Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Computer hacked


  • Please log in to reply

#16
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,701 posts
  • MVP

Uninstall:

 

VS10RuntimeWin32  (this is a sort of anti-virus add-on but it has a strange feature that allows "friends" to know your status.

 

AVG 2013  (Probably already gone but it shows in the uninstall list.)

 

McAfee Security Scan Plus  (foistware)

 

The windrvNT; C:\Windows\system32\windrvNT.sys

is left over from Folder Lock so it shouldn't hurt to leave it unchecked in Autoruns.

 

apf003; C:\Windows\system32\apf003.sys 

Supposedly some sort of Chinese search engine so should be OK to leave unchecked.
BVRPMPR5; C:\Windows\system32\drivers\BVRPMPR5.SYS
Something called RawEther which is used for doing odd things and bypassing Windows normal routines when talking on the net.  Definitely do not trust it unless you know why it is there.

  • 0

Advertisements


#17
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,701 posts
  • MVP

ntbtlog.txt?

 

Is your sound working?

 

Do you use Windows Live?


  • 0

#18
janji

janji

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 210 posts

I've uninstalled VS10 RuntimeWin32, AVG 2013 and McAffee. What do you want me to do with windrvNT, apf003 and BVRPMPR5?

 

Sound is working fine, no, I don't use Windows Live.

 

Here is the ntbtlog.txt, I overlooked it, sorry.

 Service Pack 1 2 10 2015 17:20:22.359
Loaded driver \SystemRoot\system32\ntkrnlpa.exe
Loaded driver \SystemRoot\system32\halmacpi.dll
Loaded driver \SystemRoot\system32\kdcom.dll
Loaded driver \SystemRoot\system32\mcupdate_AuthenticAMD.dll
Loaded driver \SystemRoot\system32\PSHED.dll
Loaded driver \SystemRoot\system32\BOOTVID.dll
Loaded driver \SystemRoot\system32\CLFS.SYS
Loaded driver \SystemRoot\system32\CI.dll
Loaded driver \SystemRoot\system32\drivers\Wdf01000.sys
Loaded driver \SystemRoot\system32\drivers\WDFLDR.SYS
Loaded driver \SystemRoot\system32\drivers\ACPI.sys
Loaded driver \SystemRoot\system32\drivers\WMILIB.SYS
Loaded driver \SystemRoot\system32\drivers\msisadrv.sys
Loaded driver \SystemRoot\system32\drivers\pci.sys
Loaded driver \SystemRoot\system32\drivers\vdrvroot.sys
Loaded driver \SystemRoot\System32\drivers\partmgr.sys
Loaded driver \SystemRoot\system32\DRIVERS\compbatt.sys
Loaded driver \SystemRoot\system32\DRIVERS\BATTC.SYS
Loaded driver \SystemRoot\system32\drivers\volmgr.sys
Loaded driver \SystemRoot\System32\drivers\volmgrx.sys
Loaded driver \SystemRoot\system32\drivers\pciide.sys
Loaded driver \SystemRoot\system32\drivers\PCIIDEX.SYS
Loaded driver \SystemRoot\System32\drivers\mountmgr.sys
Loaded driver \SystemRoot\system32\drivers\vmbus.sys
Loaded driver \SystemRoot\system32\drivers\winhv.sys
Loaded driver \SystemRoot\system32\drivers\atapi.sys
Loaded driver \SystemRoot\system32\drivers\ataport.SYS
Loaded driver \SystemRoot\system32\drivers\msahci.sys
Loaded driver \SystemRoot\system32\DRIVERS\amdsata.sys
Loaded driver \SystemRoot\system32\DRIVERS\storport.sys
Loaded driver \SystemRoot\system32\drivers\amdxata.sys
Loaded driver \SystemRoot\system32\drivers\fltmgr.sys
Loaded driver \SystemRoot\system32\drivers\fileinfo.sys
Loaded driver \SystemRoot\System32\Drivers\Ntfs.sys
Loaded driver \SystemRoot\System32\Drivers\msrpc.sys
Loaded driver \SystemRoot\System32\Drivers\ksecdd.sys
Loaded driver \SystemRoot\System32\Drivers\cng.sys
Loaded driver \SystemRoot\System32\drivers\pcw.sys
Loaded driver \SystemRoot\System32\Drivers\Fs_Rec.sys
Loaded driver \SystemRoot\system32\drivers\ndis.sys
Loaded driver \SystemRoot\system32\drivers\NETIO.SYS
Loaded driver \SystemRoot\System32\Drivers\ksecpkg.sys
Loaded driver \SystemRoot\System32\drivers\tcpip.sys
Loaded driver \SystemRoot\System32\drivers\fwpkclnt.sys
Loaded driver \SystemRoot\system32\drivers\vmstorfl.sys
Loaded driver \SystemRoot\system32\drivers\volsnap.sys
Loaded driver \SystemRoot\System32\Drivers\spldr.sys
Loaded driver \SystemRoot\System32\Drivers\SmartDefragDriver.sys
Loaded driver \SystemRoot\System32\drivers\rdyboost.sys
Loaded driver \SystemRoot\System32\Drivers\mup.sys
Loaded driver \SystemRoot\System32\drivers\hwpolicy.sys
Loaded driver \SystemRoot\System32\DRIVERS\fvevol.sys
Loaded driver \SystemRoot\system32\DRIVERS\disk.sys
Loaded driver \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
Loaded driver \SystemRoot\system32\DRIVERS\AtiPcie.sys
Loaded driver \SystemRoot\System32\Drivers\aswVmm.sys
Loaded driver \SystemRoot\System32\Drivers\aswRvrt.sys
Loaded driver \SystemRoot\system32\DRIVERS\cdrom.sys
Loaded driver \SystemRoot\system32\drivers\aswSnx.sys
Loaded driver \SystemRoot\system32\drivers\aswSP.sys
Loaded driver \SystemRoot\System32\Drivers\Null.SYS
Loaded driver \SystemRoot\System32\Drivers\Beep.SYS
Loaded driver \SystemRoot\System32\drivers\vga.sys
Loaded driver \SystemRoot\System32\DRIVERS\RDPCDD.sys
Loaded driver \SystemRoot\system32\drivers\rdpencdd.sys
Loaded driver \SystemRoot\system32\drivers\rdprefmp.sys
Loaded driver \SystemRoot\System32\Drivers\Msfs.SYS
Loaded driver \SystemRoot\System32\Drivers\Npfs.SYS
Loaded driver \SystemRoot\system32\DRIVERS\tdx.sys
Loaded driver \SystemRoot\System32\DRIVERS\netbt.sys
Loaded driver \SystemRoot\system32\drivers\afd.sys
Loaded driver \SystemRoot\system32\drivers\aswRdr2.sys
Loaded driver \SystemRoot\system32\drivers\ws2ifsl.sys
Loaded driver \SystemRoot\system32\DRIVERS\wfplwf.sys
Loaded driver \SystemRoot\system32\DRIVERS\pacer.sys
Loaded driver \SystemRoot\system32\DRIVERS\vwififlt.sys
Loaded driver \SystemRoot\system32\DRIVERS\hssdrv6.sys
Loaded driver \SystemRoot\system32\DRIVERS\netbios.sys
Loaded driver \SystemRoot\system32\DRIVERS\wanarp.sys
Loaded driver \SystemRoot\system32\drivers\termdd.sys
Loaded driver \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
Loaded driver \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
Loaded driver \SystemRoot\system32\DRIVERS\rdbss.sys
Loaded driver \SystemRoot\system32\drivers\nsiproxy.sys
Loaded driver \SystemRoot\system32\drivers\mssmbios.sys
Loaded driver \SystemRoot\System32\drivers\discache.sys
Loaded driver \SystemRoot\system32\drivers\csc.sys
Loaded driver \SystemRoot\System32\Drivers\dfsc.sys
Loaded driver \SystemRoot\system32\DRIVERS\blbdrive.sys
Loaded driver \SystemRoot\system32\DRIVERS\tunnel.sys
Loaded driver \SystemRoot\system32\DRIVERS\amdppm.sys
Loaded driver \SystemRoot\system32\DRIVERS\atipmdag.sys
Loaded driver \SystemRoot\System32\drivers\dxgkrnl.sys
Loaded driver \SystemRoot\system32\DRIVERS\atikmpag.sys
Loaded driver \SystemRoot\system32\drivers\HDAudBus.sys
Loaded driver \SystemRoot\system32\DRIVERS\athr.sys
Loaded driver \SystemRoot\system32\DRIVERS\vwifibus.sys
Loaded driver \SystemRoot\system32\DRIVERS\Rt86win7.sys
Loaded driver \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
Loaded driver \SystemRoot\system32\DRIVERS\usbohci.sys
Loaded driver \SystemRoot\system32\DRIVERS\usbfilter.sys
Loaded driver \SystemRoot\system32\DRIVERS\usbehci.sys
Loaded driver \SystemRoot\system32\DRIVERS\i8042prt.sys
Loaded driver \SystemRoot\System32\drivers\keyscrambler.sys
Loaded driver \SystemRoot\system32\drivers\kbdclass.sys
Loaded driver \SystemRoot\system32\DRIVERS\SynTP.sys
Loaded driver \SystemRoot\system32\DRIVERS\mouclass.sys
Loaded driver \SystemRoot\system32\DRIVERS\CmBatt.sys
Loaded driver \SystemRoot\system32\drivers\wmiacpi.sys
Loaded driver \SystemRoot\system32\drivers\CompositeBus.sys
Loaded driver \SystemRoot\system32\DRIVERS\mcvidrv.sys
Loaded driver \SystemRoot\system32\drivers\mcaudrv.sys
Loaded driver \SystemRoot\system32\DRIVERS\AgileVpn.sys
Loaded driver \SystemRoot\system32\DRIVERS\rasl2tp.sys
Loaded driver \SystemRoot\system32\DRIVERS\ndistapi.sys
Loaded driver \SystemRoot\system32\DRIVERS\ndiswan.sys
Loaded driver \SystemRoot\system32\DRIVERS\raspppoe.sys
Loaded driver \SystemRoot\system32\DRIVERS\raspptp.sys
Loaded driver \SystemRoot\system32\DRIVERS\rassstp.sys
Loaded driver \SystemRoot\system32\DRIVERS\taphss6.sys
Loaded driver \SystemRoot\system32\DRIVERS\rdpbus.sys
Loaded driver \SystemRoot\system32\drivers\swenum.sys
Loaded driver \SystemRoot\system32\drivers\umbus.sys
Did not load driver \SystemRoot\System32\drivers\vga.sys
Loaded driver \SystemRoot\system32\DRIVERS\usbhub.sys
Loaded driver \SystemRoot\System32\Drivers\NDProxy.SYS
Did not load driver \SystemRoot\System32\Drivers\NDProxy.SYS
Did not load driver \SystemRoot\System32\Drivers\NDProxy.SYS
Did not load driver \SystemRoot\System32\Drivers\NDProxy.SYS
Did not load driver \SystemRoot\System32\Drivers\NDProxy.SYS
Loaded driver \SystemRoot\system32\drivers\AtiHdmi.sys
Loaded driver \SystemRoot\system32\drivers\RTKVHDA.sys
Loaded driver \SystemRoot\system32\DRIVERS\AGRSM.sys
Loaded driver \SystemRoot\system32\drivers\modem.sys
Loaded driver \SystemRoot\system32\DRIVERS\hidusb.sys
Loaded driver \SystemRoot\system32\DRIVERS\mouhid.sys
Loaded driver \SystemRoot\system32\DRIVERS\cdfs.sys
Loaded driver \SystemRoot\system32\DRIVERS\usbccgp.sys
Loaded driver \SystemRoot\System32\Drivers\RtsUStor.sys
Loaded driver \SystemRoot\System32\Drivers\usbvideo.sys
Loaded driver \SystemRoot\system32\DRIVERS\monitor.sys
Loaded driver \SystemRoot\system32\drivers\luafv.sys
Loaded driver \SystemRoot\system32\drivers\aswMonFlt.sys
Loaded driver \SystemRoot\system32\drivers\aswStm.sys
Loaded driver \SystemRoot\system32\DRIVERS\lltdio.sys
Loaded driver \SystemRoot\system32\DRIVERS\nwifi.sys
Loaded driver \SystemRoot\system32\DRIVERS\ndisuio.sys
Loaded driver \SystemRoot\system32\DRIVERS\rspndr.sys
Loaded driver \SystemRoot\system32\DRIVERS\vwifimp.sys
Loaded driver \SystemRoot\system32\drivers\HTTP.sys
Loaded driver \SystemRoot\system32\DRIVERS\bowser.sys
Loaded driver \SystemRoot\System32\drivers\mpsdrv.sys
Loaded driver \SystemRoot\system32\DRIVERS\mrxsmb.sys
Loaded driver \SystemRoot\system32\DRIVERS\mrxsmb10.sys
Loaded driver \SystemRoot\system32\DRIVERS\mrxsmb20.sys
Did not load driver \SystemRoot\system32\DRIVERS\parport.sys
Loaded driver \SystemRoot\system32\drivers\aswHwid.sys
Loaded driver \SystemRoot\system32\drivers\peauth.sys
Loaded driver \SystemRoot\System32\Drivers\secdrv.SYS
Loaded driver \SystemRoot\System32\DRIVERS\srvnet.sys
Loaded driver \SystemRoot\System32\drivers\tcpipreg.sys
Loaded driver \SystemRoot\System32\DRIVERS\srv2.sys
Loaded driver \SystemRoot\System32\DRIVERS\srv.sys
Did not load driver \SystemRoot\System32\DRIVERS\srv.sys
Loaded driver \SystemRoot\system32\DRIVERS\psi_mf_x86.sys









 


  • 0

#19
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,701 posts
  • MVP

Just leave them unchecked in Autoruns.  

 

Let's see what RogueKiller says now.

 

 
  • Download RogueKiller  and save it on your desktop.  
  • Quit all programs 
  • Start RogueKiller.exe.
  • Wait until Prescan has finished ...  
  • Click on Scan
RGKRScan.png    
  • Wait for the end of the scan.  
  • Send me the RKreport.txt located on your desktop.

  • 0

#20
janji

janji

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 210 posts

Here is the RKreport (had to click "report" button on app for the report to be generated on my desktop.

RogueKiller V10.2.0.0 [Jan 19 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.co...es/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : User [Administrator]
Mode : Scan -- Date : 02/10/2015  18:40:33

¤¤¤ Processes : 1 ¤¤¤
[PUP] (SVC) HssWd -- C:\Program Files\Hotspot Shield\bin\hsswd.exe[7] -> Stopped

¤¤¤ Registry : 18 ¤¤¤
[PUP] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\HssTrayService (C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE) -> Found
[PUP] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\HssWd (C:\Program Files\Hotspot Shield\bin\hsswd.exe) -> Found
[PUP] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\HssTrayService (C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE) -> Found
[PUP] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\HssWd (C:\Program Files\Hotspot Shield\bin\hsswd.exe) -> Found
[PUP] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\HssTrayService (C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE) -> Found
[PUP] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\HssWd (C:\Program Files\Hotspot Shield\bin\hsswd.exe) -> Found
[PUM.HomePage] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com  -> Found
[PUM.HomePage] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : -> Found
[PUM.HomePage] HKEY_USERS\S-1-5-21-4165335087-975643669-458432890-1000\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com  -> Found
[PUM.HomePage] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : -> Found
[PUM.SearchPage] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Search Page : www.google.com  -> Found
[PUM.SearchPage] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : -> Found
[PUM.SearchPage] HKEY_USERS\S-1-5-21-4165335087-975643669-458432890-1000\Software\Microsoft\Internet Explorer\Main | Search Page : -> Found
[PUM.SearchPage] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : -> Found
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-4165335087-975643669-458432890-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1  -> Found
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-4165335087-975643669-458432890-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found

¤¤¤ Tasks : 2 ¤¤¤
[Suspicious.Path] \\{6B96F45F-3BA0-4757-B275-DF5FD615EF3E} -- C:\Users\User\Desktop\Desktop_Icons\dips64-setup.exe -> Found
[Suspicious.Path] \\{708C0D35-1D80-41A6-9694-791D05EF6EC4} -- C:\Users\User\Desktop\Desktop_Icons\dips64-setup.exe -> Found

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1       localhost

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 3 ¤¤¤
[PUP][FIREFX:Addon] rcdgk3lo.default : Hotspot Shield Extension [[email protected]] -> Found
[PUM.Proxy][FIREFX:Config] rcdgk3lo.default : user_pref("network.proxy.type", 4); -> Found
[PUM.HomePage][FIREFX:Config] rcdgk3lo.default : user_pref("browser.startup.homepage", "https://my.yahoo.com/"); -> Found

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST932042 3AS SATA Disk Device +++++
--- User ---
[MBR] 3c1bb1ccfdd1d0cf2275875b1a13427a
[BSP] c78c6c4c4b493e2099c85c7c34e3fa7e : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 230118 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 471298896 | Size: 75116 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK


 


  • 0

#21
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,701 posts
  • MVP

That looks a lot better than it did when you last were here.  No hooks showing in the rootkit section.

 

Let's try a few more scans just to make sure.

 

Get the free version of Speccy:
 
http://www.filehippo...download_speccy  (Look in the upper right for the Download
Latest Version button  - Do NOT press the large Start Download button on the upper left!)  Download, Save and Install it.  
 
Close all browsers and open progrms before running Speccy.  Run Speccy.  When it finishes (the little icon in the bottom left will stop moving), File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  (It will be near the top about 10 lines down.)  Save the file and close notepad  Attach the file to your next post as it is usually too large for the forum (Click on More Reply Options then Choose file, select the file, Open, Attach this File) Uninstall Speccy.
 

 
Download aswMBR.exe  to your desktop.
Right click aswMBR.exe and Run as Administrator
uncheck trace disk IO calls
Click the "Scan" button to start scan (Accept the Avast Engine)
On completion of the scan if the Fix button is enabled (not the FixMBR button) press it and then run a new scan and  click save log, save it to your desktop and post in your next reply
If the Fix button is not enabled then just click save log, save it to your desktop and post in your next reply
 
ComboFix
 
:!: It must be saved to your desktop, do not run it from your browser:!:
 
:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well.  See: http://www.bleepingc...opic114351.html
 
:!: Turn off your screen saver so you can see what is going on
 
Download and Save this file --  to your Desktop -- from either of these two sources:
 
Rightclick on ComboFix and select Run As Administrator to start the program.  
 
 
 
    * :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.
    
    
    * A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.  
 
Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.
You should get a log when it finishes.  If not this may mean you have the new version of Zero Access malware so run Combofix a second time.
If you still don't get a log search for Combofix.txt.  It is usually at => C:\Combofix\Combofix.txt. I'll need to see that in your reply.
If you get an error about a registry value when you try to run a program, then just reboot to clear it.
 
Download TDSSKiller:
Save it to your desktop then run it by right clicking and Run As Admin.
 
 
If TDSSKiller alerts you that the system needs to reboot, please consent.
 
Run TDSSKiller again but this time:
before you hit the Scan  hit  Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.
 

  • 0

#22
janji

janji

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 210 posts

I've attached the Speecy txt. (USER-PC)

Attached Files


Edited by janji, 10 February 2015 - 12:52 PM.

  • 0

#23
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,701 posts
  • MVP

Speccy says your Laptop is overheating.  It's currently running at 71 C which is HOT!.  Make sure you are running it on a hard surface so that the air vents on the bottom and back are not blocked.

 

Get speedfan

 
Download, save and Install it (Win 7 or Vista right click and Run As Admin.) then run it (Win 7 or Vista right click and Run As Admin)
 
It will tell you your temps in real time.  What usually causes this is the heatsink gets clogged with dust.  It looks like this is an HP.  They are really hard to work on unless they have changed recently.  It's major surgery to get to the heatsink to clean it.  Perhaps a laptop cooler tray might help.  Something like this:  http://www.amazon.co...g/dp/B00EVA83JU
 
The only suspicious connection is from Akamai\netsession_win.exe.  I'm not sure what Akamai is up to but the address it is talking to is on the blacklist as a spammer.  I would uninstall Akamai NetSession Interfaceunless you know what it is doing.

  • 0

#24
janji

janji

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 210 posts

Hi Ron,

 

I'm trying to use aswMBR but after it runs for five minutes a window pops up and says that avast- anti rk has stopped working and that the program must close, I've tried twice, without disturbing computer or mouse, what shall I do?


  • 0

#25
janji

janji

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 210 posts

Thanks, I've ordered the cooler and installed the software, noticed that computer had been overheating last week, when it didn't want to reboot.

 

Edit: also uninstalled Akamai NetSession.


Edited by janji, 10 February 2015 - 01:31 PM.

  • 0

Advertisements


#26
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,701 posts
  • MVP

Go on and try the other programs.

 

Tonight while you sleep let Avast do a boot-time scan:

 

How to do a boot-time scan while you sleep:
First mute the speakers so it won't wake you up when Windows loads.  Click on the Orange ball.  Click on Scan, then Scan for Viruses and wait a couple of minutes for the page to change.  Change Quickscan to Boot-time Scan.  Click on Settings.  Where it says Heuristic Sensitivity click on the last rectangle so that all of them are  orange and it says High.  Check both boxes.  Then change When a threat is found ... to:  Move to Chest.  OK.  Now click on Start.  Close the Avast window and then reboot.  The scan will start.  It will tell you where it will save the report.  Usually it's 
C:\ProgramData\AVAST Software\Avast\report\aswBoot.txt but it might change so verify the location.  When Windows loads Click on the Orange Ball then Scan, Then Scan History (at the bottom of the page). Click on the last scan and then Detailed Report.  If it found anything then open the aswBoot.txt file and copy and paste it.  If you can't find it then take a screen shot of the Detailed Report:

  • 0

#27
janji

janji

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 210 posts

Here is the ComboFix log:

ComboFix 15-02-09.01 - User 02/10/2015  20:49:22.1.2 - x86
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.3579.1816 [GMT 1:00]
Running from: c:\users\User\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\msdownld.tmp
.
.
(((((((((((((((((((((((((   Files Created from 2015-01-10 to 2015-02-10  )))))))))))))))))))))))))))))))
.
.
2015-02-10 20:03 . 2015-02-10 20:03    --------    d-----w-    c:\users\Public\AppData\Local\temp
2015-02-10 20:03 . 2015-02-10 20:03    --------    d-----w-    c:\users\Default\AppData\Local\temp
2015-02-10 19:23 . 2015-02-10 19:24    --------    d-----w-    c:\program files\SpeedFan
2015-02-10 19:01 . 2015-02-10 19:09    --------    d-----w-    c:\users\User\AppData\Local\CrashDumps
2015-02-10 17:40 . 2015-02-10 17:40    62576    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{5A68DE4F-E0F2-4085-B62C-4FAFC75D8375}\offreg.dll
2015-02-10 17:30 . 2015-02-10 17:30    35064    ----a-w-    c:\windows\system32\drivers\TrueSight.sys
2015-02-10 17:30 . 2015-02-10 17:30    --------    d-----w-    c:\programdata\RogueKiller
2015-02-10 13:12 . 2015-02-10 16:07    --------    d-----w-    C:\FRST
2015-02-10 12:37 . 2014-12-02 11:01    9054624    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{5A68DE4F-E0F2-4085-B62C-4FAFC75D8375}\mpengine.dll
2015-02-09 20:10 . 2015-02-09 20:10    --------    d-----w-    c:\users\User\AppData\Roaming\ATI
2015-02-09 20:10 . 2015-02-09 20:10    --------    d-----w-    c:\users\User\AppData\Local\ATI
2015-02-09 20:10 . 2015-02-09 20:10    --------    d-----w-    c:\programdata\ATI
2015-02-09 20:06 . 2015-02-09 20:06    --------    d-----w-    c:\program files\DIFX
2015-02-09 20:06 . 2009-12-22 01:26    30392    ----a-w-    c:\windows\system32\drivers\usbfilter.sys
2015-02-09 20:06 . 2015-02-09 20:06    --------    d-----w-    c:\program files\AMD
2015-02-09 01:19 . 2015-02-09 01:19    --------    d-----w-    c:\program files\Hewlett-Packard
2015-02-09 01:19 . 2015-02-09 01:19    --------    d-----w-    c:\program files\Hp
2015-02-06 21:01 . 2015-02-06 21:33    --------    d-----w-    c:\program files\Mozilla Maintenance Service
2015-02-02 00:08 . 2015-02-02 00:08    --------    d-----w-    c:\users\User\AppData\Roaming\MMFApplications
2015-02-01 23:56 . 2015-02-01 23:57    --------    d-----w-    c:\program files\Five Nights at Freddy's DEMO
2015-01-25 16:11 . 2015-01-25 16:11    --------    d-----w-    c:\program files\Common Files\Java
2015-01-18 15:49 . 2015-01-18 15:50    --------    d-----w-    c:\program files\paint.net
2015-01-18 15:49 . 2015-01-18 15:51    --------    d-----w-    c:\users\User\AppData\Local\paint.net
2015-01-18 14:01 . 2015-01-18 14:01    --------    d-----w-    c:\users\User\AppData\Roaming\Planet Imagina
2015-01-18 13:29 . 2015-01-18 13:32    --------    d-----w-    c:\program files\GIMP 2
2015-01-17 18:57 . 2015-01-17 18:57    --------    d-----w-    c:\users\User\AppData\Roaming\FastStone
2015-01-17 18:56 . 2015-01-17 18:56    --------    d-----w-    c:\program files\FastStone Image Viewer
2015-01-14 10:09 . 2014-12-12 05:11    3971512    ----a-w-    c:\windows\system32\ntkrnlpa.exe
2015-01-14 10:09 . 2014-12-12 05:11    3916728    ----a-w-    c:\windows\system32\ntoskrnl.exe
2015-01-14 10:08 . 2014-12-11 17:47    74240    ----a-w-    c:\windows\system32\TSWbPrxy.exe
2015-01-14 10:08 . 2014-12-19 02:43    164864    ----a-w-    c:\windows\system32\profsvc.dll
2015-01-14 10:08 . 2014-12-06 03:50    242688    ----a-w-    c:\windows\system32\nlasvc.dll
2015-01-14 10:08 . 2014-12-19 01:34    116224    ----a-w-    c:\windows\system32\drivers\mrxdav.sys
2015-01-12 23:55 . 2015-01-12 23:55    159744    ----a-w-    c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2015-01-12 23:55 . 2015-01-12 23:55    159744    ----a-w-    c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2015-01-12 23:55 . 2015-01-12 23:55    159744    ----a-w-    c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2015-01-12 23:55 . 2015-01-12 23:55    159744    ----a-w-    c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2015-01-12 23:55 . 2015-01-12 23:55    159744    ----a-w-    c:\program files\Internet Explorer\Plugins\npqtplugin.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-02-10 16:21 . 2013-11-10 14:09    13464    ----a-w-    c:\windows\system32\drivers\SWDUMon.sys
2015-02-09 03:08 . 2014-07-16 07:25    114904    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-02-05 19:20 . 2012-07-14 22:55    701616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2015-02-05 19:20 . 2012-07-14 22:23    71344    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2015-01-25 16:10 . 2014-10-16 15:52    96680    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2015-01-06 03:36 . 2010-10-29 00:05    249488    ------w-    c:\windows\system32\MpSigStub.exe
2014-12-13 03:33 . 2014-12-18 16:06    115712    ----a-w-    c:\windows\system32\ieUnatt.exe
2014-12-04 04:38 . 2014-12-10 14:29    337920    ----a-w-    c:\windows\system32\generaltel.dll
2014-12-04 04:38 . 2014-12-10 14:29    610304    ----a-w-    c:\windows\system32\invagent.dll
2014-12-04 04:38 . 2014-12-10 14:29    315392    ----a-w-    c:\windows\system32\devinv.dll
2014-12-04 04:38 . 2014-12-10 14:29    728576    ----a-w-    c:\windows\system32\appraiser.dll
2014-12-04 04:38 . 2014-12-10 14:29    159744    ----a-w-    c:\windows\system32\aepic.dll
2014-12-04 04:38 . 2014-12-10 14:29    202752    ----a-w-    c:\windows\system32\aepdu.dll
2014-12-04 04:34 . 2014-12-10 14:29    873984    ----a-w-    c:\windows\system32\aeinv.dll
2014-12-01 23:28 . 2014-12-10 14:29    1160872    ----a-w-    c:\windows\system32\aitstatic.exe
2014-11-22 02:20 . 2014-12-10 14:28    2724864    ----a-w-    c:\windows\system32\mshtml.tlb
2014-11-22 02:20 . 2014-12-10 14:29    4096    ----a-w-    c:\windows\system32\ieetwcollectorres.dll
2014-11-22 02:07 . 2014-12-10 14:29    501248    ----a-w-    c:\windows\system32\vbscript.dll
2014-11-22 02:07 . 2014-12-10 14:28    62464    ----a-w-    c:\windows\system32\iesetup.dll
2014-11-22 02:06 . 2014-12-10 14:29    47616    ----a-w-    c:\windows\system32\ieetwproxystub.dll
2014-11-22 02:05 . 2014-12-10 14:29    64000    ----a-w-    c:\windows\system32\MshtmlDac.dll
2014-11-22 01:55 . 2014-12-10 14:29    102912    ----a-w-    c:\windows\system32\ieetwcollector.exe
2014-11-22 01:54 . 2014-12-10 14:29    620032    ----a-w-    c:\windows\system32\jscript9diag.dll
2014-11-22 01:48 . 2014-12-10 14:29    667648    ----a-w-    c:\windows\system32\MsSpellCheckingFacility.exe
2014-11-22 01:40 . 2014-12-10 14:29    60416    ----a-w-    c:\windows\system32\JavaScriptCollectionAgent.dll
2014-11-22 01:29 . 2014-12-10 14:28    4299264    ----a-w-    c:\windows\system32\jscript9.dll
2014-11-22 01:22 . 2014-12-10 14:28    2052096    ----a-w-    c:\windows\system32\inetcpl.cpl
2014-11-22 01:21 . 2014-12-10 14:29    1155072    ----a-w-    c:\windows\system32\mshtmlmedia.dll
2014-11-22 01:00 . 2014-12-10 14:29    1888256    ----a-w-    c:\windows\system32\wininet.dll
2014-11-22 00:40 . 2012-11-25 00:36    779536    ----a-w-    c:\windows\system32\drivers\aswsnx.sys
2014-11-21 20:32 . 2013-05-05 00:38    736952    ----a-w-    c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2014-11-21 05:14 . 2014-07-16 07:25    51928    ----a-w-    c:\windows\system32\drivers\mwac.sys
2014-11-21 05:14 . 2014-07-16 07:25    75480    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2014-11-21 05:14 . 2012-04-10 18:34    23256    ----a-w-    c:\windows\system32\drivers\mbam.sys
2014-11-19 22:57 . 2014-09-26 12:53    736952    ----a-w-    c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2014-11-19 21:53 . 2014-11-15 20:33    21840    ----atw-    c:\windows\system32\SIntfNT.dll
2014-11-19 21:53 . 2014-11-15 20:33    17212    ----atw-    c:\windows\system32\SIntf32.dll
2014-11-19 21:53 . 2014-11-15 20:33    12067    ----atw-    c:\windows\system32\SIntf16.dll
2014-11-19 03:31 . 2014-11-19 03:31    1217192    ----a-w-    c:\windows\system32\FM20.DLL
2014-11-18 14:07 . 2013-05-05 00:38    2876528    ----a-w-    c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2014-11-18 14:07 . 2013-05-05 00:27    42168    ----a-w-    c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2014-11-18 14:07 . 2013-05-05 00:27    539984    ----a-w-    c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2014-11-14 16:40 . 2014-09-29 15:51    539984    ----a-w-    c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    131480    ----a-w-    c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    131480    ----a-w-    c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    131480    ----a-w-    c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    131480    ----a-w-    c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    131480    ----a-w-    c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    131480    ----a-w-    c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    131480    ----a-w-    c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    131480    ----a-w-    c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-08-01 13:08    578240    ----a-w-    c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner.exe" [2014-10-29 4826904]
"Spotify Web Helper"="c:\users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2014-12-18 1676344]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2014-12-11 30878816]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2014-12-21 110160]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-10-14 2299176]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-08-01 4085896]
"DivXMediaServer"="c:\program files\DivX\DivX Media Server\DivXMediaServer.exe" [2014-11-17 448856]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2014-01-10 1861968]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-09 421776]
"KeyScrambler"="c:\program files\KeyScrambler\keyscrambler.exe" [2014-10-26 508744]
"QuickTime Task"="c:\program files\QuickTime Alternative\QTTask.exe" [2014-10-02 421888]
"RtkOSD"="c:\program files\Realtek\Audio\OSD\RtVOsd.exe" [2010-02-05 907264]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-06-17 98304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NCPluginUpdater"="c:\program files\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" [2015-02-03 21720]
.
c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-12-9 39207112]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2013-11-4 565464]
Stay On Top.lnk - c:\windows\Installer\{5C6C0192-BA75-4932-8931-B2FF88346E49}\_16dd6dc4.exe [2014-3-24 10134]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute    REG_MULTI_SZ       autocheck autochk *\0bootdelete
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^OfficeSAS.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\OfficeSAS.lnk
backup=c:\windows\pss\OfficeSAS.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Amazon Music]
2014-10-15 05:35    6281024    ----a-w-    c:\users\User\AppData\Local\Amazon Music\Amazon Music Helper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2013-04-21 19:43    59720    ----a-w-    c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2009-02-07 00:02    170496    ----a-w-    c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2012-11-05 13:27    89184    ----a-w-    c:\program files\Microsoft Office\Office14\BCSSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXMediaServer]
2014-11-17 08:11    448856    ----a-w-    c:\program files\DivX\DivX Media Server\DivXMediaServer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2014-01-10 05:26    1861968    ----a-w-    c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeRAM XP]
2012-11-27 22:47    1591808    ----a-w-    c:\program files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPreload]
2013-04-23 04:48    1561968    ----a-w-    c:\program files\Samsung\Kies\Kies.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent]
2013-04-23 04:48    311152    ----a-w-    c:\program files\Samsung\Kies\KiesTrayAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 23:44    3883856    ----a-w-    c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 21:57    153136    ----a-w-    c:\program files\Common Files\Nero\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2014-10-02 13:23    421888    ----a-w-    c:\program files\QuickTime Alternative\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Screen Highlighter]
2013-12-20 19:18    643072    ----a-w-    c:\program files\Screen Highlighter\shl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2014-12-11 12:03    30878816    ----a-r-    c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify]
2014-12-18 16:13    6737976    ----a-w-    c:\users\User\AppData\Roaming\Spotify\spotify.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper]
2014-12-18 16:13    1676344    ----a-w-    c:\users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"QuickTime Task"="c:\program files\QuickTime Alternative\QTTask.exe" -atboottime
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe"  -osboot
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2014-08-01 71944]
R2 HssWd;Hotspot Shield Monitoring Service;c:\program files\Hotspot Shield\bin\hsswd.exe [2014-05-16 430344]
R2 SetupARService;SetupARService;c:\program files\Realtek\Audio\SetupAfterRebootService.exe [2014-07-26 24576]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2014-12-11 315496]
R3 ArcService;Arc Service;c:\program files\Perfect World Entertainment\Arc\ArcService.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2013-04-03 83864]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-11-22 102912]
R3 massfilter_hs;ZTE HandSet Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter_hs.sys [2011-03-07 15896]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-10-23 14848]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2013-10-28 182680]
R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys [2015-02-10 13464]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-10-02 49152]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-11-24 1343400]
R4 apf003;apf003;c:\windows\system32\apf003.sys [2013-12-04 13232]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2013-05-22 15672]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2014-11-22 779536]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2014-08-01 414520]
S1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\DRIVERS\hssdrv6.sys [2014-05-17 39624]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2014-08-22 142648]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSrv.exe [2010-02-05 87968]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-06-17 172032]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2014-08-01 24184]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2014-08-01 67824]
S2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;c:\program files\Hp\Common\HPSupportSolutionsFrameworkService.exe [2014-12-11 89864]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\PSIA.exe [2013-11-04 1228504]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [2013-11-04 660184]
S2 SPDFCreatorReadSpool;SolidPDFCreatorReadSpool;c:\program files\SolidDocuments\SolidPDFCreator\SPC\SolidPdfService.exe [2011-10-03 180552]
S3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2013-05-31 209016]
S3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv.sys [2012-07-20 34432]
S3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv.sys [2012-07-20 25088]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf_x86.sys [2013-11-04 16024]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2000-01-01 197736]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-06-10 394856]
S3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys [2014-05-17 37064]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-22 30392]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ASWMBR
*NewlyCreated* - CPUZ138
*NewlyCreated* - GIVEIO
*NewlyCreated* - SPEEDFAN
*Deregistered* - aswMBR
*Deregistered* - cpuz138
*Deregistered* - TrueSight
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-02-05 21:39    1086280    ----a-w-    c:\program files\Google\Chrome\Application\40.0.2214.111\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-02-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-14 19:20]
.
2015-02-10 c:\windows\Tasks\SlimDrivers Startup.job
- c:\program files\SlimDrivers\SlimDrivers.exe [2013-09-24 11:49]
.
.
------- Supplementary Scan -------
.
uStart Page = www.google.com
mStart Page = www.google.com
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = about:blank
IE: &Save the YouTube video as MP3 - c:\users\User\AppData\Roaming\Free YouTube to MP3 Converter Studio\Free YouTube to MP3 Converter Studio.htm
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Customize Menu - file://C:/Program Files/Siber Systems/AI RoboForm/RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Fill Forms - file://C:/Program Files/Siber Systems/AI RoboForm/RoboFormComFillForms.html
IE: Save Forms - file://C:/Program Files/Siber Systems/AI RoboForm/RoboFormComSavePass.html
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Show RoboForm Toolbar - file://C:/Program Files/Siber Systems/AI RoboForm/RoboFormComShowToolbar.html
Trusted Zone: aeriagames.com
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\
FF - prefs.js: browser.startup.homepage - hxxps://my.yahoo.com/
FF - prefs.js: network.proxy.type - 4
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.txt=
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-Akamai NetSession Interface - c:\users\User\AppData\Local\Akamai\netsession_win.exe
MSConfigStartUp-Aeria Ignite - c:\program files\Aeria Games\Ignite\aeriaignite.exe
MSConfigStartUp-GameXN GO - c:\programdata\gamexn\gamexngo.exe
AddRemove-MyFreeCodec - c:\program files\MyFree Codec\1.0b beta\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
   1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{2B9F5787-88A5-4945-90E7-C4B18563BC5E}"=hex:51,66,7a,6c,4c,1d,38,12,e9,54,8c,
   2f,97,c6,2b,0c,ef,f1,87,f1,80,3d,f8,4a
"{3049C3E9-B461-4BC5-8870-4C09146192CA}"=hex:51,66,7a,6c,4c,1d,38,12,87,c0,5a,
   34,53,fa,ab,0e,f7,66,0f,49,11,3f,d6,de
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
   76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
   72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
   94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
   b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{D0984FD4-FA9A-46EE-9072-70B0735FF852}"=hex:51,66,7a,6c,4c,1d,38,12,ba,4c,8b,
   d4,a8,b4,80,03,ef,64,33,f0,76,01,bc,46
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
   df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
   2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{03EB0E9C-7A91-4381-A220-9B52B641CDB1}"=hex:51,66,7a,6c,4c,1d,38,12,f2,0d,f8,
   07,a3,34,ef,06,dd,36,d8,12,b3,1f,89,a5
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:d4,bc,ca,53,e6,73,cd,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,3a,90,80,8c,07,d4,80,43,a6,35,52,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d3,09,0e,18,2d,a9,8c,4b,a7,56,c8,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,3a,90,80,8c,07,d4,80,43,a6,35,52,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2015-02-10  21:06:30
ComboFix-quarantined-files.txt  2015-02-10 20:06
.
Pre-Run: 139,533,938,688 bytes free
Post-Run: 140,877,586,432 bytes free
.
- - End Of File - - 95778D875675EB06F3A156ED5598E916
A36C5E4F47E84449FF07ED3517B43A31
 


  • 0

#28
janji

janji

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 210 posts

I can't get the txt file for TDSSKiller, one can get a log but it won't let you copy or save it, anyway I'll check back tomorrow with the boot- time scan.

Have a good night, and thank you very much xx


  • 0

#29
janji

janji

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 210 posts

I've let the boot- time scan run but I think it shut down by itself, in the morning windows asked me to do system recovery, I did and computer started ok again, then tried to do boot- time scan again and it shut down by itself because system overheated. I"ve just noticed overheating since about last week when my browser kept on crashing when I went to certain FB profiles which might have been my ex- bf's ( he uses false ids on various sites) and when my internet conequently got cut off ( I then used my neighbours internet connection which was fine). I use FB Phishing Protector.  https://addons.mozil...hing-protector/


Edited by janji, 11 February 2015 - 10:04 AM.

  • 0

#30
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,701 posts
  • MVP

Guess we had better wait until the temp is resolved for any more scans.

 

How do you connect to the internet?  If you have your own router it occurs to me the BF could have messed with the router to send all traffic to his proxy.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP