAgent;"C:\Windows\system32\FBAgent.exe" --> C:\Windows\system32\FBAgent.exe [?]
    R2 AMPPALR3;Intel® Centrino® Bluetooth 3.0 + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-4-21 1136640]
    R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-3 15416]
    R2 ASUS InstantOn;ASUS InstantOn Service;C:\Program Files (x86)\Common Files\InstantOn\InsOnSrv.exe [2011-7-8 88704]
    R2 AVKProxy;Proxy do G Data AntiVírus;C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [2010-8-10 1072200]
    R2 AVKService;G Data Scheduler;C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe [2010-8-10 410696]
    R2 AVKWCtl;G Data Sentinela do sistema de ficheiros;C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlX64.exe [2010-3-15 1778336]
    R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-3-30 923984]
    R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2011-3-30 1001808]
    R2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-4-21 134928]
    R2 Fabs;FABS - Helping agent for MAGIX media database;C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2011-1-14 1839616]
    R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2012-4-12 1997416]
    R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-5-3 1153368]
    R2 Splashtop MDES;Splashtop Meta Data Export Service;C:\ASUS.SYS\SIONExportService.exe [2011-5-10 338208]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-5-27 378472]
    R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]
    R2 TurboBoost;Intel(R) Turbo Boost Technology Monitor;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-4-17 134928]
    R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-4-12 2655768]
    R3 AiCharger;ASUS Charger Driver;C:\Windows\system32\DRIVERS\AiCharger.sys --> C:\Windows\system32\DRIVERS\AiCharger.sys [?]
    R3 AMPPAL;Intel(R) Centrino(R) Bluetooth 3.0 + High Speed Virtual Adapter;C:\Windows\system32\DRIVERS\AMPPAL.sys --> C:\Windows\system32\DRIVERS\AMPPAL.sys [?]
    R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\system32\DRIVERS\asmthub3.sys --> C:\Windows\system32\DRIVERS\asmthub3.sys [?]
    R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\system32\DRIVERS\asmtxhci.sys --> C:\Windows\system32\DRIVERS\asmtxhci.sys [?]
    R3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2011-3-30 1321296]
    R3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\system32\DRIVERS\btmaux.sys --> C:\Windows\system32\DRIVERS\btmaux.sys [?]
    R3 btmhsf;btmhsf;C:\Windows\system32\DRIVERS\btmhsf.sys --> C:\Windows\system32\DRIVERS\btmhsf.sys [?]
    R3 GDFwSvc;G Data Personal Firewall;C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe [2010-4-16 1666096]
    R3 GDPkIcpt;GDPkIcpt;\??\C:\Windows\system32\drivers\PktIcpt.sys --> C:\Windows\system32\drivers\PktIcpt.sys [?]
    R3 GDScan;G Data Scanner;C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [2010-4-22 339016]
    R3 HookCentre;HookCentre;\??\C:\Windows\system32\drivers\HookCentre.sys --> C:\Windows\system32\drivers\HookCentre.sys [?]
    R3 iBtFltCoex;iBtFltCoex;C:\Windows\system32\DRIVERS\iBtFltCoex.sys --> C:\Windows\system32\DRIVERS\iBtFltCoex.sys [?]
    R3 iwdbus;IWD Bus Enumerator;C:\Windows\system32\DRIVERS\iwdbus.sys --> C:\Windows\system32\DRIVERS\iwdbus.sys [?]
    R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]
    R3 MEIx64;Intel(R) Management Engine Interface ;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
    R3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
    R3 wdkmd;Intel WiDi KMD;C:\Windows\system32\DRIVERS\WDKMD.sys --> C:\Windows\system32\DRIVERS\WDKMD.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate;Serviço Google Update (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-5-3 136176]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-16 253088]
    S3 AMPPALP;Intel(R) Centrino(R) Bluetooth 3.0 + High Speed Protocol;C:\Windows\system32\DRIVERS\amppal.sys --> C:\Windows\system32\DRIVERS\amppal.sys [?]
    S3 AmUStor;AM USB Stroage Driver;C:\Windows\system32\drivers\AmUStor.SYS --> C:\Windows\system32\drivers\AmUStor.SYS [?]
    S3 cphs;Intel(R) Content Protection HECI Service;C:\Windows\SysWOW64\IntelCpHeciSvc.exe [2012-2-14 276248]
    S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-8-7 3276800]
    S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
    S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
    S3 gupdatem;Serviço Google Update (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-5-3 136176]
    S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\system32\drivers\intelaud.sys --> C:\Windows\system32\drivers\intelaud.sys [?]
    S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-5-2 340240]
    S3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
    S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\system32\DRIVERS\SiSG664.sys --> C:\Windows\system32\DRIVERS\SiSG664.sys [?]
    S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
    S3 WatAdminSvc;Serviço de Tecnologias de Activação do Windows;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
    .
    =============== Created Last 30 ================
    .
    2012-05-03 17:25:48 -------- d-----w- C:\Program Files\CCleaner
    2012-05-03 17:25:31 -------- d-----w- C:\Users\User\AppData\Local\Google
    2012-05-03 13:26:33 -------- d-----w- C:\Users\User\AppData\Roaming\Malwarebytes
    2012-05-03 13:26:30 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    2012-05-03 13:26:29 -------- d-----w- C:\ProgramData\Malwarebytes
    2012-05-03 13:26:28 22104 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-05-03 13:26:28 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-05-03 13:06:15 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
    2012-05-03 13:06:15 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
    2012-05-03 11:30:05 -------- d-----w- C:\Users\User\AppData\Local\G DATA
    2012-05-02 20:55:03 -------- d-----w- C:\Users\User\AppData\Local\Windows Live
    2012-05-02 20:54:45 -------- d-----w- C:\Users\User\AppData\Local\{FCE76A81-D966-4E2A-BEDE-21970D98B724}
    2012-05-02 08:06:30 16200 ----a-w- C:\Windows\stinger.sys
    2012-05-02 08:06:13 -------- d-----w- C:\Program Files (x86)\stinger
    2012-05-01 21:00:29 8917360 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{EDF11637-ED57-44F5-957B-F99F04341B73}\mpengine.dll
    2012-05-01 11:39:11 -------- d-----w- C:\Users\User\AppData\Roaming\dclogs
    2012-05-01 11:39:06 1097728 ----a-w- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PHOTOS~2.EXE
    2012-05-01 11:06:42 -------- d-----w- C:\ProgramData\regid.1986-12.com.adobe
    2012-05-01 10:59:59 -------- d-----w- C:\Users\User\AppData\Local\Adobe
    2012-04-26 16:47:33 -------- d-----w- C:\Program Files (x86)\Satillana MIM
    2012-04-23 14:46:05 -------- d-----w- C:\Users\User\AppData\Local\{F16823D5-E2C4-40BF-9C2B-A907C2D6BA7E}
    2012-04-23 14:46:05 -------- d-----w- C:\Users\User\AppData\Local\{6773AA2D-EFE5-4BF6-8179-0E4A5190A62B}
    2012-04-23 14:02:02 -------- d-----w- C:\Users\User\AppData\Local\Diagnostics
    2012-04-18 18:01:57 -------- d-----w- C:\Program Files\WinPcap
    2012-04-18 18:01:50 3623592 ----a-w- C:\Program Files (x86)\Common Files\ApnToolbarInstaller.exe
    2012-04-18 18:01:50 143240 ----a-w- C:\Program Files (x86)\Common Files\ApnStub.exe
    2012-04-17 19:49:04 -------- d-----w- C:\Program Files (x86)\Microsoft WSE
    2012-04-17 19:48:35 3977496 ----a-w- C:\Windows\System32\d3dx9_31.dll
    2012-04-17 19:48:35 2414360 ----a-w- C:\Windows\SysWow64\d3dx9_31.dll
    2012-04-17 19:41:02 283200 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
    2012-04-17 19:40:59 -------- d-----w- C:\Users\User\AppData\Roaming\DAEMON Tools Lite
    2012-04-17 19:40:59 -------- d-----w- C:\Program Files (x86)\DAEMON Tools Lite
    2012-04-17 19:40:16 -------- d-----w- C:\ProgramData\DAEMON Tools Lite
    2012-04-17 18:10:34 98816 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
    2012-04-17 18:10:34 7936 ----a-w- C:\Windows\System32\drivers\usbd.sys
    2012-04-17 18:10:34 52736 ----a-w- C:\Windows\System32\drivers\usbehci.sys
    2012-04-17 18:10:34 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
    2012-04-17 18:10:34 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
    2012-04-17 18:10:34 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
    2012-04-17 18:10:34 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
    2012-04-17 18:06:22 80384 ----a-w- C:\Windows\System32\drivers\BTHUSB.SYS
    2012-04-17 18:06:22 552960 ----a-w- C:\Windows\System32\drivers\bthport.sys
    2012-04-17 17:23:33 -------- d-----w- C:\ProgramData\ASUS
    2012-04-17 17:18:56 -------- d-----w- C:\Users\User\AppData\Local\{375F6513-C406-4855-BBF5-AE473559B0EB}
    2012-04-17 17:16:48 -------- d-----w- C:\Users\User\AppData\Roaming\MAGIX
    2012-04-17 15:32:09 -------- d-----w- C:\Users\User\AppData\Local\Cyberlink
    2012-04-17 14:27:10 -------- d-----w- C:\Users\User\AppData\Roaming\Princess Isabella
    2012-04-17 10:27:25 -------- d-----w- C:\Windows\SysWow64\Wat
    2012-04-17 10:27:25 -------- d-----w- C:\Windows\System32\Wat
    2012-04-17 10:17:00 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
    2012-04-17 10:11:24 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2012-04-17 10:11:24 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2012-04-17 10:11:24 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2012-04-17 10:08:17 81408 ----a-w- C:\Windows\System32\imagehlp.dll
    2012-04-17 10:08:17 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
    2012-04-17 10:08:17 5120 ----a-w- C:\Windows\System32\wmi.dll
    2012-04-17 10:08:17 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
    2012-04-17 10:08:17 220672 ----a-w- C:\Windows\System32\wintrust.dll
    2012-04-17 10:08:17 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
    2012-04-17 10:08:17 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
    2012-04-17 09:31:59 3145728 ----a-w- C:\Windows\System32\win32k.sys
    2012-04-16 20:46:36 -------- d-----w- C:\Program Files (x86)\uTorrent
    2012-04-16 20:45:34 -------- d-----w- C:\Users\User\AppData\Roaming\uTorrent
    2012-04-16 20:43:54 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
    2012-04-16 20:43:54 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
    2012-04-16 20:43:54 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
    2012-04-16 20:43:53 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
    2012-04-16 20:43:53 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
    2012-04-16 20:43:53 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
    2012-04-16 20:43:53 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
    2012-04-16 16:42:48 -------- d-----w- C:\Users\User\AppData\Roaming\FLEXnet
    2012-04-16 16:42:46 -------- d-----w- C:\Users\User\AppData\Roaming\Nuance
    2012-04-16 16:42:44 -------- d-----w- C:\Users\User\AppData\Roaming\Zeon
    2012-04-16 13:00:38 279656 ------w- C:\Windows\System32\MpSigStub.exe
    2012-04-16 12:54:38 106224 ----a-w- C:\Windows\SysWow64\drivers\GRD.sys
    2012-04-16 12:38:00 40392 ----a-w- C:\Windows\System32\drivers\GDBehave.sys
    2012-04-16 12:37:59 57288 ----a-w- C:\Windows\System32\drivers\PktIcpt.sys
    2012-04-16 12:37:56 49096 ----a-w- C:\Windows\System32\drivers\HookCentre.sys
    2012-04-16 12:37:44 84936 ----a-w- C:\Windows\System32\drivers\MiniIcpt.sys
    2012-04-16 12:37:43 48584 ----a-w- C:\Windows\System32\drivers\gdwfpcd64.sys
    2012-04-16 12:37:35 -------- d-----w- C:\ProgramData\G Data
    2012-04-16 12:37:35 -------- d-----w- C:\Program Files (x86)\G Data
    2012-04-16 12:37:35 -------- d-----w- C:\Program Files (x86)\Common Files\G Data
    2012-04-16 12:36:04 -------- d-----w- C:\Users\User\AppData\Local\Downloaded Installations
    2012-04-16 12:00:32 -------- d-----w- C:\Program Files (x86)\The KMPlayer
    2012-04-16 10:01:29 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-04-16 10:01:29 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-04-16 09:54:47 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8
    2012-04-16 09:54:30 -------- d-----w- C:\Users\User\AppData\Local\Microsoft Help
    2012-04-16 09:49:03 -------- d-----w- C:\Program Files (x86)\AVG
    2012-04-16 09:45:23 -------- d--h--w- C:\ProgramData\Common Files
    2012-04-16 09:44:57 -------- d-----w- C:\ProgramData\MFAData
    2012-04-16 01:36:27 -------- d-----w- C:\Users\User\AppData\Roaming\ASUS WebStorage
    2012-04-16 01:34:00 -------- d-----w- C:\Users\User\AppData\Local\Power2Go
    2012-04-16 01:32:13 -------- d-sh--we C:\Programme
    2012-04-16 01:32:13 -------- d-sh--we C:\ProgramData\Vorlagen
    2012-04-16 01:32:13 -------- d-sh--we C:\ProgramData\Startmenü
    2012-04-16 01:32:13 -------- d-sh--we C:\ProgramData\Favoriten
    2012-04-16 01:32:13 -------- d-sh--we C:\ProgramData\Dokumente
    2012-04-16 01:32:13 -------- d-sh--we C:\ProgramData\Anwendungsdaten
    2012-04-16 01:32:13 -------- d-sh--we C:\Program Files\Gemeinsame Dateien
    2012-04-16 01:32:13 -------- d-sh--we C:\Dokumente und Einstellungen
    2012-04-12 20:59:51 -------- d--h--w- C:\ASUS.DAT
    2012-04-12 20:59:51 -------- d-----w- C:\ProgramData\FolderView
    2012-04-12 20:05:03 -------- d-----w- C:\eSupport
    2012-04-12 19:38:24 -------- d-----w- C:\Windows\System32\AsMakeLink
    2012-04-12 19:38:23 80512 ----a-w- C:\Windows\AsusScr_N5_En Uninstaller.exe
    2012-04-12 19:38:19 3058304 ----a-w- C:\Windows\AsScrPro.exe
    2012-04-12 19:38:19 287176399 ------w- C:\Windows\System32\AsusScr_N5_En.scr
    2012-04-12 19:37:56 -------- d-----w- C:\ProgramData\USBChargerPlus
    2012-04-12 19:37:54 45056 ----a-w- C:\Windows\System32\acovcnt.exe
    2012-04-12 19:36:22 16768 ----a-w- C:\Windows\System32\drivers\AiCharger.sys
    2012-04-12 19:35:06 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
    2012-04-12 19:35:06 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
    2012-04-12 19:35:06 29480 ----a-w- C:\Windows\SysWow64\msxml3a.dll
    2012-04-12 19:31:04 -------- d-----w- C:\ProgramData\ASUS Music Maker
    2012-04-12 19:31:04 -------- d-----w- C:\Program Files (x86)\ASUS Music Maker
    2012-04-12 19:30:59 -------- d-----w- C:\ProgramData\MAGIX
    2012-04-12 19:30:58 -------- d-----w- C:\Program Files (x86)\Common Files\MAGIX Services
    2012-04-12 19:30:27 -------- d--h--w- C:\dvmexp
    2012-04-12 19:30:06 -------- d--h--w- C:\ASUS.SYS
    2012-04-12 19:30:00 -------- d--h--w- C:\temp
    2012-04-12 19:28:39 -------- d-----w- C:\Program Files (x86)\Intel Corporation
    2012-04-12 19:28:39 -------- d-----w- C:\Program Files (x86)\Common Files\Intel Corporation
    2012-04-12 19:24:11 -------- d-----w- C:\ProgramData\Roaming
    2012-04-12 19:23:33 -------- d-----w- C:\Program Files (x86)\Cisco
    2012-04-12 19:23:25 -------- d-----w- C:\Program Files\Synaptics
    2012-04-12 19:21:47 -------- d-----w- C:\Program Files (x86)\ASM104xUSB3
    2012-04-12 19:21:43 -------- d-----w- C:\ProgramData\AmUStor
    2012-04-12 19:21:43 -------- d-----w- C:\Program Files (x86)\AmIcoSingLun
    2012-04-12 19:21:08 -------- d-----w- C:\ProgramData\SonicFocus
    2012-04-12 19:21:06 -------- d-----w- C:\Windows\SysWow64\RTCOM
    2012-04-12 19:21:06 -------- d-----w- C:\Program Files\Realtek
    2012-04-12 19:19:28 -------- d-----w- C:\Windows\SysWow64\NV
    2012-04-12 19:19:28 -------- d-----w- C:\Windows\System32\NV
    2012-04-12 19:15:40 -------- d-----w- C:\Program Files\Common Files\Intel
    2012-04-12 19:15:40 -------- d-----w- C:\Program Files (x86)\Common Files\Intel
    2012-04-12 19:14:27 8192 ----a-w- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll
    2012-04-12 19:14:27 8192 ----a-w- C:\Windows\System32\drivers\IntelMEFWVer.dll
    2012-04-12 19:14:24 -------- d-----w- C:\Program Files (x86)\Common Files\postureAgent
    2012-04-12 19:11:47 53248 ----a-w- C:\Windows\SysWow64\CSVer.dll
    2012-04-12 19:11:43 -------- d-----w- C:\Intel
    2012-04-12 19:10:21 951680 ----a-w- C:\Windows\System32\drivers\ndis.sys
    .
    ==================== Find3M ====================
    .
    2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll
    2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll
    2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
    2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2012-02-14 17:55:04 276248 ----a-w- C:\Windows\SysWow64\IntelCpHeciSvc.exe
    2012-02-14 17:55:02 5886232 ----a-w- C:\Windows\System32\GfxUI.exe
    2012-02-14 17:55:02 511768 ----a-w- C:\Windows\System32\igfxsrvc.exe
    2012-02-14 17:55:02 440600 ----a-w- C:\Windows\System32\igfxpers.exe
    2012-02-14 17:55:02 398616 ----a-w- C:\Windows\System32\hkcmd.exe
    2012-02-14 17:55:02 250136 ----a-w- C:\Windows\System32\igfxext.exe
    2012-02-14 17:55:02 184600 ----a-w- C:\Windows\System32\difx64.exe
    2012-02-14 17:55:02 170264 ----a-w- C:\Windows\System32\igfxtray.exe
    2012-02-14 17:53:26 90112 ----a-w- C:\Windows\System32\igfxCoIn_v2653.dll
    2012-02-14 17:47:40 8086528 ----a-w- C:\Windows\System32\igdumd64.dll
    2012-02-14 17:47:38 14692224 ----a-w- C:\Windows\System32\drivers\igdkmd64.sys
    2012-02-14 17:47:06 963912 ----a-w- C:\Windows\SysWow64\igkrng600.bin
    2012-02-14 17:47:06 963912 ----a-w- C:\Windows\System32\igkrng600.bin
    2012-02-14 17:47:06 79360 ----a-w- C:\Windows\System32\igdde64.dll
    2012-02-14 17:47:06 261208 ----a-w- C:\Windows\SysWow64\igfcg600m.bin
    2012-02-14 17:47:06 261208 ----a-w- C:\Windows\System32\igfcg600m.bin
    2012-02-14 17:44:54 6120960 ----a-w- C:\Windows\SysWow64\igdumd32.dll
    2012-02-14 17:44:24 58880 ----a-w- C:\Windows\SysWow64\igdde32.dll
    2012-02-14 17:42:58 9605632 ----a-w- C:\Windows\System32\igd10umd64.dll
    2012-02-14 17:35:26 7794688 ----a-w- C:\Windows\SysWow64\igd10umd32.dll
    2012-02-14 17:07:18 18125312 ----a-w- C:\Windows\System32\ig4icd64.dll
    2012-02-14 16:59:56 13209600 ----a-w- C:\Windows\SysWow64\ig4icd32.dll
    2012-02-14 16:56:42 110592 ----a-w- C:\Windows\System32\hccutils.dll
    2012-02-14 16:56:34 9216 ----a-w- C:\Windows\System32\IGFXDEVLib.dll
    2012-02-14 16:56:34 430080 ----a-w- C:\Windows\System32\igfxdev.dll
    2012-02-14 16:56:34 172032 ----a-w- C:\Windows\System32\gfxSrvc.dll
    2012-02-14 16:56:06 286208 ----a-w- C:\Windows\System32\igfxrenu.lrc
    2012-02-14 16:56:04 142336 ----a-w- C:\Windows\System32\igfxdo.dll
    2012-02-14 16:56:02 9007616 ----a-w- C:\Windows\System32\igfxress.dll
    2012-02-14 16:55:06 25088 ----a-w- C:\Windows\SysWow64\igfxexps32.dll
    2012-02-14 16:54:36 321024 ----a-w- C:\Windows\SysWow64\igfxdv32.dll
    2012-02-14 16:53:08 524800 ----a-w- C:\Windows\System32\iglhsip64.dll
    2012-02-14 16:53:08 519680 ----a-w- C:\Windows\SysWow64\iglhsip32.dll
    2012-02-14 16:53:08 2967040 ----a-w- C:\Windows\System32\igfxcmjit64.dll
    2012-02-14 16:53:08 237056 ----a-w- C:\Windows\SysWow64\igfxcmrt32.dll
    2012-02-14 16:53:08 2321408 ----a-w- C:\Windows\SysWow64\igfxcmjit32.dll
    2012-02-14 16:53:08 213504 ----a-w- C:\Windows\System32\iglhcp64.dll
    2012-02-14 16:53:08 193024 ----a-w- C:\Windows\System32\igfxcmrt64.dll
    2012-02-14 16:53:08 177152 ----a-w- C:\Windows\SysWow64\iglhcp32.dll
    2012-02-10 06:36:07 1544192 ----a-w- C:\Windows\System32\DWrite.dll
    2012-02-10 05:38:43 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
    2012-02-07 10:02:40 1070352 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
    .
    ============= FINISH: 9:01:06,15 ===============

    I've also attached the zip'ed attach report from DDS.

    Thank you for your time and help! =)
    Attached Files Attached Files

  2. #2
    Emeritus- Malware Team
    Join Date
    Aug 2011
    Posts
    157

    Default

    Hi Mar_Rib,

    Firstly, welcome to the Safer-Networking Malware Removal Forum.
    My name is Scolabar, and I'll be helping you with your malware problems.
    Logs can take a while to research, so please be patient.
    If you no longer require help I would be grateful if you would let me know.

    Please note the following important guidelines before proceeding:
    1. The instructions that will be provided are for YOUR computer and system only!
      Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable
      !
    2. If you have any questions or do not understand something, please do not hesitate to ask, don't guess or assume.
    3. Only post your problem at One help site. Applying fixes from multiple help sites can cause problems.
    4. Only reply to this thread, do not start another. Please, continue responding, until I give you the All Clean.
      Absence of symptoms does not necessarily mean that everything is clear.
    5. DO NOT run any other fix or removal tools unless instructed to do so!
    6. DO NOT install any other software (or hardware) during the cleaning process. This adds more items to be researched.
    7. Print each set of instructions, if possible. Your Internet connection will not be available during some fix processes.
    8. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
    9. Note: No Reply Within 3 Days Will Result In Your Topic Being Closed!

    Please Note: If you haven't done so already, please read this topic "BEFORE You POST"(Please read this Procedure Before Requesting Assistance) where the conditions for receiving help here are explained.

    Windows 7 Advice:
    Please Note: The programs I ask you to use will need to be run in Administrator Mode.
    In order to do this Right-click on the program file and select the Run as Administrator option.
    Additionally, the built-in User Account Control (UAC) utility, if enabled, may prompt you for permission to run the program.
    If prompted, please click on the Allow button.
    Reference: User Account Control (UAC) and Running as Administrator

    Please be aware that removing Malware is a hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.
    In light of this, it would be advisable for you to back up any important files and folders that you don't want to lose before we start.


    If you follow these guidelines, things should proceed smoothly.
    I am currently reviewing your log and will return, as soon as possible, with additional instructions.

    Thank you for your patience.

    Scolabar
    Malware Removal University - You too could train to help others

  3. #3
    Emeritus- Malware Team
    Join Date
    Aug 2011
    Posts
    157

    Default

    Hi Mar_Rib,

    Thank you again for your patience.

    Please read these instructions carefully before executing and perform the steps, in the order given.
    lf, you have any questions about or problems with, executing these instructions, <STOP> do not proceed, post back with the question or problem before going any further.

    Before proceeding please make sure any open programs are closed.

    Step 1:
    Business Computer?

    Entries in the log provided lead me to believe this computer may connect to a business network.
    Please confirm whether or not this computer is a company-owned computer, a computer used for business or connects to a business network.
    If this is not the case, please proceed with Step 2 and clarify for what purposes this computer is used in your next post.

    Step 2:
    MGA Diagnostics

    1. Please download this tool from Microsoft and Save it to your Desktop.
    2. Right-click on MGADiag.exe and select the Run As Administrator option to launch the program. If you receive a UAC prompt, please allow it.
    3. Click on the Continue button to proceed.
    4. The program will now run. It will take a short while to complete its diagnosis, please be patient.
    5. When it has finished click on the Copy button.
    6. Click on Start and then click on the Start Search box in the Start Menu.
    7. Copy and Paste the following value into the open text entry box:

      • notepad

    8. Then click on the magnifying glass symbol or press Enter.
    9. This will open an empty Notepad file.
    10. Paste the copied contents into the new Notepad window and Save the file as mgadiag.txt to your Desktop.
    11. Click on the OK button to exit the MGA Diagnostics program.
    12. Then Copy and Paste the entire contents of mgadiag.txt into your next reply.

    Step 3:
    WVCheck

    1. Please download WVCheck and Save it to your Desktop.
    2. Right-click on WVCheck.exe and select the Run As Administrator option to launch the program. If you receive a UAC prompt, please allow it.
    3. Read the comments on the screen and then press Enter.
      The scan can take a while depending on the size of your hard drive.
    4. Once the program is finished, a scan report named WVCheck_hhmm_dd-mm-yyyy.txt will automatically saved to your Desktop and opened in Notepad.
    5. Please Copy and Paste the entire contents of WVCheck_hhmm_dd-mm-yyyy.txt into your next reply.

    Step 4:
    CKScanner

    1. Please download CKScanner and Save it to your Desktop.
      Make sure that CKScanner.exe is on your Desktop before running the application!
    2. Right-click on CKScanner.exe and select the Run As Administrator option to launch the program. If you receive a UAC prompt, please allow it.
    3. Then click on the Search For Files button.
    4. When the scan has finished (- the hourglass cursor will disappear when the scan has completed) click on the Save List To File button.
      A text file will be created on your Desktop named ckfiles.txt. A message box will verify the file saved.
      Note: Please run the program ONCE only.
    5. Click on the Exit button to close the program.
    6. Double-click on the ckfiles.txt file to open it.
    7. Then Copy and Paste the entire contents of the file into your next reply.

    Step 5:
    Include in Next Post

    1. Did you have any problems carrying out the instructions?
    2. Is this computer used for business purposes? Does the computer connect to a business network? If not, please clarify for what purposes the computer is used.
    3. mgadiag.txt.
    4. WVCheck_hhmm_dd-mm-yyyy.txt.
    5. ckfiles.txt.
    6. Do you have original Windows installation media for your PC?


    Scolabar
    --------------------------------------------------------------------------
    No Reply Within 3 Days Will Result In Your Topic Being Closed
    Malware Removal University - You too could train to help others

  4. #4
    Junior Member
    Join Date
    May 2012
    Location
    portugal
    Posts
    5

    Default

    Hello Scolabar,
    Firstly, thank you for your help.

    I had no difficulties, at least for now, with the instructuions. They're quite clear. As I'm portuguese, and english is not my native language, some technical vocabulary may be an issue (but in case of doubt I'll ask) and my spelling may be, sometimes, incorrect. Sorry for that! Said that, I'll continue.

    My computer is not used for business purposes. Personal use only. Sometimes I use school's wireless network that I configured as business network. But I believe that wasn't what you were referring to. So, my answer is no.

    Here it is the mgadiag.txt. I'm still a bit confused with this because you said it would take a short while to complete, but I pressed continue and a second after the diagnostic was finished...I don't know if something bad occured:

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 0
    Cached Online Validation Code: 0x0
    Windows Product Key: *****-*****-2QWT6-HCQXJ-9YQTR
    Windows Product Key Hash: PVjSC5x6njvqunmbCY3lOD7rYDo=
    Windows Product ID: 00359-OEM-8992687-00007
    Windows Product ID Type: 2
    Windows License Type: OEM SLP
    Windows OS version: 6.1.7601.2.00010300.1.0.003
    ID: {7CDE671D-0276-4218-8760-92ADD614A472}(1)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows 7 Home Premium
    Architecture: 0x00000009
    Build lab: 7601.win7sp1_gdr.120305-1505
    TTS Error:
    Validation Diagnostic:
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 103 Blocked VLK
    Microsoft Office Enterprise 2007 - 103 Blocked VLK
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files (x86)\Internet Explorer\iexplore.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{7CDE671D-0276-4218-8760-92ADD614A472}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010300.1.0.003</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-9YQTR</PKey><PID>00359-OEM-8992687-00007</PID><PIDType>2</PIDType><SID>S-1-5-21-3494332765-2371890562-776866448</SID><SYSTEM><Manufacturer>ASUSTeK Computer Inc.</Manufacturer><Model>N55SF</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>N55SF.207</Version><SMBIOSVersion major="2" minor="6"/><Date>20110829000000.000000+000</Date></BIOS><HWID>43223207018400FE</HWID><UserLCID>0816</UserLCID><SystemLCID>0816</SystemLCID><TimeZone>Hora padrão de GMT(GMT+00:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>_ASUS_</OEMID><OEMTableID>Notebook</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>103</Result><Products><Product GUID="{90120000-0030-0000-0000-0000000FF1CE}"><LegitResult>103</LegitResult><Name>Microsoft Office Enterprise 2007</Name><Ver>12</Ver><Val>ACD7202654E586</Val><Hash>fFic3JgCreGGRxyF8uMWB4R4Jcg=</Hash><Pid>89388-707-1528066-65488</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="12" Result="103"/><App Id="16" Version="12" Result="103"/><App Id="18" Version="12" Result="103"/><App Id="19" Version="12" Result="103"/><App Id="1A" Version="12" Result="103"/><App Id="1B" Version="12" Result="103"/><App Id="44" Version="12" Result="103"/><App Id="A1" Version="12" Result="103"/><App Id="BA" Version="12" Result="103"/></Applications></Office></Software></GenuineResults>

    Spsys.log Content: 0x80070002

    Licensing Data-->
    Versão do serviço de licenciamento de software: 6.1.7601.17514

    Nome: Windows(R) 7, HomePremium edition
    Descrição: Windows Operating System - Windows(R) 7, OEM_SLP channel
    ID da Activação: d2c04e90-c3dd-4260-b0f3-f845f5d27d64
    ID da Aplicação: 55c92734-d682-4d71-983e-d6ec3f16059f
    PID Expandido: 00359-00178-926-800007-02-1033-7600.0000-2092009
    ID da Instalação: 103945100771347876031204703693001654880335757805060443
    URL de Certificado do Processador: http://go.microsoft.com/fwlink/?LinkID=88338
    URL de Certificado do Computador: http://go.microsoft.com/fwlink/?LinkID=88339
    URL da Licença de Utilização: http://go.microsoft.com/fwlink/?LinkID=88341
    URL de Certificado da Chave do Produto: http://go.microsoft.com/fwlink/?LinkID=88340
    Chave de Produto Parcial: 9YQTR
    Estado da Licença: Licenciado
    Contagem de rearmamentos restantes do Windows: 1
    Hora fidedigna: 06-05-2012 11:03:11

    Windows Activation Technologies-->
    HrOffline: 0x00000000
    HrOnline: 0x00000000
    HealthStatus: 0x0000000000000000
    Event Time Stamp: 4:17:2012 13:32
    ActiveX: Registered, Version: 7.1.7600.16395
    Admin Service: Registered, Version: 7.1.7600.16395
    HealthStatus Bitmask Output:


    HWID Data-->
    HWID Hash Current: NAAAAAIAAQABAAIAAAABAAAABAABAAEAln0ks3cW0ily+1JA5tES6MqEsqEe1ki9SAYucw==

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes
    Windows marker version: 0x20001
    OEMID and OEMTableID Consistent: yes
    BIOS Information:
    ACPI Table Name OEMID Value OEMTableID Value
    APIC _ASUS_ Notebook
    FACP _ASUS_ Notebook
    DBGP _ASUS_ Notebook
    HPET _ASUS_ Notebook
    MCFG _ASUS_ Notebook
    ECDT _ASUS_ Notebook
    SLIC _ASUS_ Notebook
    SSDT PmRef Cpu0Ist
    SSDT PmRef Cpu0Ist
    ASF! INTEL HCG


    Now, here it goes the WVcheck.txt:

    Windows Validation Check
    Version: 1.9.12.5
    Log Created On: 1107_06-05-2012
    -----------------------

    Windows Information
    -----------------------
    Windows Version: Windows 7 Service Pack 1
    Windows Mode: Normal
    Systemroot Path: C:\Windows

    WVCheck's Auto Update Check
    -----------------------
    Auto-Update Option: Download updates and install them automatically.
    -----------------------
    Last Success Time for Update Detection: 2012-05-06 09:37:40
    Last Success Time for Update Download: 2012-05-04 13:11:42
    Last Success Time for Update Installation: 2012-05-04 13:11:46


    WVCheck's Registry Check Check
    -----------------------
    Antiwpa: Not Found
    -----------------------
    Chew7Hale: Not Found
    -----------------------


    WVCheck's File Dump
    -----------------------
    C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ELVD6SE5\_history;sz=300x250;tile=1;dcopt=ist;plat=pc;klg=pt-pt;kt=K;kga=-1;kr=F;kw=uma+antiga+manha;kgg=-1;kcr=us;dc_dedup=1;kmyd=ad_creative_1;ord=983828044806096[1].htm
    Size: 282 bytes
    Creation; 5/5/2012 19:31:30
    Modification; 5/5/2012 19:31:30
    MD5; 2003016856b6f37ffb2c07ee5854c491
    Matched: *AntiGA*
    -----------------------
    C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PJJNM0G3\history;sz=300x250;tile=1;dcopt=ist;plat=pc;klg=pt-pt;kt=K;kga=-1;kr=F;kw=uma+antiga+manha;kgg=-1;kcr=us;dc_dedup=1;kmyd=ad_creative_1;ord=2099731727538519[1].htm
    Size: 282 bytes
    Creation; 5/5/2012 19:31:37
    Modification; 5/5/2012 19:31:37
    MD5; 2003016856b6f37ffb2c07ee5854c491
    Matched: *AntiGA*
    -----------------------
    C:\Windows\System32\slwga.dll
    Size: 14336 bytes
    Creation; 18/2/2011 19:49:48
    Modification; 20/11/2010 12:21:26
    MD5; 19f75d71e4256f5113d64ce2bb66b838
    Matched: slwga.dll
    -----------------------
    C:\Windows\SysWOW64\slwga.dll
    Size: 14336 bytes
    Creation; 18/2/2011 19:49:48
    Modification; 20/11/2010 12:21:26
    MD5; 19f75d71e4256f5113d64ce2bb66b838
    Matched: slwga.dll
    -----------------------
    C:\Windows\winsxs\amd64_microsoft-windows-security-spp-wga_31bf3856ad364e35_6.1.7600.16385_none_5b467ba9bd0679bb\slwga.dll
    Size: 14848 bytes
    Creation; 14/7/2009 0:52:11
    Modification; 14/7/2009 2:41:54
    MD5; cc03cf9f24946dcbd70acb3e1b2f05bf
    Matched: slwga.dll
    -----------------------
    C:\Windows\winsxs\amd64_microsoft-windows-security-spp-wga_31bf3856ad364e35_6.1.7601.17514_none_5d778f71b9f4fd55\slwga.dll
    Size: 15360 bytes
    Creation; 18/2/2011 19:49:28
    Modification; 20/11/2010 13:27:28
    MD5; b6d6886149573278cba6abd44c4317f5
    Matched: slwga.dll
    -----------------------
    C:\Windows\winsxs\x86_microsoft-windows-security-spp-wga_31bf3856ad364e35_6.1.7600.16385_none_ff27e02604a90885\slwga.dll
    Size: 13824 bytes
    Creation; 14/7/2009 0:36:22
    Modification; 14/7/2009 2:16:15
    MD5; 01fe4bdd0b47a7d8bf34d78d2bc23ddb
    Matched: slwga.dll
    -----------------------
    C:\Windows\winsxs\x86_microsoft-windows-security-spp-wga_31bf3856ad364e35_6.1.7601.17514_none_0158f3ee01978c1f\slwga.dll
    Size: 14336 bytes
    Creation; 18/2/2011 19:49:48
    Modification; 20/11/2010 12:21:26
    MD5; 19f75d71e4256f5113d64ce2bb66b838
    Matched: slwga.dll
    -----------------------


    WVCheck's Dir Dump
    -----------------------
    WVCheck found no known bad directories.


    WVCheck's Missing File Check
    -----------------------
    WVCheck found no missing Windows files.


    WVCheck's MBAM Quarantine Check
    -----------------------
    There were no bad files quarantined by MBAM.


    WVCheck's HOSTS File Check
    -----------------------
    WVCheck found no bad lines in the hosts file.


    WVCheck's MD5 Check
    EXPERIMENTAL!!
    -----------------------
    user32.dll - 5e0db2d8b2750543cd2ebb9ea8e6cdd3


    -------- End of File, program close at 1110_06-05-2012 --------

    Concerning the CKScanner I didn't install it because I have malwarebytes installed on my pc and I didn't know if it would cause problems. Please tell me if I need to uninstall malware bytes.

    Finally, what do you mean with original Windows installation media?

    Mar_Rib

  5. #5
    Emeritus- Malware Team
    Join Date
    Aug 2011
    Posts
    157

    Default

    Hi Mar_Rib,

    I thought I had replied to your post, but evidently not. My apologies.

    Thank you for the logs and your feedback.

    Quote Originally Posted by Mar_Rib
    ... As I'm portuguese, and english is not my native language, some technical vocabulary may be an issue (but in case of doubt I'll ask) and my spelling may be, sometimes, incorrect. Sorry for that! Said that, I'll continue.
    No problem. I will try to keep the instructions simple. Just ask, if you have any questions.

    Quote Originally Posted by Mar_Rib
    ... Sometimes I use school's wireless network that I configured as business network. ...
    When you connect to the school's network, are you connecting to the school's servers or just using the school's network to browse the Internet?

    If you connect to the school's servers, it is very important you inform the school's IT department as soon as possible as any malware infection(s) could have been passed on.

    Quote Originally Posted by Mar_Rib
    Concerning the CKScanner I didn't install it because I have malwarebytes installed on my pc and I didn't know if it would cause problems. Please tell me if I need to uninstall malware bytes.
    You do not need to uninstall MalwareBytes' Anti-Malware.

    Please complete the instructions for the CKScanner tool and post the log in your next reply.

    Quote Originally Posted by Mar_Rib
    ... what do you mean with original Windows installation media?
    Do you have the original Windows 7 installation DVD for your computer?


    Scolabar
    --------------------------------------------------------------------------
    No Reply Within 3 Days Will Result In Your Topic Being Closed
    Malware Removal University - You too could train to help others

  6. #6
    Junior Member
    Join Date
    May 2012
    Location
    portugal
    Posts
    5

    Default

    Hi Scolabar.

    No problem..I'm patient.

    Concerning the network, I only use it to browse the internet.

    Moving on, here it is the ckscanner file:

    CKScanner - Additional Security Risks - These are not necessarily bad
    c:\users\user\documents\jogos\sims 3\crack\ts3.exe
    c:\users\user\documents\jogos\sims 3\crack\tslhost.dll
    c:\users\user\documents\jogos\sims 3\the sims 3\crack\ts3.exe
    c:\users\user\documents\jogos\sims 3\the.sims.3-crack only\crack.rar
    c:\users\user\documents\jogos\sims 3\the.sims.3-crack only\how to crack.txt
    c:\users\user\downloads\adobe photoshop cs5 extended\crack\adbe_crack - 32bit.rar
    c:\users\user\downloads\adobe photoshop cs5 extended\crack\adbe_crack - 64bit.rar
    c:\users\user\downloads\adobe photoshop cs5 extended\crack\apcs5 - crack read me.txt
    scanner sequence 3.CE.11.FNNAMI
    ----- EOF -----


    And yes, I have original windows installation media.

    p.s. Yesterday, after shuting down my PC and turned it on again appeared an error message of ERUNT saying it wasn't possible to save something..(I can't remember what...) and that I should make something manually! :|

    Mar_Rib

  7. #7
    Emeritus- Malware Team
    Join Date
    Aug 2011
    Posts
    157

    Default

    Hi Mar_Rib,

    Thank you for the CKScanner log and update regarding ERUNT.

    Again, please remember to read the instructions below carefully before executing and perform the steps, in the order given.
    If you have any questions about or problems executing these instructions, <STOP> do not proceed, post back with the question or problem before going any further.

    Before we proceed please make sure any open programs are closed.

    Step 1:
    Cracked/Pirated Software Detected!

    Having checked through your logs I can detect that cracked software has been downloaded and installed on this computer.

    c:\users\user\documents\jogos\sims 3\crack\ts3.exe
    c:\users\user\documents\jogos\sims 3\crack\tslhost.dll
    c:\users\user\documents\jogos\sims 3\the sims 3\crack\ts3.exe
    c:\users\user\documents\jogos\sims 3\the.sims.3-crack only\crack.rar
    c:\users\user\documents\jogos\sims 3\the.sims.3-crack only\how to crack.txt
    c:\users\user\downloads\adobe photoshop cs5 extended\crack\adbe_crack - 32bit.rar
    c:\users\user\downloads\adobe photoshop cs5 extended\crack\adbe_crack - 64bit.rar
    c:\users\user\downloads\adobe photoshop cs5 extended\crack\apcs5 - crack read me.txt

    In addition to the above, an illegal copy of Microsoft Office is installed on this computer:

    Microsoft Office Enterprise 2007

    This may or may not be related to your computer issues, however, if you wish to continue receiving assistance, then you must remove the above crack files and uninstall all illegal programs.

    May I draw your attention to THIS TOPIC.
    We do not support the use of illegal Pirated/Warez/Cracked software.

    If seeking help in our Malware removal forum please know that users who have programs obtained by such methods will be asked to remove them, since our help could otherwise be seen as aiding copyright violations. Aside from the legalities be aware malware authors prey on users looking to circumvent a software's protection mechanisms. There is a high risk of infection involved in downloading and running crack codes.
    Step 2:
    Re-Run CKScanner

    Please re-run CKScanner once only. Then Copy and Paste the contents of the ckfiles.txt log into your next reply.

    Step 3:
    Re-Run DDS

    Please re-run DDS. Then Copy and Paste the contents of the DDS.txt and Attach.txt files into your next post.

    Step 4:
    Include in Next Post

    1. Did you have any problems carrying out the instructions?
    2. ckfiles.txt.
    3. DDS.txt.
    4. Attach.txt.


    Scolabar
    --------------------------------------------------------------------------
    No Reply Within 3 Days Will Result In Your Topic Being Closed
    Malware Removal University - You too could train to help others

  8. #8
    Junior Member
    Join Date
    May 2012
    Location
    portugal
    Posts
    5

    Default

    Hi Scolabar,

    I removed all the the files you asked me to, but I really can't unistall office because it's essential for my work.

    I understand that you can't continue helping me with this issue, so thank you for your time and help!

    Mar_ Rib

  9. #9
    Emeritus- Malware Team
    Join Date
    Aug 2011
    Posts
    157

    Default

    Hi Mar_Rib,

    If Microsoft Office 2007 is, as you say, essential for your work, I would strongly advise that the illegal version of the software is removed and a legitimate copy of the software is purchased and installed in its place. A fully-functional Student version of the software can be purchased relatively cheaply.

    The continued use of P2P File Sharing software (- see the advisory below) and Cracked/Pirated software will not only eventually completely compromise your own computer but could also potentially compromise the rest of the computers on the school network.

    Advisory - P2P Software

    IMPORTANT: There are also signs of a P2P (Peer-to-Peer) File Sharing Program installed on your computer that I also advise should be uninstalled.

    µTorrent
    P2P File Sharing Programs are used as a major conduit for spreading malware infection to computer systems these days.

    P2P programs open up access to the computer on which the program is installed. The computer's settings are more often than not changed in a manner that renders the computer insecure and access to the computer remains open even when the program is not in use. Consequently, the system's security is completely compromised.

    So be aware that it is not just what is downloaded that causes problems, just having a P2P program installed is like leaving all the doors to your house unlocked.

    I advise you take the time to read the following articles that explain the risk of installing these programs:

    I will now arrange for this topic to be closed.


    Scolabar
    Malware Removal University - You too could train to help others

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •