View Full Version : Infected laptop
Hi, lately I have huge problems using internet. I have a virus redirecting google searches and slowing down the whole OS. Since one week I can barely login to my email box, this virus is always redirecting me to the sign in page once i login.
I tried to fix it with spybot but nothing happened, I also used Comodo but without results..
I installed the DDS but i got only the "attach" file, not the dds text.....I guess I really need help. :(
Hi, I am sorry, I forgot to attach the compressed file, here is the aswMBR log too:
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-12-04 17:59:36
-----------------------------
17:59:36.826 OS Version: Windows x64 6.1.7600
17:59:36.826 Number of processors: 4 586 0x2A07
17:59:36.826 ComputerName: ACER-PC UserName: acer
17:59:40.367 Initialize success
18:03:55.395 AVAST engine defs: 12120400
18:05:18.707 The log file has been saved successfully to "C:\Users\acer\Desktop\aswMBR.txt"
Hi,
IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.
µTorrent
I'd like you to read this thread (http://forums.spybot.info/showthread.php?t=282).
Please uninstall the programs listed above (in red).
After that see if you can run DDS to get dds.txt log this time too. Post back contents of both dds.txt & attach.txt.
Hi, thanx for your reply and sorry for that, I deleted it.
These are the contents of the logs, hope everything is fine now:
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16455 BrowserJavaVersion: 10.7.2
Run by acer at 21:56:25 on 2012-12-05
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.1899.627 [GMT 0:00]
.
AV: Rising Antivirus *Enabled/Updated* {C0AEEC5C-BBDB-2745-3E22-21BEC65323A5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Rising Antivirus *Enabled/Updated* {7BCF0DB8-9DE1-28CB-0492-1ACCBDD46918}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\Common Files\Comodo\launcher_service.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\Rising\RSD\RsMgrSvc.exe
C:\Program Files (x86)\Rising\RAV\RavMonD.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Launch Manager\dsiwmis.exe
C:\Program Files (x86)\Common Files\Comodo\GeekBuddyRSP.exe
C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\mSpot\mSpot\mSpot.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe
C:\Program Files (x86)\Rising\RAV\RsTray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\Comodo\GeekBuddy\unit_manager.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Comodo\GeekBuddy\unit.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Rising\RSD\popwndexe.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
C:\Windows\explorer.exe
"C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} -
mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} -
mWinlogon: Userinit = userinit.exe
BHO: Shopping Assistant Plugin: {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files (x86)\PriceGong\2.6.5\PriceGongIE.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} -
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: uTorrentBar Toolbar: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} -
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} -
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Google Update] "C:\Users\acer\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [mSpot] "C:\Program Files (x86)\mSpot\mSpot\mSpot.exe" -auto
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [NeroFilterCheck] C:\Program Files (x86)\Common Files\Ahead\Lib\NeroCheck.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [StormCodec_Helper] "C:\Program Files (x86)\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
mRun: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0"
mRun: [YouCam Mirror Tray icon] "C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe" /s
mRun: [RavTRAY] "C:\Program Files (x86)\Rising\RAV\RSTRAY.EXE" -system
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [tvncontrol] "C:\Program Files (x86)\Common Files\Comodo\tvnserver.exe" -controlservice -slave
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\STARTG~1.LNK - C:\Program Files (x86)\Comodo\GeekBuddy\launcher.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
LSP: mswsock.dll
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{E676497C-4607-4EF4-B2C8-FE4520CCD94F} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{E676497C-4607-4EF4-B2C8-FE4520CCD94F}\4505D2C494E4B4 : DHCPNameServer = 202.106.195.68 202.106.46.151
TCP: Interfaces\{E676497C-4607-4EF4-B2C8-FE4520CCD94F}\545383330337D236338366 : DHCPNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{E676497C-4607-4EF4-B2C8-FE4520CCD94F}\6687 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{E676497C-4607-4EF4-B2C8-FE4520CCD94F}\C46545F5356303 : DHCPNameServer = 172.16.0.130 172.16.0.129
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: SDWinLogon - SDWinLogon.dll
AppInit_DLLs= C:\Windows\SysWOW64\nvinit.dll C:\Windows\SysWOW64\guard32.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\acer\AppData\Roaming\Mozilla\Firefox\Profiles\n8pap6kd.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Nitro PDF\Reader 2\npdf.dll
FF - plugin: C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\acer\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Users\acer\AppData\Roaming\Mozilla\Firefox\Profiles\n8pap6kd.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\plugins\np-mswmp.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2012-11-18 09:48; {73a6fe31-595d-460b-a920-fcc0f8843232}; C:\Users\acer\AppData\Roaming\Mozilla\Firefox\Profiles\n8pap6kd.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=111304&tt=3412_1
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://www.google.com/search?babsrc=TB_ggl&q=
FF - user.js: extensions.BabylonToolbar.id - 06ecfc6b000000000000fe55f98c478b
FF - user.js: extensions.BabylonToolbar.instlDay - 15577
FF - user.js: extensions.BabylonToolbar.vrsn - 1.6.4.6
FF - user.js: extensions.BabylonToolbar.vrsni - 1.6.4.6
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.6.4.616:00:25
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - base
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
.
============= SERVICES / DRIVERS ===============
.
R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2011-10-24 25960]
R1 cmderd;COMODO Internet Security Eradication Driver;C:\Windows\System32\drivers\cmderd.sys [2012-11-7 22736]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\System32\drivers\cmdGuard.sys [2012-11-7 584056]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2011-10-26 270912]
R1 hooksys;hooksys;C:\Windows\System32\drivers\Hooksys.sys [2011-10-24 37016]
R1 HookTdi;HookTdi;C:\Windows\System32\drivers\HookTdi.sys [2011-10-24 30360]
R1 HyperVM;HyperVM;C:\Windows\System32\drivers\hvm.sys [2011-10-24 41784]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-10-24 317440]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2011-10-24 77424]
R3 NdisrdMP;NdisrdMP;C:\Windows\System32\drivers\Ndisrd.sys [2012-2-15 27648]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-9-30 80384]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-9-30 180736]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2011-10-24 326760]
S3 EsgScanner;EsgScanner;C:\Windows\System32\drivers\EsgScanner.sys [2012-11-27 22704]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2011-11-11 48488]
S3 Ndisrd;WinpkFilter Service;C:\Windows\System32\drivers\Ndisrd.sys [2012-2-15 27648]
.
=============== Created Last 30 ================
.
2012-12-05 07:03:43 15112160 ----a-w- C:\Program Files (x86)\Mozilla Firefox\xul.dll
2012-12-05 07:03:42 96224 ----a-w- C:\Program Files (x86)\Mozilla Firefox\webapprt-stub.exe
2012-12-05 07:03:42 19424 ----a-w- C:\Program Files (x86)\Mozilla Firefox\xpcom.dll
2012-12-05 07:03:40 157272 ----a-w- C:\Program Files (x86)\Mozilla Firefox\webapp-uninstaller.exe
2012-12-05 07:03:39 270816 ----a-w- C:\Program Files (x86)\Mozilla Firefox\updater.exe
2012-12-05 07:03:35 890048 ----a-w- C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe
2012-12-05 07:03:33 145376 ----a-w- C:\Program Files (x86)\Mozilla Firefox\ssl3.dll
2012-12-05 07:03:32 91104 ----a-w- C:\Program Files (x86)\Mozilla Firefox\smime3.dll
2012-12-05 07:03:32 155104 ----a-w- C:\Program Files (x86)\Mozilla Firefox\softokn3.dll
2012-12-05 07:03:31 16864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
2012-12-05 07:03:30 21472 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plc4.dll
2012-12-05 07:03:30 20960 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plds4.dll
2012-12-04 08:41:28 37976 ----a-w- C:\Windows\SysWow64\drivers\CFRMD.sys
2012-12-03 18:16:59 -------- d-----w- C:\Windows\ERUNT
2012-12-03 18:15:56 -------- d-----w- C:\JRT
2012-11-28 17:48:50 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-11-28 17:48:30 17272 ----a-w- C:\Windows\System32\sdnclean64.exe
2012-11-28 17:48:09 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2012-11-28 17:47:11 -------- d-----w- C:\Users\acer\AppData\Local\Programs
2012-11-27 18:18:24 22704 ----a-w- C:\Windows\System32\drivers\EsgScanner.sys
2012-11-27 18:18:05 110080 ----a-r- C:\Users\acer\AppData\Roaming\Microsoft\Installer\{83B952C7-F8F3-4CA3-B4C5-33C85B24E478}\Icon1226A4C5.exe
2012-11-27 18:18:04 110080 ----a-r- C:\Users\acer\AppData\Roaming\Microsoft\Installer\{83B952C7-F8F3-4CA3-B4C5-33C85B24E478}\IconD7F16134.exe
2012-11-27 18:18:03 110080 ----a-r- C:\Users\acer\AppData\Roaming\Microsoft\Installer\{83B952C7-F8F3-4CA3-B4C5-33C85B24E478}\IconF7A21AF7.exe
2012-11-27 18:17:55 -------- d-----w- C:\sh4ldr
2012-11-27 18:15:20 -------- d-----w- C:\Windows\83B952C7F8F34CA3B4C533C85B24E478.TMP
2012-11-27 18:15:15 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2012-11-26 23:27:11 -------- d-----w- C:\Users\acer\AppData\Roaming\SpeedMaxPc
2012-11-26 23:27:11 -------- d-----w- C:\Users\acer\AppData\Roaming\DriverCure
2012-11-26 23:26:43 -------- d-----w- C:\Program Files (x86)\Common Files\SpeedMaxPc
2012-11-26 23:26:37 -------- d-----w- C:\ProgramData\SpeedMaxPc
2012-11-26 23:26:37 -------- d-----w- C:\Program Files (x86)\SpeedMaxPc
2012-11-19 20:11:47 -------- d--h--w- C:\VritualRoot
2012-11-18 09:39:16 -------- d-----w- C:\Program Files (x86)\Common Files\Comodo
2012-11-18 09:37:12 -------- d-----w- C:\ProgramData\CPA_VA
2012-11-18 00:08:26 -------- d-----w- C:\ProgramData\Comodo
2012-11-18 00:08:23 -------- d-----w- C:\Program Files\COMODO
2012-11-18 00:08:05 -------- d-----w- C:\Users\acer\AppData\Local\Comodo
2012-11-18 00:08:02 50952 ----a-w- C:\Windows\System32\certsentry.dll
2012-11-18 00:07:50 -------- d-----w- C:\Program Files (x86)\Comodo
2012-11-15 16:12:13 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-11-15 07:38:17 9728 ----a-w- C:\Windows\System32\Wdfres.dll
2012-11-15 07:38:17 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
2012-11-15 07:38:17 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys
2012-11-15 07:38:17 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2012-11-14 23:44:02 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
2012-11-14 23:44:02 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
2012-11-14 23:43:59 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
2012-11-14 23:43:59 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
2012-11-14 23:43:57 744448 ----a-w- C:\Windows\System32\WUDFx.dll
2012-11-14 23:43:57 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
2012-11-14 23:43:57 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
2012-11-14 19:21:59 -------- d-----w- C:\Users\acer\AppData\Roaming\Foxit Software
2012-11-14 07:22:38 3147264 ----a-w- C:\Windows\System32\win32k.sys
2012-11-14 07:21:24 95744 ----a-w- C:\Windows\System32\synceng.dll
2012-11-14 07:21:24 78336 ----a-w- C:\Windows\SysWow64\synceng.dll
2012-11-13 07:05:32 9291768 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B92BAB28-8348-4E0B-B7F7-F39E058A29E3}\mpengine.dll
2012-11-11 13:50:36 -------- d-----w- C:\Program Files (x86)\Image-Line
2012-11-08 22:13:47 -------- d-----w- C:\Program Files (x86)\ASIO4ALL v2
2012-11-08 18:30:17 -------- d-----w- C:\Program Files (x86)\VstPlugins
2012-11-08 18:29:36 1554944 ----a-w- C:\Windows\SysWow64\vorbis.acm
2012-11-08 18:29:27 -------- d-----w- C:\Program Files (x86)\Outsim
2012-11-08 18:23:34 1700352 ----a-w- C:\Windows\SysWow64\gdiplus.dll
2012-11-07 23:38:02 38144 ----a-w- C:\Windows\System32\drivers\cmdhlp.sys
2012-11-07 23:38:00 584056 ----a-w- C:\Windows\System32\drivers\cmdGuard.sys
2012-11-07 23:37:58 22736 ----a-w- C:\Windows\System32\drivers\cmderd.sys
2012-11-07 23:37:38 41240 ----a-w- C:\Windows\System32\cmdcsr.dll
2012-11-07 23:37:36 301264 ----a-w- C:\Windows\SysWow64\guard32.dll
2012-11-07 23:37:32 390392 ----a-w- C:\Windows\System32\guard64.dll
2012-11-06 19:45:46 -------- d-----w- C:\Program Files (x86)\Foxit Software
.
==================== Find3M ====================
.
2012-12-04 08:41:28 37976 ----a-w- C:\Windows\inf\CFRMD\cfrmd.sys
2012-10-11 10:06:05 41784 ------w- C:\Windows\System32\drivers\hvm.sys
2012-10-08 11:31:03 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-10-08 11:23:52 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-10-08 11:22:55 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-10-08 11:18:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-10-08 11:17:35 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-10-08 11:13:33 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-10-08 07:56:24 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-10-08 07:48:03 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-10-08 07:47:44 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-10-08 07:44:05 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-10-08 07:43:21 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-10-08 07:40:56 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-09-28 16:55:43 338432 ----a-w- C:\Windows\SysWow64\REX Shared Library.dll
2012-09-28 16:55:41 406528 ----a-w- C:\Windows\SysWow64\ReWire.dll
2012-09-14 19:23:40 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-09-14 18:30:38 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-09-08 10:04:56 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-08 10:04:26 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-09-08 10:04:23 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll
.
============= FINISH: 22:00:12.43 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 24/10/2011 01:59:52
System Uptime: 05/12/2012 06:58:44 (16 hours ago)
.
Motherboard: Acer | | JE30
Processor: Intel(R) Core(TM) i3-2310M CPU @ 2.10GHz | CPU1 | 798/1333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 155 GiB total, 25.401 GiB free.
D: is FIXED (NTFS) - 310 GiB total, 125.279 GiB free.
H: is CDROM ()
I: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP288: 30/11/2012 00:03:03 - Scheduled Checkpoint
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
µTorrent
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin 64-bit
Adobe Reader 9
Any Audio Converter 3.5.5
Any Video Converter 3.1.0
ASIO4ALL
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
Atheros Driver Installation Program
Bing Bar
COMODO Internet Security
CyberLink YouCam
D3DX10
DAEMON Tools Lite
ERUNT 1.1j
Firebird SQL Server - MAGIX Edition
FL Studio 10
foobar2000 v1.1.8
Football Manager 2011
Football Manager 2012
Foxit Reader
GeekBuddy
Google Chrome
Identity Card
IL Download Manager
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Java 7 Update 7
Java Auto Updater
Junk Mail filter update
Launch Manager
MAGIX Music Maker MX Production Suite Download Version
MAGIX Screenshare
MAGIX Speed burnR (MSI)
McAfee Security Scan Plus
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 17.0.1 (x86 en-US)
Mozilla Maintenance Service
mSpot
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
Nero Premium 7.5.9.0 Reduced
Nitro Reader 2
NVIDIA Control Panel 266.96
NVIDIA Graphics Driver 266.96
NVIDIA Install Application
NVIDIA Optimus 1.0.21
NVIDIA Update Components
PriceGong 2.6.5
Raccolta foto di Windows Live
Realtek PCIE Card Reader
Reason 5.0
Renesas Electronics USB 3.0 Host Controller Driver
Rising Antivirus
Rising Software Deployment System
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687314) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2687315) 32-Bit Edition
Skype 5.1
SpeedMaxPc
Spybot - Search & Destroy
SpyHunter
Storm Codec
Synaptics Pointing Device Driver
Text-To-Speech-Runtime
Thief - Deadly Shadows Collective Texture Pack by John P., ver. 1.0.3
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2760413) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
uTorrentBar Toolbar
VLC media player 2.0.1
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR archiver
.
==== Event Viewer Messages From Past Week ========
.
30/11/2012 17:45:23, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.
30/11/2012 07:04:14, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
30/11/2012 07:02:58, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR2.
29/11/2012 17:41:56, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Schedule service.
28/11/2012 21:15:21, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
28/11/2012 17:14:29, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
05/12/2012 20:51:19, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
05/12/2012 20:51:19, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891
05/12/2012 07:02:27, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk3\DR3.
05/12/2012 06:59:38, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: CFRMD
05/12/2012 06:59:21, Error: Service Control Manager [7003] - The Spybot-S&D 2 Security Center Service service depends the following service: wscsvc. This service might not be installed.
05/12/2012 06:59:09, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
05/12/2012 06:59:09, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
05/12/2012 06:59:07, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
05/12/2012 06:58:59, Error: Service Control Manager [7000] - The SpyHunter 4 Service service failed to start due to the following error: The system cannot find the file specified.
04/12/2012 07:50:32, Error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.
03/12/2012 17:58:19, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.
03/12/2012 17:58:19, Error: Service Control Manager [7000] - The Spybot-S&D 2 Scanner Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================
the torrent program still appears even if i deleted it before running dds. I'll restart the computer and try again...
Hi,
Did you get uTorrent removed?
Hi, yes. I deleted all related files I could find on my laptop. On my pc no traces of utorrent anymore.
Here below the latest dds log and "attach" zip. file in attachment.
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16455 BrowserJavaVersion: 10.7.2
Run by acer at 17:54:58 on 2012-12-06
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.1899.448 [GMT 0:00]
.
AV: Rising Antivirus *Enabled/Updated* {C0AEEC5C-BBDB-2745-3E22-21BEC65323A5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Rising Antivirus *Enabled/Updated* {7BCF0DB8-9DE1-28CB-0492-1ACCBDD46918}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\Common Files\Comodo\launcher_service.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\Rising\RSD\RsMgrSvc.exe
C:\Program Files (x86)\Rising\RAV\RavMonD.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Launch Manager\dsiwmis.exe
C:\Program Files (x86)\Common Files\Comodo\GeekBuddyRSP.exe
C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\mSpot\mSpot\mSpot.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
C:\Program Files (x86)\Comodo\GeekBuddy\unit_manager.exe
C:\Program Files (x86)\Comodo\GeekBuddy\unit.exe
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Rising\RSD\popwndexe.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
C:\Program Files (x86)\Microsoft\BingBar\BingBar.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Microsoft\BingBar\BingApp.exe
C:\Program Files (x86)\skype\Phone\Skype.exe
C:\Program Files (x86)\skype\Phone\ContentFilter.exe
C:\PROGRAM FILES (X86)\RISING\RAV\RSTRAY.EXE
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
"C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} -
mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} -
mWinlogon: Userinit = userinit.exe
BHO: Shopping Assistant Plugin: {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files (x86)\PriceGong\2.6.5\PriceGongIE.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} -
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: uTorrentBar Toolbar: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} -
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} -
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Google Update] "C:\Users\acer\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [mSpot] "C:\Program Files (x86)\mSpot\mSpot\mSpot.exe" -auto
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [NeroFilterCheck] C:\Program Files (x86)\Common Files\Ahead\Lib\NeroCheck.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [StormCodec_Helper] "C:\Program Files (x86)\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
mRun: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0"
mRun: [YouCam Mirror Tray icon] "C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe" /s
mRun: [RavTRAY] "C:\Program Files (x86)\Rising\RAV\RSTRAY.EXE" -system
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [tvncontrol] "C:\Program Files (x86)\Common Files\Comodo\tvnserver.exe" -controlservice -slave
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\STARTG~1.LNK - C:\Program Files (x86)\Comodo\GeekBuddy\launcher.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
LSP: mswsock.dll
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{E676497C-4607-4EF4-B2C8-FE4520CCD94F} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{E676497C-4607-4EF4-B2C8-FE4520CCD94F}\4505D2C494E4B4 : DHCPNameServer = 202.106.195.68 202.106.46.151
TCP: Interfaces\{E676497C-4607-4EF4-B2C8-FE4520CCD94F}\545383330337D236338366 : DHCPNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{E676497C-4607-4EF4-B2C8-FE4520CCD94F}\6687 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{E676497C-4607-4EF4-B2C8-FE4520CCD94F}\C46545F5356303 : DHCPNameServer = 172.16.0.130 172.16.0.129
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: SDWinLogon - SDWinLogon.dll
AppInit_DLLs= C:\Windows\SysWOW64\nvinit.dll C:\Windows\SysWOW64\guard32.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\acer\AppData\Roaming\Mozilla\Firefox\Profiles\n8pap6kd.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Nitro PDF\Reader 2\npdf.dll
FF - plugin: C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\acer\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Users\acer\AppData\Roaming\Mozilla\Firefox\Profiles\n8pap6kd.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\plugins\np-mswmp.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2012-11-18 09:48; {73a6fe31-595d-460b-a920-fcc0f8843232}; C:\Users\acer\AppData\Roaming\Mozilla\Firefox\Profiles\n8pap6kd.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=111304&tt=3412_1
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://www.google.com/search?babsrc=TB_ggl&q=
FF - user.js: extensions.BabylonToolbar.id - 06ecfc6b000000000000fe55f98c478b
FF - user.js: extensions.BabylonToolbar.instlDay - 15577
FF - user.js: extensions.BabylonToolbar.vrsn - 1.6.4.6
FF - user.js: extensions.BabylonToolbar.vrsni - 1.6.4.6
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.6.4.616:00:25
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - base
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
.
============= SERVICES / DRIVERS ===============
.
R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2011-10-24 25960]
R1 cmderd;COMODO Internet Security Eradication Driver;C:\Windows\System32\drivers\cmderd.sys [2012-11-7 22736]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\System32\drivers\cmdGuard.sys [2012-11-7 584056]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2011-10-26 270912]
R1 hooksys;hooksys;C:\Windows\System32\drivers\Hooksys.sys [2011-10-24 37016]
R1 HookTdi;HookTdi;C:\Windows\System32\drivers\HookTdi.sys [2011-10-24 30360]
R1 HyperVM;HyperVM;C:\Windows\System32\drivers\hvm.sys [2011-10-24 41784]
R2 CLPSLauncher;COMODO LPS Launcher;C:\Program Files (x86)\Common Files\Comodo\launcher_service.exe [2012-11-1 70352]
R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2011-1-18 313424]
R2 Fabs;FABS - Helping agent for MAGIX media database;C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2011-5-24 1840128]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-10-24 317440]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2011-10-24 77424]
R3 NdisrdMP;NdisrdMP;C:\Windows\System32\drivers\Ndisrd.sys [2012-2-15 27648]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-9-30 80384]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-9-30 180736]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-4-1 183560]
S3 EsgScanner;EsgScanner;C:\Windows\System32\drivers\EsgScanner.sys [2012-11-27 22704]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2011-4-26 2702848]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2011-11-11 48488]
S3 Ndisrd;WinpkFilter Service;C:\Windows\System32\drivers\Ndisrd.sys [2012-2-15 27648]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2011-10-24 326760]
.
=============== Created Last 30 ================
.
2012-12-05 07:03:43 15112160 ----a-w- C:\Program Files (x86)\Mozilla Firefox\xul.dll
2012-12-05 07:03:42 96224 ----a-w- C:\Program Files (x86)\Mozilla Firefox\webapprt-stub.exe
2012-12-05 07:03:42 19424 ----a-w- C:\Program Files (x86)\Mozilla Firefox\xpcom.dll
2012-12-05 07:03:40 157272 ----a-w- C:\Program Files (x86)\Mozilla Firefox\webapp-uninstaller.exe
2012-12-05 07:03:39 270816 ----a-w- C:\Program Files (x86)\Mozilla Firefox\updater.exe
2012-12-05 07:03:35 890048 ----a-w- C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe
2012-12-05 07:03:33 145376 ----a-w- C:\Program Files (x86)\Mozilla Firefox\ssl3.dll
2012-12-05 07:03:32 91104 ----a-w- C:\Program Files (x86)\Mozilla Firefox\smime3.dll
2012-12-05 07:03:32 155104 ----a-w- C:\Program Files (x86)\Mozilla Firefox\softokn3.dll
2012-12-05 07:03:31 16864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
2012-12-05 07:03:30 21472 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plc4.dll
2012-12-05 07:03:30 20960 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plds4.dll
2012-12-04 08:41:28 37976 ----a-w- C:\Windows\SysWow64\drivers\CFRMD.sys
2012-12-03 18:16:59 -------- d-----w- C:\Windows\ERUNT
2012-12-03 18:15:56 -------- d-----w- C:\JRT
2012-11-28 17:48:50 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-11-28 17:48:30 17272 ----a-w- C:\Windows\System32\sdnclean64.exe
2012-11-28 17:48:09 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2012-11-28 17:47:11 -------- d-----w- C:\Users\acer\AppData\Local\Programs
2012-11-27 18:18:24 22704 ----a-w- C:\Windows\System32\drivers\EsgScanner.sys
2012-11-27 18:18:05 110080 ----a-r- C:\Users\acer\AppData\Roaming\Microsoft\Installer\{83B952C7-F8F3-4CA3-B4C5-33C85B24E478}\Icon1226A4C5.exe
2012-11-27 18:18:04 110080 ----a-r- C:\Users\acer\AppData\Roaming\Microsoft\Installer\{83B952C7-F8F3-4CA3-B4C5-33C85B24E478}\IconD7F16134.exe
2012-11-27 18:18:03 110080 ----a-r- C:\Users\acer\AppData\Roaming\Microsoft\Installer\{83B952C7-F8F3-4CA3-B4C5-33C85B24E478}\IconF7A21AF7.exe
2012-11-27 18:17:55 -------- d-----w- C:\sh4ldr
2012-11-27 18:15:20 -------- d-----w- C:\Windows\83B952C7F8F34CA3B4C533C85B24E478.TMP
2012-11-27 18:15:15 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2012-11-26 23:27:11 -------- d-----w- C:\Users\acer\AppData\Roaming\SpeedMaxPc
2012-11-26 23:27:11 -------- d-----w- C:\Users\acer\AppData\Roaming\DriverCure
2012-11-26 23:26:43 -------- d-----w- C:\Program Files (x86)\Common Files\SpeedMaxPc
2012-11-26 23:26:37 -------- d-----w- C:\ProgramData\SpeedMaxPc
2012-11-26 23:26:37 -------- d-----w- C:\Program Files (x86)\SpeedMaxPc
2012-11-19 20:11:47 -------- d--h--w- C:\VritualRoot
2012-11-18 09:39:16 -------- d-----w- C:\Program Files (x86)\Common Files\Comodo
2012-11-18 09:37:12 -------- d-----w- C:\ProgramData\CPA_VA
2012-11-18 00:08:26 -------- d-----w- C:\ProgramData\Comodo
2012-11-18 00:08:23 -------- d-----w- C:\Program Files\COMODO
2012-11-18 00:08:05 -------- d-----w- C:\Users\acer\AppData\Local\Comodo
2012-11-18 00:08:02 50952 ----a-w- C:\Windows\System32\certsentry.dll
2012-11-18 00:07:50 -------- d-----w- C:\Program Files (x86)\Comodo
2012-11-15 16:12:13 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-11-15 07:38:17 9728 ----a-w- C:\Windows\System32\Wdfres.dll
2012-11-15 07:38:17 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
2012-11-15 07:38:17 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys
2012-11-15 07:38:17 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2012-11-14 23:44:02 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
2012-11-14 23:44:02 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
2012-11-14 23:43:59 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
2012-11-14 23:43:59 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
2012-11-14 23:43:57 744448 ----a-w- C:\Windows\System32\WUDFx.dll
2012-11-14 23:43:57 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
2012-11-14 23:43:57 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
2012-11-14 19:21:59 -------- d-----w- C:\Users\acer\AppData\Roaming\Foxit Software
2012-11-14 07:22:38 3147264 ----a-w- C:\Windows\System32\win32k.sys
2012-11-14 07:21:24 95744 ----a-w- C:\Windows\System32\synceng.dll
2012-11-14 07:21:24 78336 ----a-w- C:\Windows\SysWow64\synceng.dll
2012-11-13 07:05:32 9291768 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B92BAB28-8348-4E0B-B7F7-F39E058A29E3}\mpengine.dll
2012-11-11 13:50:36 -------- d-----w- C:\Program Files (x86)\Image-Line
2012-11-08 22:13:47 -------- d-----w- C:\Program Files (x86)\ASIO4ALL v2
2012-11-08 18:30:17 -------- d-----w- C:\Program Files (x86)\VstPlugins
2012-11-08 18:29:36 1554944 ----a-w- C:\Windows\SysWow64\vorbis.acm
2012-11-08 18:29:27 -------- d-----w- C:\Program Files (x86)\Outsim
2012-11-08 18:23:34 1700352 ----a-w- C:\Windows\SysWow64\gdiplus.dll
2012-11-07 23:38:02 38144 ----a-w- C:\Windows\System32\drivers\cmdhlp.sys
2012-11-07 23:38:00 584056 ----a-w- C:\Windows\System32\drivers\cmdGuard.sys
2012-11-07 23:37:58 22736 ----a-w- C:\Windows\System32\drivers\cmderd.sys
2012-11-07 23:37:38 41240 ----a-w- C:\Windows\System32\cmdcsr.dll
2012-11-07 23:37:36 301264 ----a-w- C:\Windows\SysWow64\guard32.dll
2012-11-07 23:37:32 390392 ----a-w- C:\Windows\System32\guard64.dll
2012-11-06 19:45:46 -------- d-----w- C:\Program Files (x86)\Foxit Software
.
==================== Find3M ====================
.
2012-12-04 08:41:28 37976 ----a-w- C:\Windows\inf\CFRMD\cfrmd.sys
2012-10-11 10:06:05 41784 ------w- C:\Windows\System32\drivers\hvm.sys
2012-10-08 11:31:03 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-10-08 11:23:52 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-10-08 11:22:55 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-10-08 11:18:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-10-08 11:17:35 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-10-08 11:13:33 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-10-08 07:56:24 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-10-08 07:48:03 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-10-08 07:47:44 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-10-08 07:44:05 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-10-08 07:43:21 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-10-08 07:40:56 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-09-28 16:55:43 338432 ----a-w- C:\Windows\SysWow64\REX Shared Library.dll
2012-09-28 16:55:41 406528 ----a-w- C:\Windows\SysWow64\ReWire.dll
2012-09-14 19:23:40 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-09-14 18:30:38 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-09-08 10:04:56 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-08 10:04:26 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-09-08 10:04:23 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll
.
============= FINISH: 17:58:24.91 ===============
Hi
Please visit this webpage for download links, and instructions for running ComboFix tool:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Please ensure you read this guide carefully first.
Please continue as follows:
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link (http://www.bleepingcomputer.com/forums/topic114351.html)
Remember to re-enable them afterwards.
Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.
Please include the following reports for further review, and so we may continue cleansing the system:
C:\ComboFix.txt
New dds log.
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
Hi, i did run combofix, but it didn't open any log automatically, what should i do now?
by the way, looks like the redirecting virus disappeared and i can now login to my email box again....
here below the new dds log.
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16455 BrowserJavaVersion: 10.7.2
Run by acer at 19:26:02 on 2012-12-07
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.1899.333 [GMT 0:00]
.
AV: Rising Antivirus *Enabled/Updated* {C0AEEC5C-BBDB-2745-3E22-21BEC65323A5}
AV: COMODO Antivirus *Enabled/Updated* {458BB331-2324-0753-3D5F-1472EB102AC0}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Disabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: COMODO Defense+ *Enabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
SP: Rising Antivirus *Enabled/Updated* {7BCF0DB8-9DE1-28CB-0492-1ACCBDD46918}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\Common Files\Comodo\launcher_service.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\Rising\RSD\RsMgrSvc.exe
C:\Program Files (x86)\Rising\RAV\RavMonD.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Launch Manager\dsiwmis.exe
C:\Program Files (x86)\Common Files\Comodo\GeekBuddyRSP.exe
C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\mSpot\mSpot\mSpot.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files (x86)\Comodo\GeekBuddy\unit_manager.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\Comodo\GeekBuddy\unit.exe
C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe
C:\Program Files (x86)\Rising\RAV\RsTray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Rising\RSD\popwndexe.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} -
mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} -
BHO: Shopping Assistant Plugin: {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files (x86)\PriceGong\2.6.5\PriceGongIE.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} -
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: uTorrentBar Toolbar: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} -
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} -
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Google Update] "C:\Users\acer\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [mSpot] "C:\Program Files (x86)\mSpot\mSpot\mSpot.exe" -auto
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [NeroFilterCheck] C:\Program Files (x86)\Common Files\Ahead\Lib\NeroCheck.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [StormCodec_Helper] "C:\Program Files (x86)\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
mRun: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0"
mRun: [YouCam Mirror Tray icon] "C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe" /s
mRun: [RavTRAY] "C:\Program Files (x86)\Rising\RAV\RSTRAY.EXE" -system
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [tvncontrol] "C:\Program Files (x86)\Common Files\Comodo\tvnserver.exe" -controlservice -slave
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\STARTG~1.LNK - C:\Program Files (x86)\Comodo\GeekBuddy\launcher.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
LSP: mswsock.dll
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{E676497C-4607-4EF4-B2C8-FE4520CCD94F} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{E676497C-4607-4EF4-B2C8-FE4520CCD94F}\4505D2C494E4B4 : DHCPNameServer = 202.106.195.68 202.106.46.151
TCP: Interfaces\{E676497C-4607-4EF4-B2C8-FE4520CCD94F}\545383330337D236338366 : DHCPNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{E676497C-4607-4EF4-B2C8-FE4520CCD94F}\6687 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{E676497C-4607-4EF4-B2C8-FE4520CCD94F}\C46545F5356303 : DHCPNameServer = 172.16.0.130 172.16.0.129
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: SDWinLogon - SDWinLogon.dll
AppInit_DLLs= C:\Windows\SysWOW64\nvinit.dll C:\Windows\SysWOW64\guard32.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\acer\AppData\Roaming\Mozilla\Firefox\Profiles\n8pap6kd.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Nitro PDF\Reader 2\npdf.dll
FF - plugin: C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\acer\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Users\acer\AppData\Roaming\Mozilla\Firefox\Profiles\n8pap6kd.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\plugins\np-mswmp.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2012-11-18 09:48; {73a6fe31-595d-460b-a920-fcc0f8843232}; C:\Users\acer\AppData\Roaming\Mozilla\Firefox\Profiles\n8pap6kd.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=111304&tt=3412_1
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://www.google.com/search?babsrc=TB_ggl&q=
FF - user.js: extensions.BabylonToolbar.id - 06ecfc6b000000000000fe55f98c478b
FF - user.js: extensions.BabylonToolbar.instlDay - 15577
FF - user.js: extensions.BabylonToolbar.vrsn - 1.6.4.6
FF - user.js: extensions.BabylonToolbar.vrsni - 1.6.4.6
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.6.4.616:00:25
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - base
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
.
============= SERVICES / DRIVERS ===============
.
R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2011-10-24 25960]
R1 cmderd;COMODO Internet Security Eradication Driver;C:\Windows\System32\drivers\cmderd.sys [2012-11-7 22736]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\System32\drivers\cmdGuard.sys [2012-11-7 584056]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2011-10-26 270912]
R1 hooksys;hooksys;C:\Windows\System32\drivers\Hooksys.sys [2011-10-24 37016]
R1 HookTdi;HookTdi;C:\Windows\System32\drivers\HookTdi.sys [2011-10-24 30360]
R1 HyperVM;HyperVM;C:\Windows\System32\drivers\hvm.sys [2011-10-24 41784]
R2 CLPSLauncher;COMODO LPS Launcher;C:\Program Files (x86)\Common Files\Comodo\launcher_service.exe [2012-11-1 70352]
R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2011-1-18 313424]
R2 Fabs;FABS - Helping agent for MAGIX media database;C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2011-5-24 1840128]
R2 GeekBuddyRSP;GeekBuddy Remote Screen Protocol;C:\Program Files (x86)\Common Files\Comodo\GeekBuddyRSP.exe [2012-10-31 1467088]
R2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe [2011-12-20 341800]
R2 RsMgrSvc;Rsd Service;C:\Program Files (x86)\Rising\RSD\RsMgrSvc.exe [2011-10-24 150168]
R2 RsRavMon;Rav Service;C:\Program Files (x86)\Rising\RAV\RavMonD.exe [2011-10-24 264448]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2012-11-28 1369624]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2012-11-28 168384]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-10-24 2656280]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-10-24 317440]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2011-10-24 77424]
R3 NdisrdMP;NdisrdMP;C:\Windows\System32\drivers\Ndisrd.sys [2012-2-15 27648]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-9-30 80384]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-9-30 180736]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2012-11-28 1103392]
S2 SpyHunter 4 Service;SpyHunter 4 Service;C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE --> C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [?]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-4-1 183560]
S3 EsgScanner;EsgScanner;C:\Windows\System32\drivers\EsgScanner.sys [2012-11-27 22704]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2011-4-26 2702848]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2011-11-11 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 Ndisrd;WinpkFilter Service;C:\Windows\System32\drivers\Ndisrd.sys [2012-2-15 27648]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2011-10-24 326760]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-4-23 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
.
=============== Created Last 30 ================
.
2012-12-07 19:09:42 9125352 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D986DE61-2592-4716-AB5B-05C3BC6709BE}\mpengine.dll
2012-12-07 18:36:46 256000 ----a-w- C:\Windows\PEV.exe
2012-12-07 18:36:46 208896 ----a-w- C:\Windows\MBR.exe
2012-12-07 18:36:45 98816 ----a-w- C:\Windows\sed.exe
2012-12-07 18:36:26 -------- d-s---w- C:\ComboFix
2012-12-05 07:03:43 15112160 ----a-w- C:\Program Files (x86)\Mozilla Firefox\xul.dll
2012-12-05 07:03:42 96224 ----a-w- C:\Program Files (x86)\Mozilla Firefox\webapprt-stub.exe
2012-12-05 07:03:42 19424 ----a-w- C:\Program Files (x86)\Mozilla Firefox\xpcom.dll
2012-12-05 07:03:40 157272 ----a-w- C:\Program Files (x86)\Mozilla Firefox\webapp-uninstaller.exe
2012-12-05 07:03:39 270816 ----a-w- C:\Program Files (x86)\Mozilla Firefox\updater.exe
2012-12-05 07:03:35 890048 ----a-w- C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe
2012-12-05 07:03:33 145376 ----a-w- C:\Program Files (x86)\Mozilla Firefox\ssl3.dll
2012-12-05 07:03:32 91104 ----a-w- C:\Program Files (x86)\Mozilla Firefox\smime3.dll
2012-12-05 07:03:32 155104 ----a-w- C:\Program Files (x86)\Mozilla Firefox\softokn3.dll
2012-12-05 07:03:31 16864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
2012-12-05 07:03:30 21472 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plc4.dll
2012-12-05 07:03:30 20960 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plds4.dll
2012-12-04 08:41:28 37976 ----a-w- C:\Windows\SysWow64\drivers\CFRMD.sys
2012-12-03 18:16:59 -------- d-----w- C:\Windows\ERUNT
2012-12-03 18:15:56 -------- d-----w- C:\JRT
2012-11-28 17:48:50 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-11-28 17:48:30 17272 ----a-w- C:\Windows\System32\sdnclean64.exe
2012-11-28 17:48:09 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2012-11-28 17:47:11 -------- d-----w- C:\Users\acer\AppData\Local\Programs
2012-11-27 18:18:24 22704 ----a-w- C:\Windows\System32\drivers\EsgScanner.sys
2012-11-27 18:18:05 110080 ----a-r- C:\Users\acer\AppData\Roaming\Microsoft\Installer\{83B952C7-F8F3-4CA3-B4C5-33C85B24E478}\Icon1226A4C5.exe
2012-11-27 18:18:04 110080 ----a-r- C:\Users\acer\AppData\Roaming\Microsoft\Installer\{83B952C7-F8F3-4CA3-B4C5-33C85B24E478}\IconD7F16134.exe
2012-11-27 18:18:03 110080 ----a-r- C:\Users\acer\AppData\Roaming\Microsoft\Installer\{83B952C7-F8F3-4CA3-B4C5-33C85B24E478}\IconF7A21AF7.exe
2012-11-27 18:17:55 -------- d-----w- C:\sh4ldr
2012-11-27 18:15:20 -------- d-----w- C:\Windows\83B952C7F8F34CA3B4C533C85B24E478.TMP
2012-11-27 18:15:15 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2012-11-26 23:27:11 -------- d-----w- C:\Users\acer\AppData\Roaming\SpeedMaxPc
2012-11-26 23:27:11 -------- d-----w- C:\Users\acer\AppData\Roaming\DriverCure
2012-11-26 23:26:43 -------- d-----w- C:\Program Files (x86)\Common Files\SpeedMaxPc
2012-11-26 23:26:37 -------- d-----w- C:\ProgramData\SpeedMaxPc
2012-11-26 23:26:37 -------- d-----w- C:\Program Files (x86)\SpeedMaxPc
2012-11-19 20:11:47 -------- d--h--w- C:\VritualRoot
2012-11-18 09:39:16 -------- d-----w- C:\Program Files (x86)\Common Files\Comodo
2012-11-18 09:37:12 -------- d-----w- C:\ProgramData\CPA_VA
2012-11-18 00:08:26 -------- d-----w- C:\ProgramData\Comodo
2012-11-18 00:08:23 -------- d-----w- C:\Program Files\COMODO
2012-11-18 00:08:05 -------- d-----w- C:\Users\acer\AppData\Local\Comodo
2012-11-18 00:08:02 50952 ----a-w- C:\Windows\System32\certsentry.dll
2012-11-18 00:07:50 -------- d-----w- C:\Program Files (x86)\Comodo
2012-11-15 16:12:13 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-11-15 07:38:17 9728 ----a-w- C:\Windows\System32\Wdfres.dll
2012-11-15 07:38:17 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
2012-11-15 07:38:17 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys
2012-11-15 07:38:17 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2012-11-14 23:44:02 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
2012-11-14 23:44:02 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
2012-11-14 23:43:59 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
2012-11-14 23:43:59 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
2012-11-14 23:43:57 744448 ----a-w- C:\Windows\System32\WUDFx.dll
2012-11-14 23:43:57 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
2012-11-14 23:43:57 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
2012-11-14 19:21:59 -------- d-----w- C:\Users\acer\AppData\Roaming\Foxit Software
2012-11-14 07:22:38 3147264 ----a-w- C:\Windows\System32\win32k.sys
2012-11-14 07:21:24 95744 ----a-w- C:\Windows\System32\synceng.dll
2012-11-14 07:21:24 78336 ----a-w- C:\Windows\SysWow64\synceng.dll
2012-11-11 13:50:36 -------- d-----w- C:\Program Files (x86)\Image-Line
2012-11-08 22:13:47 -------- d-----w- C:\Program Files (x86)\ASIO4ALL v2
2012-11-08 18:30:17 -------- d-----w- C:\Program Files (x86)\VstPlugins
2012-11-08 18:29:36 1554944 ----a-w- C:\Windows\SysWow64\vorbis.acm
2012-11-08 18:29:27 -------- d-----w- C:\Program Files (x86)\Outsim
2012-11-08 18:23:34 1700352 ----a-w- C:\Windows\SysWow64\gdiplus.dll
2012-11-07 23:38:02 38144 ----a-w- C:\Windows\System32\drivers\cmdhlp.sys
2012-11-07 23:38:00 584056 ----a-w- C:\Windows\System32\drivers\cmdGuard.sys
2012-11-07 23:37:58 22736 ----a-w- C:\Windows\System32\drivers\cmderd.sys
2012-11-07 23:37:38 41240 ----a-w- C:\Windows\System32\cmdcsr.dll
2012-11-07 23:37:36 301264 ----a-w- C:\Windows\SysWow64\guard32.dll
2012-11-07 23:37:32 390392 ----a-w- C:\Windows\System32\guard64.dll
.
==================== Find3M ====================
.
2012-12-04 08:41:28 37976 ----a-w- C:\Windows\inf\CFRMD\cfrmd.sys
2012-10-11 10:06:05 41784 ------w- C:\Windows\System32\drivers\hvm.sys
2012-10-08 11:31:03 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-10-08 11:23:52 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-10-08 11:22:55 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-10-08 11:18:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-10-08 11:17:35 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-10-08 11:13:33 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-10-08 07:56:24 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-10-08 07:48:03 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-10-08 07:47:44 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-10-08 07:44:05 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-10-08 07:43:21 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-10-08 07:40:56 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-09-28 16:55:43 338432 ----a-w- C:\Windows\SysWow64\REX Shared Library.dll
2012-09-28 16:55:41 406528 ----a-w- C:\Windows\SysWow64\ReWire.dll
2012-09-14 19:23:40 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-09-14 18:30:38 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
.
============= FINISH: 19:28:52.23 ===============
i did run combofix, but it didn't open any log automatically, what should i do now?
Please see if c:\ComboFix.txt file exists and post back its contents.
Log still shows infection. Did you have protection turned off when running ComboFix? Like said, it has to be disabled otherwise ComboFix may not be able to execute properly (Comodo especially is known to cause problems with ComboFix run).
at the beginning it told me to shut down rising antivirus and i did it, this is the content of the comboFix text file i found:
ComboFix 12-12-04.01 - acer 07/12/2012 18:50:10.1.4 - x64
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.1899.628 [GMT 0:00]
Running from: C:\Users\acer\Desktop\ComboFix.exe
AV: Rising Antivirus *Enabled/Updated* {C0AEEC5C-BBDB-2745-3E22-21BEC65323A5}
SP: Rising Antivirus *Enabled/Updated* {7BCF0DB8-9DE1-28CB-0492-1ACCBDD46918}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
Hi,
Try to run ComboFix again in safe mode.
how to run it in safe mode?
instructions (http://windows.microsoft.com/en-US/windows7/Start-your-computer-in-safe-mode)
Hi, after some thoughts i decided to give my pc in person to somebody more competent than me to delete the remaining viruses. Since most of the rubbish has been discarded from my laptop i don't feel to risk running programs by myself because i am not enough competent and i am afraid to harm my laptop irreversibly... I will never thank you all enough for your help and support which was crucial to remove the serious rubbish, thanks to you i can use my laptop without problems again. :thanks:
You're welcome :)
after some thoughts i decided to give my pc in person to somebody more competent than me to delete the remaining viruses. Since most of the rubbish has been discarded from my laptop i don't feel to risk running programs by myself because i am not enough competent and i am afraid to harm my laptop irreversibly
I assume we can archive the topic then?
Since this issue appears to be resolved ... this Topic has been closed.
Note:If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh DDS log and a link to your previous thread.
If it has been less than three days since your last response and you need the thread re-opened, please send me or other MOD a private message (pm). A valid, working link to the closed topic is required.