Run dll message at start up

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

kevinf80

Kevin
Malware Specialist
Joined
Mar 21, 2006
Messages
11,417

mountainlion

Thread Starter
Joined
Jan 9, 2007
Messages
151
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.9.2
Run by SURFTHEWEB at 9:45:26 on 2012-12-26
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.8069.6322 [GMT 0:00]
.
AV: Lavasoft Ad-Aware *Enabled/Updated* {445B48C3-0FA4-6B16-8F07-6506F305D800}
SP: Lavasoft Ad-Aware *Enabled/Updated* {FF3AA927-299E-6498-B5B7-5E74888292BD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Lavasoft Ad-Aware *Enabled* {7C60C9E6-45CB-6A4E-A458-CC330DD69F7B}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Tablet\Wacom\Wacom_TouchService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\IProsetMonitor.exe
C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
C:\Windows\SysWOW64\nlssrv32.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dataplex\nveloSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\taskeng.exe
C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Dataplex\CacheFilter\NveloApp.exe
C:\Windows\System32\TiltWheelMouse.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray.exe
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\PROGRA~2\AD-AWA~1\AdAware.exe
C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
mRun: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
StartupFolder: C:\Users\SURFTH~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\runctf.lnk - C:\Windows\System32\rundll32.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ISCTSY~1.LNK - C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{747EC4D5-378D-4AD1-84D1-02AE94062AEB} : DHCPNameServer = 192.168.0.1
AppInit_DLLs= C:\Windows\SysWOW64\nvinit.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [nveloApp] C:\Program Files\Dataplex\CacheFilter\nveloApp.exe
x64-Run: [MouseDriver] TiltWheelMouse.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\SURFTHEWEB\AppData\Roaming\Mozilla\Firefox\Profiles\8g1unkdf.default\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\TabletPlugins\npwacom.dll
FF - plugin: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll
FF - plugin: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2012-11-12 20:22; {ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}; C:\Users\SURFTHEWEB\AppData\Roaming\Mozilla\Firefox\Profiles\8g1unkdf.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}
.
============= SERVICES / DRIVERS ===============
.
R0 nvelodiskfltr;NVCache Policy Driver;C:\Windows\System32\drivers\nvelodiskfltr.sys [2012-8-29 231024]
R0 nveloportfltr;NVELO Port Filter Driver;C:\Windows\System32\drivers\nveloportfltr.sys [2012-8-29 24176]
R1 SbFw;SbFw;C:\Windows\System32\drivers\SbFw.sys [2012-11-6 256632]
R1 SBRE;SBRE;C:\Windows\System32\drivers\sbredrv.sys [2012-7-8 57976]
R2 Ad-Aware Service;Ad-Aware Service;C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2012-7-12 1239952]
R2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2012-3-12 190120]
R2 ISCTAgent;ISCT Always Updated Agent;C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [2012-5-14 138752]
R2 nlsX86cc;This service enables products that use the Nalpeiron Licensing System.;C:\Windows\SysWOW64\nlssrv32.exe [2011-9-22 66560]
R2 nveloSvc;NVELO Dataplex Service;system32\Dataplex\nveloSvc.exe --> system32\Dataplex\nveloSvc.exe [?]
R2 SBAMSvc;Ad-Aware;C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [2011-12-19 3289032]
R2 sbapifs;sbapifs;C:\Windows\System32\drivers\sbapifs.sys [2011-11-29 74872]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-11-30 382824]
R2 TabletServiceWacom;TabletServiceWacom;C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe [2012-9-1 8786848]
R2 TouchServiceWacom;Wacom Professional Touch Service;C:\Program Files\Tablet\Wacom\Wacom_TouchService.exe [2012-9-1 565152]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-11-3 130536]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-11-3 395752]
R3 hidkmdf;KMDF Driver;C:\Windows\System32\drivers\hidkmdf.sys [2012-9-1 13728]
R3 ikbevent;Intel Upper keyboard Class Filter Driver;C:\Windows\System32\drivers\ikbevent.sys [2012-5-14 26048]
R3 imsevent;Intel Upper Mouse Class Filter Driver;C:\Windows\System32\drivers\imsevent.sys [2012-5-14 26048]
R3 ISCT;Intel(R) Smart Connect Technology Device Driver;C:\Windows\System32\drivers\ISCTD64.sys [2012-5-14 44992]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-7-3 789824]
R3 RRNetCapMP;RRNetCapMP;C:\Windows\System32\drivers\rrnetcap.sys [2012-7-19 37480]
R3 SBFWIMCLMP;GFI Software Firewall NDIS IM Filter Miniport;C:\Windows\System32\drivers\SbFwIm.sys [2012-11-6 119416]
R3 sbwtis;sbwtis;C:\Windows\System32\drivers\sbwtis.sys [2011-12-19 84600]
R3 t_mouse.sys;iBall Advanced Mouse;C:\Windows\System32\drivers\t_mouse.sys [2009-4-16 25088]
R3 TotRec8;Total Recorder WDM audio filter driver;C:\Windows\System32\drivers\TotRec8.sys [2012-9-4 122640]
R3 WacHidRouter;Wacom Hid Router;C:\Windows\System32\drivers\wachidrouter.sys [2012-9-1 68512]
R3 wacomrouterfilter;Wacom Router Filter Driver;C:\Windows\System32\drivers\wacomrouterfilter.sys [2012-9-1 15736]
R3 WPRO_41_2001;WinPcap Packet Driver (WPRO_41_2001);C:\Windows\System32\drivers\WPRO_41_2001.sys [2012-8-28 34752]
S0 nvelofsfltr;nvelofsfltr;C:\Windows\System32\drivers\nvelofsfltr.sys [2012-5-11 110704]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2012-7-30 102240]
S3 HTCAND64;HTC Device Driver;C:\Windows\System32\drivers\ANDROIDUSB.sys [2009-11-2 33736]
S3 RRNetCap;RRNetCap Service;C:\Windows\System32\drivers\rrnetcap.sys [2012-7-19 37480]
S3 SBFWIMCL;GFI Software Firewall NDIS IM Filter Service;C:\Windows\System32\drivers\SbFwIm.sys [2012-11-6 119416]
S3 sbhips;sbhips;C:\Windows\System32\drivers\sbhips.sys [2012-7-8 60536]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2012-9-19 203104]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 wacmoumonitor;Wacom Mode Helper;C:\Windows\System32\drivers\wacmoumonitor.sys [2012-8-30 18216]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-8-29 1255736]
.
=============== File Associations ===============
.
.chm: <filetype is not registered>
.
=============== Created Last 30 ================
.
2012-12-23 10:09:00 94656 ----a-w- C:\Windows\System32\WPRO_41_2001woem.tmp
2012-12-22 13:04:46 -------- d-----w- C:\Windows\SysWow64\NV
2012-12-22 13:04:46 -------- d-----w- C:\Windows\System32\NV
2012-12-22 11:31:55 -------- d-----w- C:\Windows\pss
2012-12-21 06:44:16 46080 ----a-w- C:\Windows\System32\atmlib.dll
2012-12-21 06:44:16 367616 ----a-w- C:\Windows\System32\atmfd.dll
2012-12-21 06:44:16 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2012-12-21 06:44:16 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2012-12-12 15:22:06 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-12-12 15:22:06 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-12-12 15:22:05 3149824 ----a-w- C:\Windows\System32\win32k.sys
2012-12-12 15:22:00 424960 ----a-w- C:\Windows\System32\KernelBase.dll
2012-12-12 15:22:00 215040 ----a-w- C:\Windows\System32\winsrv.dll
2012-12-09 21:51:46 -------- d-----w- C:\Users\SURFTHEWEB\AppData\Roaming\ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1
2012-12-09 21:30:08 -------- d-----w- C:\Program Files (x86)\Zinio Reader 4
2012-11-30 22:43:52 438632 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
.
==================== Find3M ====================
.
2012-12-26 09:42:30 34752 ----a-w- C:\Windows\System32\drivers\WPRO_41_2001.sys
2012-12-12 15:21:17 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-12 15:21:17 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-12-04 20:34:03 100 ----a-w- C:\Windows\SysWow64\prsgrc.dll
2012-12-01 05:49:26 3663213 ----a-w- C:\Windows\System32\nvcoproc.bin
2012-12-01 05:49:26 2557800 ----a-w- C:\Windows\System32\nvsvcr.dll
2012-12-01 05:49:25 63336 ----a-w- C:\Windows\System32\nvshext.dll
2012-12-01 05:49:25 118120 ----a-w- C:\Windows\System32\nvmctray.dll
2012-12-01 05:49:24 890216 ----a-w- C:\Windows\System32\nvvsvc.exe
2012-12-01 05:48:41 6223208 ----a-w- C:\Windows\System32\nvcpl.dll
2012-12-01 05:48:37 3311464 ----a-w- C:\Windows\System32\nvsvc64.dll
2012-11-21 15:45:51 72 ----a-w- C:\Windows\SysWow64\ssprs.dll
2012-11-21 15:45:51 1024 ----a-w- C:\Windows\SysWow64\wau1wuz.dll
2012-11-21 15:45:51 1024 ----a-w- C:\Windows\SysWow64\grcauth2.dll
2012-11-21 15:45:51 1024 ----a-w- C:\Windows\SysWow64\grcauth1.dll
2012-11-21 15:45:51 1024 ----a-w- C:\Windows\SysWow64\clauth2.dll
2012-11-21 15:45:51 1024 ----a-w- C:\Windows\SysWow64\clauth1.dll
2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-11-02 05:59:11 478208 ----a-w- C:\Windows\System32\dpnet.dll
2012-11-02 05:11:31 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll
2012-10-25 03:12:26 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2012-10-25 03:12:26 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2012-10-16 08:38:37 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38:34 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39:52 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll
2012-10-09 18:17:13 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll
2012-10-09 18:17:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll
2012-10-09 17:40:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40:31 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll
2012-10-04 17:46:16 362496 ----a-w- C:\Windows\System32\wow64win.dll
2012-10-04 17:46:15 243200 ----a-w- C:\Windows\System32\wow64.dll
2012-10-04 17:46:15 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2012-10-04 17:43:28 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2012-10-04 16:47:41 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2012-10-04 16:47:41 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2012-10-04 15:21:55 338432 ----a-w- C:\Windows\System32\conhost.exe
2012-10-04 14:46:46 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2012-10-04 14:46:46 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2012-10-04 14:46:44 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2012-10-04 14:46:43 2048 ----a-w- C:\Windows\SysWow64\user.exe
2012-10-04 14:41:50 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-10-04 14:41:50 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-10-04 14:41:50 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-10-04 14:41:50 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-10-03 17:56:54 1914248 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-10-03 17:44:21 70656 ----a-w- C:\Windows\System32\nlaapi.dll
2012-10-03 17:44:21 303104 ----a-w- C:\Windows\System32\nlasvc.dll
2012-10-03 17:44:17 246272 ----a-w- C:\Windows\System32\netcorehc.dll
2012-10-03 17:44:17 18944 ----a-w- C:\Windows\System32\netevent.dll
2012-10-03 17:44:16 216576 ----a-w- C:\Windows\System32\ncsi.dll
2012-10-03 17:42:16 569344 ----a-w- C:\Windows\System32\iphlpsvc.dll
2012-10-03 16:42:24 18944 ----a-w- C:\Windows\SysWow64\netevent.dll
2012-10-03 16:42:24 175104 ----a-w- C:\Windows\SysWow64\netcorehc.dll
2012-10-03 16:42:23 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll
2012-10-03 16:07:26 45568 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys
.
============= FINISH: 9:45:37.32 ===============



.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 28/08/2012 22:12:00
System Uptime: 26/12/2012 09:42:24 (0 hours ago)
.
Motherboard: ASUSTeK COMPUTER INC. | | SABERTOOTH Z77
Processor: Intel(R) Core(TM) i5-3570K CPU @ 3.40GHz | LGA1155 | 3401/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 931 GiB total, 854.386 GiB free.
D: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description:
Device ID: IUSB3\ROOT_HUB30\4&A3F7854&0
Manufacturer:
Name:
PNP Device ID: IUSB3\ROOT_HUB30\4&A3F7854&0
Service:
.
Class GUID: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Description: Virtual Keyboard Driver
Device ID: ROOT\HIDCLASS\0001
Manufacturer: Wacom
Name: Virtual Keyboard Driver
PNP Device ID: ROOT\HIDCLASS\0001
Service: WacomVKHid
.
==== System Restore Points ===================
.
RP63: 21/12/2012 06:44:13 - Windows Update
RP64: 22/12/2012 13:03:46 - Device Driver Package Install: NVIDIA Display adapters
.
==== Installed Programs ======================
.
Ad-Aware Antivirus
Ad-Aware Browsing Protection
Adobe AIR
Adobe Community Help
Adobe Creative Suite 5.5 Master Collection
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.4)
Apple Application Support
Apple Software Update
Asmedia ASM104x USB 3.0 Host Controller Driver
Audials
Camtasia Studio 6
CINEMA 4D 11.514
CPUID CPU-Z 1.61.3
Dataplex
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Intel(R) Network Connections 17.1.55.0
Intel(R) Smart Connect Technology 2.1 x64
Java 7 Update 9
Java Auto Updater
JustCloud
Microsoft .NET Framework 4 Client Profile
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft_VC80_ATL_x86
Microsoft_VC80_ATL_x86_x64
Microsoft_VC80_CRT_x86
Microsoft_VC80_CRT_x86_x64
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFC_x86_x64
Microsoft_VC80_MFCLOC_x86
Microsoft_VC80_MFCLOC_x86_x64
Microsoft_VC90_ATL_x86
Microsoft_VC90_ATL_x86_x64
Microsoft_VC90_CRT_x86
Microsoft_VC90_CRT_x86_x64
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFC_x86_x64
Microsoft_VC90_MFCLOC_x86
Microsoft_VC90_MFCLOC_x86_x64
Mozilla Firefox 15.0 (x86 en-GB)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
NVIDIA 3D Vision Controller Driver 310.70
NVIDIA 3D Vision Driver 310.70
NVIDIA Control Panel 310.70
NVIDIA Graphics Driver 310.70
NVIDIA HD Audio Driver 1.3.18.0
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 9.12.1031
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 1.11.3
NVIDIA Update Components
PDF Settings CS5
Privacy Eraser Pro
QuickTime
RealFlow 2012
RealFlow Plug-in for Cinema4D
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Topaz Adjust 4
Topaz Adjust 4 (64-bit)
Topaz Clean 3
Topaz Clean 3 (64-bit)
Topaz DeNoise 5
Topaz DeNoise 5 (64-bit)
Topaz Detail 2
Topaz Detail 2 (64-bit)
Topaz Fusion Express 2
Topaz Fusion Express 2 (64-bit)
Topaz InFocus
Topaz InFocus (64-bit)
Topaz Lens Effects
Topaz Lens Effects (64-bit)
Topaz ReMask 3
Topaz ReMask 3 (64-bit)
Total Recorder 8.3 Professional Edition
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Vertus Fluid Mask 3 3.0.10
Wacom Tablet
WebTablet FB Plugin 32 bit
WebTablet FB Plugin 64 bit
WebTablet IE Plugin
WebTablet Netscape Plugin
WinRAR archiver
Xilisoft Video Converter Ultimate
Zinio Reader 4
.
==== Event Viewer Messages From Past Week ========
.
26/12/2012 09:42:31, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: nvelofsfltr
23/12/2012 09:17:18, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
23/12/2012 09:16:52, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
23/12/2012 09:16:39, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
23/12/2012 09:16:39, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
23/12/2012 09:16:38, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
23/12/2012 09:16:32, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
23/12/2012 09:16:31, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache nvelofsfltr spldr Wanarpv6
23/12/2012 09:16:31, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}
22/12/2012 11:12:02, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
22/12/2012 11:12:01, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
22/12/2012 11:12:01, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
22/12/2012 11:11:53, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache NetBIOS NetBT nsiproxy nvelofsfltr Psched rdbss SbFw spldr tdx Wanarpv6 WfpLwf
22/12/2012 11:11:52, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
22/12/2012 11:11:52, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
22/12/2012 11:11:52, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
22/12/2012 11:11:52, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
22/12/2012 11:11:52, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
22/12/2012 11:11:52, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
22/12/2012 11:11:52, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
22/12/2012 11:11:52, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
22/12/2012 11:11:52, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
22/12/2012 11:11:52, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
.
==== End Of File ===========================
 

kevinf80

Kevin
Malware Specialist
Joined
Mar 21, 2006
Messages
11,417
Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from the following link :-

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

  • Ensure that Combofix is saved directly to the Desktop <--- Very important
  • Disable all security programs as they will have a negative effect on Combofix, instructions available here http://www.bleepingcomputer.com/forums/topic114351.html if required. Be aware the list may not have all programs listed, if you need more help please ask.
  • Close any open browsers and any other programs you might have running
  • Double click the
    icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)
  • Instructions for running Combofix available here http://www.bleepingcomputer.com/combofix/how-to-use-combofix if required.
  • If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
  • When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review

****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read here http://thespykiller.co.uk/index.php?page=20 why disabling autoruns is recommended.

*EXTRA NOTES*
  • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
  • If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
  • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

Post the log in next reply please...

Kevin
 

mountainlion

Thread Starter
Joined
Jan 9, 2007
Messages
151
ComboFix 12-12-25.02 - SURFTHEWEB 26/12/2012 12:40:26.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.8069.6102 [GMT 0:00]
Running from: c:\users\SURFTHEWEB\Desktop\ComboFix.exe
AV: Lavasoft Ad-Aware *Disabled/Updated* {445B48C3-0FA4-6B16-8F07-6506F305D800}
FW: Lavasoft Ad-Aware *Disabled* {7C60C9E6-45CB-6A4E-A458-CC330DD69F7B}
SP: Lavasoft Ad-Aware *Disabled/Updated* {FF3AA927-299E-6498-B5B7-5E74888292BD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\dsgsdgdsgdsgw.pad
c:\users\SURFTHEWEB\2f9915e513e648da322f0fcdb04d4705.jpg
c:\users\SURFTHEWEB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
c:\windows\SysWow64\prsgrc.dll
c:\windows\SysWow64\ssprs.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-11-26 to 2012-12-26 )))))))))))))))))))))))))))))))
.
.
2012-12-26 12:42 . 2012-12-26 12:42 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-12-26 12:42 . 2012-12-26 12:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-23 10:09 . 2012-12-26 09:42 94656 ----a-w- c:\windows\system32\WPRO_41_2001woem.tmp
2012-12-22 13:05 . 2012-12-22 13:05 -------- d-----w- c:\program files (x86)\AGEIA Technologies
2012-12-22 13:04 . 2012-12-22 13:04 -------- d-----w- c:\windows\SysWow64\NV
2012-12-22 13:04 . 2012-12-22 13:04 -------- d-----w- c:\windows\system32\NV
2012-12-22 11:08 . 2012-12-22 11:08 2959 ----a-w- c:\programdata\dsgsdgdsgdsgw.js
2012-12-21 06:44 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-21 06:44 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-21 06:44 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-21 06:44 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-12 15:22 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll
2012-12-12 15:22 . 2012-11-09 04:42 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-12-12 15:22 . 2012-11-22 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys
2012-12-12 15:22 . 2012-10-04 17:45 215040 ----a-w- c:\windows\system32\winsrv.dll
2012-12-12 15:22 . 2012-10-04 17:41 424960 ----a-w- c:\windows\system32\KernelBase.dll
2012-12-12 15:22 . 2012-10-04 17:41 1161216 ----a-w- c:\windows\system32\kernel32.dll
2012-12-09 21:51 . 2012-12-09 21:51 -------- d-----w- c:\users\SURFTHEWEB\AppData\Roaming\ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1
2012-12-09 21:30 . 2012-12-09 21:30 -------- d-----w- c:\program files (x86)\Zinio Reader 4
2012-12-09 21:29 . 2012-12-21 17:07 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
2012-11-30 22:43 . 2012-11-30 22:43 438632 ----a-w- c:\windows\SysWow64\nvStreaming.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-26 09:42 . 2012-08-28 21:30 34752 ----a-w- c:\windows\system32\drivers\WPRO_41_2001.sys
2012-12-12 22:29 . 2012-08-29 05:19 67413224 ----a-w- c:\windows\system32\MRT.exe
2012-12-12 15:21 . 2012-08-28 21:38 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-12 15:21 . 2012-08-28 21:38 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-03 15:47 . 2012-10-10 21:23 1504104 ----a-w- c:\windows\system32\nvdispgenco64.dll
2012-12-03 15:47 . 2012-10-10 21:23 2816824 ----a-w- c:\windows\system32\nvapi64.dll
2012-12-03 15:47 . 2012-10-10 21:23 983936 ----a-w- c:\windows\system32\nvumdshimx.dll
2012-12-03 15:47 . 2012-10-10 21:23 15016256 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-12-03 15:47 . 2012-10-10 21:23 12603960 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-12-03 15:47 . 2012-10-10 21:22 2496976 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-12-03 15:47 . 2012-10-10 21:22 15122280 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-12-03 15:47 . 2012-08-28 21:26 1805672 ----a-w- c:\windows\system32\nvdispco64.dll
2012-12-01 05:49 . 2012-11-18 12:00 2557800 ----a-w- c:\windows\system32\nvsvcr.dll
2012-12-01 05:49 . 2012-08-28 21:26 3663213 ----a-w- c:\windows\system32\nvcoproc.bin
2012-12-01 05:49 . 2012-08-28 21:26 63336 ----a-w- c:\windows\system32\nvshext.dll
2012-12-01 05:49 . 2012-08-28 21:26 118120 ----a-w- c:\windows\system32\nvmctray.dll
2012-12-01 05:49 . 2012-08-28 21:26 890216 ----a-w- c:\windows\system32\nvvsvc.exe
2012-12-01 05:48 . 2012-08-28 21:26 6223208 ----a-w- c:\windows\system32\nvcpl.dll
2012-12-01 05:48 . 2012-08-28 21:26 3311464 ----a-w- c:\windows\system32\nvsvc64.dll
2012-10-25 03:12 . 2012-10-25 03:12 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2012-10-25 03:12 . 2012-10-25 03:12 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2012-10-16 08:38 . 2012-11-28 06:16 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-28 06:16 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-28 06:16 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-09 18:17 . 2012-11-15 06:17 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-10-09 18:17 . 2012-11-15 06:17 226816 ----a-w- c:\windows\system32\dhcpcore6.dll
2012-10-09 17:40 . 2012-11-15 06:17 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40 . 2012-11-15 06:17 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll
2012-10-04 16:40 . 2012-12-12 15:21 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-10-03 17:56 . 2012-11-15 06:17 1914248 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-10-03 17:44 . 2012-11-15 06:17 70656 ----a-w- c:\windows\system32\nlaapi.dll
2012-10-03 17:44 . 2012-11-15 06:17 303104 ----a-w- c:\windows\system32\nlasvc.dll
2012-10-03 17:44 . 2012-11-15 06:17 246272 ----a-w- c:\windows\system32\netcorehc.dll
2012-10-03 17:44 . 2012-11-15 06:17 18944 ----a-w- c:\windows\system32\netevent.dll
2012-10-03 17:44 . 2012-11-15 06:17 216576 ----a-w- c:\windows\system32\ncsi.dll
2012-10-03 17:42 . 2012-11-15 06:17 569344 ----a-w- c:\windows\system32\iphlpsvc.dll
2012-10-03 16:42 . 2012-11-15 06:17 175104 ----a-w- c:\windows\SysWow64\netcorehc.dll
2012-10-03 16:42 . 2012-11-15 06:17 18944 ----a-w- c:\windows\SysWow64\netevent.dll
2012-10-03 16:42 . 2012-11-15 06:17 156672 ----a-w- c:\windows\SysWow64\ncsi.dll
2012-10-03 16:07 . 2012-11-15 06:17 45568 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-11-12 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Ad-Aware Antivirus"="c:\program files (x86)\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2011-10-21 198032]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
iSCTsysTray.lnk - c:\program files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray.exe [2012-5-14 80384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ chkvdisk\0autocheck autochk *\0lsdelete
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
@="Ad-Aware Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
R0 nvelofsfltr;nvelofsfltr;c:\windows\system32\DRIVERS\nvelofsfltr.sys [2012-05-11 110704]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2011-10-26 57976]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SBAMSvc;Ad-Aware;c:\program files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [2011-12-19 3289032]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-07-30 102240]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-11-02 33736]
R3 RRNetCap;RRNetCap Service;c:\windows\system32\DRIVERS\rrnetcap.sys [2012-07-19 37480]
R3 SBFWIMCL;GFI Software Firewall NDIS IM Filter Service;c:\windows\system32\DRIVERS\sbfwim.sys [2011-09-29 119416]
R3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [2011-12-19 60536]
R3 sbwtis;sbwtis;c:\windows\system32\DRIVERS\sbwtis.sys [2011-12-19 84600]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-09-19 203104]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2010-01-24 18216]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-08-29 1255736]
S0 nvelodiskfltr;NVCache Policy Driver;c:\windows\system32\DRIVERS\nvelodiskfltr.sys [2012-05-11 231024]
S0 nveloportfltr;NVELO Port Filter Driver;c:\windows\system32\DRIVERS\nveloportfltr.sys [2012-05-11 24176]
S1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2011-12-19 256632]
S2 Ad-Aware Service;Ad-Aware Service;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2012-07-12 1239952]
S2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2012-03-12 190120]
S2 ISCTAgent;ISCT Always Updated Agent;c:\program files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [2012-05-14 138752]
S2 nlsX86cc;This service enables products that use the Nalpeiron Licensing System.;c:\windows\SysWOW64\nlssrv32.exe [2011-09-22 66560]
S2 nveloSvc;NVELO Dataplex Service;c:\windows\system32\Dataplex\nveloSvc.exe [2012-05-11 33392]
S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [2011-11-29 74872]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-11-30 382824]
S2 TabletServiceWacom;TabletServiceWacom;c:\program files\Tablet\Wacom\Wacom_Tablet.exe [2012-08-02 8786848]
S2 TouchServiceWacom;Wacom Professional Touch Service;c:\program files\Tablet\Wacom\Wacom_TouchService.exe [2012-08-02 565152]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-11-03 130536]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-11-03 395752]
S3 hidkmdf;KMDF Driver;c:\windows\system32\DRIVERS\hidkmdf.sys [2012-06-21 13728]
S3 ikbevent;Intel Upper keyboard Class Filter Driver;c:\windows\system32\DRIVERS\ikbevent.sys [2012-05-14 26048]
S3 imsevent;Intel Upper Mouse Class Filter Driver;c:\windows\system32\DRIVERS\imsevent.sys [2012-05-14 26048]
S3 ISCT;Intel(R) Smart Connect Technology Device Driver;c:\windows\system32\DRIVERS\ISCTD64.sys [2012-05-14 44992]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-05-20 789824]
S3 RRNetCapMP;RRNetCapMP;c:\windows\system32\DRIVERS\rrnetcap.sys [2012-07-19 37480]
S3 SBFWIMCLMP;GFI Software Firewall NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\SBFWIM.sys [2011-09-29 119416]
S3 t_mouse.sys;iBall Advanced Mouse;c:\windows\system32\DRIVERS\t_mouse.sys [2009-04-16 25088]
S3 TotRec8;Total Recorder WDM audio filter driver;c:\windows\system32\drivers\TotRec8.sys [2012-08-13 122640]
S3 WacHidRouter;Wacom Hid Router;c:\windows\system32\DRIVERS\wachidrouter.sys [2012-06-21 68512]
S3 wacomrouterfilter;Wacom Router Filter Driver;c:\windows\system32\DRIVERS\wacomrouterfilter.sys [2012-05-22 15736]
S3 WPRO_41_2001;WinPcap Packet Driver (WPRO_41_2001);c:\windows\system32\drivers\WPRO_41_2001.sys [2012-12-26 34752]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-22 c:\windows\Tasks\Ad-Aware Antivirus Scheduled Scan.job
- c:\progra~2\AD-AWA~1\AdAwareLauncher.exe [2012-07-12 17:32]
.
2012-12-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-28 15:21]
.
2012-12-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-12 19:38]
.
2012-12-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-12 19:38]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-08-25 6548112]
"nveloApp"="c:\program files\Dataplex\CacheFilter\nveloApp.exe" [2012-05-11 117360]
"MouseDriver"="TiltWheelMouse.exe" [2010-11-01 241152]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-19 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-19 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-19 439064]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-09-03 444856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
Trusted Zone: mediafire.com\www
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\SURFTHEWEB\AppData\Roaming\Mozilla\Firefox\Profiles\8g1unkdf.default\
FF - ExtSQL: 2012-11-12 20:22; {ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}; c:\users\SURFTHEWEB\AppData\Roaming\Mozilla\Firefox\Profiles\8g1unkdf.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-{8D93BD99-EECF-4812-B3BA-B8A2E7FEEA11} - c:\programdata\{63B3AF69-722B-4FA9-965F-94DEB1E78796}\simplify3_setup_ext.exe
AddRemove-{DC8F0C18-E6B0-4722-A4AB-D134473091C2} - c:\programdata\{E25B3CC7-9347-4C9D-9339-1E15F9DA7A07}\dejpeg4_setup_ext.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-12-26 12:43:34
ComboFix-quarantined-files.txt 2012-12-26 12:43
.
Pre-Run: 917,109,272,576 bytes free
Post-Run: 917,685,391,360 bytes free
.
- - End Of File - - 0198CC0DEE292598AE7A1852CCF2EAD9
 

kevinf80

Kevin
Malware Specialist
Joined
Mar 21, 2006
Messages
11,417
OK, continue as follows:

download http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner by Xplode onto your Desktop.

  • Please close all open programs and internet browsers.
  • Double click on Adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with OK.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.

Next,

Run Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page http://www.eset.com/home/products/online-scanner/ to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    Click Start
  • When asked, allow the add/on to be installed
    Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
  • Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
    Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish
When the scan is complete

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found
If threats were found

  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish
close program
copy and paste the report here

Post those two logs, let me know if you have any remaining issues or concerns...

Kevin..
 

mountainlion

Thread Starter
Joined
Jan 9, 2007
Messages
151
this is the file from adwcleaner below.
# AdwCleaner v2.103 - Logfile created 12/26/2012 at 20:33:34
# Updated 25/12/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : SURFTHEWEB - SURFTHEWEB-PC
# Boot Mode : Normal
# Running from : C:\Users\SURFTHEWEB\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Mozilla Firefox v15.0 (en-GB)

File : C:\Users\SURFTHEWEB\AppData\Roaming\Mozilla\Firefox\Profiles\8g1unkdf.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v23.0.1271.97

File : C:\Users\SURFTHEWEB\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [1080 octets] - [26/12/2012 20:33:34]

########## EOF - C:\AdwCleaner[S1].txt - [1140 octets] ##########

I ran eset scan but no threat was found,i was quite sure myself i didnt have anymore viruses aas i got rid of it as mentioned in my original first post.
Anyway i was looking at some other posts and it was stated that TFC is an excellent program to have and run weekly so i downloaded it and ran it and when my pc rebooted i didnt get the run dll error msg anymore though i now get this one below.
http://i1357.photobucket.com/albums/q758/Cold-Cut/asusscreen_zpsfb1d78fa.png
Its not that important and i have no viruses but it would be nice if i could get rid of it thank you.
 

kevinf80

Kevin
Malware Specialist
Joined
Mar 21, 2006
Messages
11,417
Run Combofix one more time as follows:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the Codebox below into it:

Code:
ClearJavaCache::
Save this as CFScript.txt, and as Type: All Files (*.*) in the same location as ComboFix.exe





Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
 

mountainlion

Thread Starter
Joined
Jan 9, 2007
Messages
151
ok Kevin here it is below

ComboFix 12-12-25.02 - SURFTHEWEB 26/12/2012 22:19:29.3.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.8069.6435 [GMT 0:00]
Running from: c:\users\SURFTHEWEB\Downloads\ComboFix.exe
Command switches used :: c:\users\SURFTHEWEB\Desktop\CFScript.txt
AV: Lavasoft Ad-Aware *Disabled/Updated* {445B48C3-0FA4-6B16-8F07-6506F305D800}
FW: Lavasoft Ad-Aware *Disabled* {7C60C9E6-45CB-6A4E-A458-CC330DD69F7B}
SP: Lavasoft Ad-Aware *Disabled/Updated* {FF3AA927-299E-6498-B5B7-5E74888292BD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-11-26 to 2012-12-26 )))))))))))))))))))))))))))))))
.
.
2012-12-26 22:20 . 2012-12-26 22:20 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-12-26 22:20 . 2012-12-26 22:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-26 21:02 . 2012-12-26 21:05 4648880 ----a-w- c:\windows\PE_Rom.dll
2012-12-26 21:02 . 2012-12-26 21:02 -------- d-----w- c:\programdata\ASUS OC Profiles
2012-12-26 21:02 . 2012-12-26 21:02 -------- d-----w- c:\programdata\ASUS PowerControl Profiles
2012-12-26 21:01 . 2012-12-26 21:01 -------- d-----w- c:\program files\ASUS
2012-12-26 20:59 . 2012-08-25 14:01 32400 ----a-r- c:\windows\system32\drivers\ndisrd.sys
2012-12-26 20:58 . 2012-03-22 16:10 14848 ----a-w- c:\windows\SysWow64\drivers\AiCharger.sys
2012-12-26 20:58 . 2008-12-02 20:05 184320 ----a-w- c:\windows\SysWow64\drivers\UpdateHelper.dll
2012-12-26 20:57 . 2012-12-26 20:57 -------- d-----w- c:\programdata\ASUS
2012-12-26 20:57 . 2012-12-26 21:00 -------- d-----w- c:\program files (x86)\ASUS
2012-12-26 20:57 . 2012-08-25 14:01 28672 ----a-r- c:\windows\SysWow64\AsIO.dll
2012-12-26 20:57 . 2012-08-25 14:01 13440 ----a-r- c:\windows\SysWow64\drivers\AsIO.sys
2012-12-26 20:56 . 2012-12-26 20:56 -------- d-----w- c:\windows\SysWow64\drivers\MFDLL
2012-12-26 20:56 . 2012-08-25 14:01 11832 ------w- c:\windows\SysWow64\drivers\AsInsHelp64.sys
2012-12-26 15:18 . 2012-08-24 18:13 154480 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-12-26 15:18 . 2012-08-24 18:09 458712 ----a-w- c:\windows\system32\drivers\cng.sys
2012-12-26 15:18 . 2012-08-24 18:05 340992 ----a-w- c:\windows\system32\schannel.dll
2012-12-26 15:18 . 2012-08-24 18:04 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-12-26 15:18 . 2012-08-24 18:03 1448448 ----a-w- c:\windows\system32\lsasrv.dll
2012-12-26 15:18 . 2012-08-24 16:57 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2012-12-26 15:18 . 2012-08-24 16:57 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-12-26 15:18 . 2012-08-24 16:57 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-12-26 15:18 . 2012-08-24 16:53 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-12-26 14:40 . 2012-05-20 23:24 41984 ----a-w- c:\windows\system32\drivers\USB3Ver.dll
2012-12-26 12:52 . 2012-12-26 12:52 -------- d-----w- c:\users\SURFTHEWEB\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2012-12-26 12:52 . 2012-12-26 12:52 -------- d-----w- c:\users\SURFTHEWEB\AppData\Roaming\Adobe Mini Bridge CS5.1
2012-12-23 10:09 . 2012-12-26 21:15 94656 ----a-w- c:\windows\system32\WPRO_41_2001woem.tmp
2012-12-22 13:05 . 2012-12-22 13:05 -------- d-----w- c:\program files (x86)\AGEIA Technologies
2012-12-22 13:04 . 2012-12-26 15:22 -------- d-----w- c:\windows\SysWow64\NV
2012-12-22 13:04 . 2012-12-26 15:22 -------- d-----w- c:\windows\system32\NV
2012-12-22 11:08 . 2012-12-22 11:08 2959 ----a-w- c:\programdata\dsgsdgdsgdsgw.js
2012-12-21 06:44 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-21 06:44 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-21 06:44 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-21 06:44 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-19 08:42 . 2012-12-19 08:42 6144 ----a-w- c:\windows\system32\drivers\t_mouse.sys
2012-12-12 15:22 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll
2012-12-12 15:22 . 2012-11-09 04:42 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-12-12 15:22 . 2012-11-22 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys
2012-12-12 15:22 . 2012-10-04 17:45 215040 ----a-w- c:\windows\system32\winsrv.dll
2012-12-12 15:22 . 2012-10-04 17:41 424960 ----a-w- c:\windows\system32\KernelBase.dll
2012-12-12 15:22 . 2012-10-04 17:41 1161216 ----a-w- c:\windows\system32\kernel32.dll
2012-12-09 21:51 . 2012-12-09 21:51 -------- d-----w- c:\users\SURFTHEWEB\AppData\Roaming\ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1
2012-12-09 21:30 . 2012-12-09 21:30 -------- d-----w- c:\program files (x86)\Zinio Reader 4
2012-12-09 21:29 . 2012-12-21 17:07 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
2012-11-30 22:43 . 2012-11-30 22:43 438632 ----a-w- c:\windows\SysWow64\nvStreaming.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-26 21:15 . 2012-08-28 21:30 34752 ----a-w- c:\windows\system32\drivers\WPRO_41_2001.sys
2012-12-12 22:29 . 2012-08-29 05:19 67413224 ----a-w- c:\windows\system32\MRT.exe
2012-12-12 15:21 . 2012-08-28 21:38 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-12 15:21 . 2012-08-28 21:38 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-03 15:47 . 2012-10-10 21:23 1504104 ----a-w- c:\windows\system32\nvdispgenco64.dll
2012-12-03 15:47 . 2012-10-10 21:23 2816824 ----a-w- c:\windows\system32\nvapi64.dll
2012-12-03 15:47 . 2012-10-10 21:23 983936 ----a-w- c:\windows\system32\nvumdshimx.dll
2012-12-03 15:47 . 2012-10-10 21:23 15016256 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-12-03 15:47 . 2012-10-10 21:23 12603960 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-12-03 15:47 . 2012-10-10 21:22 2496976 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-12-03 15:47 . 2012-10-10 21:22 15122280 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-12-03 15:47 . 2012-08-28 21:26 1805672 ----a-w- c:\windows\system32\nvdispco64.dll
2012-12-01 05:49 . 2012-11-18 12:00 2557800 ----a-w- c:\windows\system32\nvsvcr.dll
2012-12-01 05:49 . 2012-08-28 21:26 3663213 ----a-w- c:\windows\system32\nvcoproc.bin
2012-12-01 05:49 . 2012-08-28 21:26 63336 ----a-w- c:\windows\system32\nvshext.dll
2012-12-01 05:49 . 2012-08-28 21:26 118120 ----a-w- c:\windows\system32\nvmctray.dll
2012-12-01 05:49 . 2012-08-28 21:26 890216 ----a-w- c:\windows\system32\nvvsvc.exe
2012-12-01 05:48 . 2012-08-28 21:26 6223208 ----a-w- c:\windows\system32\nvcpl.dll
2012-12-01 05:48 . 2012-08-28 21:26 3311464 ----a-w- c:\windows\system32\nvsvc64.dll
2012-10-25 03:12 . 2012-10-25 03:12 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2012-10-25 03:12 . 2012-10-25 03:12 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2012-10-16 08:38 . 2012-11-28 06:16 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-28 06:16 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-28 06:16 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-10 02:22 . 2012-10-10 02:22 80384 ----a-w- c:\windows\system32\igdde64.dll
2012-10-10 02:22 . 2012-10-10 02:22 437760 ----a-w- c:\windows\system32\igfxrtrk.lrc
2012-10-10 02:22 . 2012-10-10 02:22 21818368 ----a-w- c:\windows\SysWow64\igdfcl32.dll
2012-10-10 02:22 . 2012-10-10 02:22 216064 ----a-w- c:\windows\system32\iglhcp64.dll
2012-10-10 02:22 . 2012-10-10 02:22 180224 ----a-w- c:\windows\SysWow64\iglhcp32.dll
2012-10-10 02:22 . 2012-10-10 02:22 5903392 ----a-w- c:\windows\system32\GfxUI.exe
2012-10-10 02:22 . 2012-10-10 02:22 438784 ----a-w- c:\windows\system32\igfxrdeu.lrc
2012-10-10 02:22 . 2012-10-10 02:22 438272 ----a-w- c:\windows\system32\igfxrhun.lrc
2012-10-10 02:22 . 2012-10-10 02:22 3776512 ----a-w- c:\windows\SysWow64\igfxcmjit32.dll
2012-10-10 02:22 . 2012-10-10 02:22 27438080 ----a-w- c:\windows\system32\igdfcl64.dll
2012-10-10 02:22 . 2012-10-10 02:22 64512 ----a-w- c:\windows\SysWow64\igdde32.dll
2012-10-10 02:22 . 2012-10-10 02:22 501760 ----a-w- c:\windows\system32\igfxcmrt64.dll
2012-10-10 02:22 . 2012-10-10 02:22 439296 ----a-w- c:\windows\system32\igfxrrus.lrc
2012-10-10 02:22 . 2012-10-10 02:22 431104 ----a-w- c:\windows\system32\igfxrkor.lrc
2012-10-10 02:22 . 2012-10-10 02:22 410624 ----a-w- c:\windows\system32\igfxTMM.dll
2012-10-10 02:22 . 2012-10-10 02:22 27664896 ----a-w- c:\windows\system32\igdrcl64.dll
2012-10-10 02:22 . 2012-10-10 02:22 12836864 ----a-w- c:\windows\system32\igd10umd64.dll
2012-10-10 02:22 . 2012-03-19 21:17 110592 ----a-w- c:\windows\system32\hccutils.dll
2012-10-10 02:22 . 2012-10-10 02:22 598780 ----a-w- c:\windows\system32\igvpkrng700.bin
2012-10-10 02:22 . 2012-10-10 02:22 330240 ----a-w- c:\windows\SysWow64\igfxdv32.dll
2012-10-10 02:22 . 2012-10-10 02:22 12604416 ----a-w- c:\windows\system32\igdumd64.dll
2012-10-10 02:22 . 2012-10-10 02:22 56832 ----a-w- c:\windows\system32\Intel_OpenCL_ICD64.dll
2012-10-10 02:22 . 2012-10-10 02:22 441888 ----a-w- c:\windows\system32\igfxpers.exe
2012-10-10 02:22 . 2012-10-10 02:22 438784 ----a-w- c:\windows\system32\igfxrhrv.lrc
2012-10-10 02:22 . 2012-10-10 02:22 438272 ----a-w- c:\windows\system32\igfxrcsy.lrc
2012-10-10 02:22 . 2012-10-10 02:22 3582976 ----a-w- c:\windows\system32\igdbcl64.dll
2012-10-10 02:22 . 2012-10-10 02:22 25088 ----a-w- c:\windows\SysWow64\igfxexps32.dll
2012-10-10 02:22 . 2012-03-19 21:09 56832 ----a-w- c:\windows\system32\OpenCL.dll
2012-10-10 02:22 . 2012-10-10 02:22 9007616 ----a-w- c:\windows\system32\igfxress.dll
2012-10-10 02:22 . 2012-10-10 02:22 5343584 ----a-w- c:\windows\system32\drivers\igdkmd64.sys
2012-10-10 02:22 . 2012-10-10 02:22 448512 ----a-w- c:\windows\SysWow64\igfx11cmrt32.dll
2012-10-10 02:22 . 2012-10-10 02:22 441856 ----a-w- c:\windows\system32\igfxdev.dll
2012-10-10 02:22 . 2012-10-10 02:22 438784 ----a-w- c:\windows\system32\igfxrnld.lrc
2012-10-10 02:22 . 2012-10-10 02:22 399392 ----a-w- c:\windows\system32\hkcmd.exe
2012-10-10 02:22 . 2012-10-10 02:22 241664 ----a-w- c:\windows\system32\IntelOpenCL64.dll
2012-10-10 02:22 . 2012-10-10 02:22 195584 ----a-w- c:\windows\SysWow64\IntelOpenCL32.dll
2012-10-10 02:22 . 2012-10-10 02:22 126976 ----a-w- c:\windows\system32\igfxcpl.cpl
2012-10-10 02:22 . 2012-10-10 02:22 116224 ----a-w- c:\windows\system32\igfxCoIn_v2867.dll
2012-10-10 02:22 . 2012-03-19 21:17 63488 ----a-w- c:\windows\system32\igfxsrvc.dll
2012-10-10 02:22 . 2012-10-10 02:22 604160 ----a-w- c:\windows\SysWow64\igfxcmrt32.dll
2012-10-10 02:22 . 2012-10-10 02:22 4571136 ----a-w- c:\windows\system32\igfxcmjit64.dll
2012-10-10 02:22 . 2012-10-10 02:22 439808 ----a-w- c:\windows\system32\igfxresn.lrc
2012-10-10 02:22 . 2012-10-10 02:22 439296 ----a-w- c:\windows\system32\igfxrrom.lrc
2012-10-10 02:22 . 2012-10-10 02:22 437760 ----a-w- c:\windows\system32\igfxrsve.lrc
2012-10-10 02:22 . 2012-10-10 02:22 437760 ----a-w- c:\windows\system32\igfxrslv.lrc
2012-10-10 02:22 . 2012-10-10 02:22 437760 ----a-w- c:\windows\system32\igfxrnor.lrc
2012-10-10 02:22 . 2012-10-10 02:22 437248 ----a-w- c:\windows\system32\igfxrdan.lrc
2012-10-10 02:22 . 2012-10-10 02:22 2899968 ----a-w- c:\windows\SysWow64\igdbcl32.dll
2012-10-10 02:22 . 2012-10-10 02:22 277024 ----a-w- c:\windows\SysWow64\IntelCpHeciSvc.exe
2012-10-10 02:22 . 2012-10-10 02:22 185376 ----a-w- c:\windows\system32\difx64.exe
2012-10-10 02:22 . 2012-10-10 02:22 173568 ----a-w- c:\windows\system32\gfxSrvc.dll
2012-10-10 02:22 . 2012-10-10 02:22 435712 ----a-w- c:\windows\system32\igfxrheb.lrc
2012-10-10 02:22 . 2012-10-10 02:22 429056 ----a-w- c:\windows\system32\igfxrcht.lrc
2012-10-10 02:22 . 2012-10-10 02:22 171040 ----a-w- c:\windows\system32\igfxtray.exe
2012-10-10 02:22 . 2012-10-10 02:22 11158528 ----a-w- c:\windows\SysWow64\igd10umd32.dll
2012-10-10 02:22 . 2012-10-10 02:22 56320 ----a-w- c:\windows\SysWow64\Intel_OpenCL_ICD32.dll
2012-10-10 02:22 . 2012-10-10 02:22 509984 ----a-w- c:\windows\system32\igfxsrvc.exe
2012-10-10 02:22 . 2012-10-10 02:22 440320 ----a-w- c:\windows\system32\igfxrell.lrc
2012-10-10 02:22 . 2012-10-10 02:22 438784 ----a-w- c:\windows\system32\igfxrptg.lrc
2012-10-10 02:22 . 2012-10-10 02:22 438784 ----a-w- c:\windows\system32\igfxrplk.lrc
2012-10-10 02:22 . 2012-10-10 02:22 438784 ----a-w- c:\windows\system32\igfxrita.lrc
2012-10-10 02:22 . 2012-10-10 02:22 438272 ----a-w- c:\windows\system32\igfxrfin.lrc
2012-10-10 02:22 . 2012-10-10 02:22 437248 ----a-w- c:\windows\system32\igfxrtha.lrc
2012-10-10 02:22 . 2012-10-10 02:22 428544 ----a-w- c:\windows\system32\igfxrchs.lrc
2012-10-10 02:22 . 2012-10-10 02:22 286208 ----a-w- c:\windows\system32\igfxrenu.lrc
2012-10-10 02:22 . 2012-10-10 02:22 27643904 ----a-w- c:\windows\SysWow64\igdrcl32.dll
2012-10-10 02:22 . 2012-10-10 02:22 142336 ----a-w- c:\windows\system32\igfxdo.dll
2012-10-10 02:22 . 2012-03-19 21:09 56320 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-10-10 02:22 . 2012-10-10 02:22 8579584 ----a-w- c:\windows\SysWow64\ig7icd32.dll
2012-10-10 02:22 . 2012-10-10 02:22 482304 ----a-w- c:\windows\system32\igfx11cmrt64.dll
2012-10-10 02:22 . 2012-10-10 02:22 386048 ----a-w- c:\windows\system32\igfxpph.dll
2012-10-10 02:22 . 2012-10-10 02:22 11595776 ----a-w- c:\windows\system32\ig7icd64.dll
2012-10-10 02:22 . 2012-10-10 02:22 438784 ----a-w- c:\windows\system32\igfxrsky.lrc
2012-10-10 02:22 . 2012-10-10 02:22 435712 ----a-w- c:\windows\system32\igfxrara.lrc
2012-10-10 02:22 . 2012-10-10 02:22 432128 ----a-w- c:\windows\system32\igfxrjpn.lrc
2012-10-10 02:22 . 2012-10-10 02:22 28672 ----a-w- c:\windows\system32\igfxexps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-11-12 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Ad-Aware Antivirus"="c:\program files (x86)\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2011-10-21 198032]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-05-20 291648]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
iSCTsysTray.lnk - c:\program files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray.exe [2012-5-14 80384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ chkvdisk\0autocheck autochk *\0lsdelete
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
@="Ad-Aware Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
R0 nvelofsfltr;nvelofsfltr;c:\windows\system32\DRIVERS\nvelofsfltr.sys [2012-05-11 110704]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2011-10-26 57976]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SBAMSvc;Ad-Aware;c:\program files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [2011-12-19 3289032]
R3 AiCharger;AiCharger;SysWow64\drivers\AiCharger.sys [x]
R3 ASUSFILTER;ASUSFILTER;SysWow64\drivers\ASUSFILTER.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-07-30 102240]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-11-02 33736]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 RRNetCap;RRNetCap Service;c:\windows\system32\DRIVERS\rrnetcap.sys [2012-07-19 37480]
R3 SBFWIMCL;GFI Software Firewall NDIS IM Filter Service;c:\windows\system32\DRIVERS\sbfwim.sys [2011-09-29 119416]
R3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [2011-12-19 60536]
R3 sbwtis;sbwtis;c:\windows\system32\DRIVERS\sbwtis.sys [2011-12-19 84600]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-09-19 203104]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2010-01-24 18216]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-08-29 1255736]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-05-20 19264]
S0 nvelodiskfltr;NVCache Policy Driver;c:\windows\system32\DRIVERS\nvelodiskfltr.sys [2012-05-11 231024]
S0 nveloportfltr;NVELO Port Filter Driver;c:\windows\system32\DRIVERS\nveloportfltr.sys [2012-05-11 24176]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
S1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2011-12-19 256632]
S2 Ad-Aware Service;Ad-Aware Service;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2012-07-12 1239952]
S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [2012-08-25 920736]
S2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [2012-08-25 951936]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [2012-08-25 149120]
S2 AsusFanControlService;AsusFanControlService;c:\program files (x86)\ASUS\AsusFanControlService\1.00.28\AsusFanControlService.exe [2012-08-25 1492912]
S2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2012-03-12 190120]
S2 ISCTAgent;ISCT Always Updated Agent;c:\program files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [2012-05-14 138752]
S2 nlsX86cc;This service enables products that use the Nalpeiron Licensing System.;c:\windows\SysWOW64\nlssrv32.exe [2011-09-22 66560]
S2 nveloSvc;NVELO Dataplex Service;c:\windows\system32\Dataplex\nveloSvc.exe [2012-05-11 33392]
S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [2011-11-29 74872]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-11-30 382824]
S2 TabletServiceWacom;TabletServiceWacom;c:\program files\Tablet\Wacom\Wacom_Tablet.exe [2012-08-02 8786848]
S2 TouchServiceWacom;Wacom Professional Touch Service;c:\program files\Tablet\Wacom\Wacom_TouchService.exe [2012-08-02 565152]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-11-03 130536]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-11-03 395752]
S3 hidkmdf;KMDF Driver;c:\windows\system32\DRIVERS\hidkmdf.sys [2012-06-21 13728]
S3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2011-05-27 160768]
S3 ICCWDT;Intel(R) Watchdog Timer Driver (Intel(R) WDT);c:\windows\system32\DRIVERS\ICCWDT.sys [2012-08-25 26136]
S3 ikbevent;Intel Upper keyboard Class Filter Driver;c:\windows\system32\DRIVERS\ikbevent.sys [2012-05-14 26048]
S3 imsevent;Intel Upper Mouse Class Filter Driver;c:\windows\system32\DRIVERS\imsevent.sys [2012-05-14 26048]
S3 ISCT;Intel(R) Smart Connect Technology Device Driver;c:\windows\system32\DRIVERS\ISCTD64.sys [2012-05-14 44992]
S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-05-20 357184]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-05-20 789824]
S3 RRNetCapMP;RRNetCapMP;c:\windows\system32\DRIVERS\rrnetcap.sys [2012-07-19 37480]
S3 SBFWIMCLMP;GFI Software Firewall NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\SBFWIM.sys [2011-09-29 119416]
S3 t_mouse.sys;HID-compliand device;c:\windows\system32\DRIVERS\t_mouse.sys [2012-12-19 6144]
S3 TotRec8;Total Recorder WDM audio filter driver;c:\windows\system32\drivers\TotRec8.sys [2012-08-13 122640]
S3 WacHidRouter;Wacom Hid Router;c:\windows\system32\DRIVERS\wachidrouter.sys [2012-06-21 68512]
S3 wacomrouterfilter;Wacom Router Filter Driver;c:\windows\system32\DRIVERS\wacomrouterfilter.sys [2012-05-22 15736]
S3 WPRO_41_2001;WinPcap Packet Driver (WPRO_41_2001);c:\windows\system32\drivers\WPRO_41_2001.sys [2012-12-26 34752]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-22 c:\windows\Tasks\Ad-Aware Antivirus Scheduled Scan.job
- c:\progra~2\AD-AWA~1\AdAwareLauncher.exe [2012-07-12 17:32]
.
2012-12-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-28 15:21]
.
2012-12-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-12 19:38]
.
2012-12-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-12 19:38]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-08-25 6548112]
"nveloApp"="c:\program files\Dataplex\CacheFilter\nveloApp.exe" [2012-05-11 117360]
"MouseDriver"="TiltWheelMouse.exe" [2010-11-01 241152]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-09-03 444856]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-10-10 171040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-10-10 399392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-10-10 441888]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
Trusted Zone: mediafire.com\www
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\SURFTHEWEB\AppData\Roaming\Mozilla\Firefox\Profiles\8g1unkdf.default\
FF - ExtSQL: 2012-11-12 20:22; {ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}; c:\users\SURFTHEWEB\AppData\Roaming\Mozilla\Firefox\Profiles\8g1unkdf.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-{8D93BD99-EECF-4812-B3BA-B8A2E7FEEA11} - c:\programdata\{63B3AF69-722B-4FA9-965F-94DEB1E78796}\simplify3_setup_ext.exe
AddRemove-{DC8F0C18-E6B0-4722-A4AB-D134473091C2} - c:\programdata\{E25B3CC7-9347-4C9D-9339-1E15F9DA7A07}\dejpeg4_setup_ext.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-12-26 22:21:37
ComboFix-quarantined-files.txt 2012-12-26 22:21
ComboFix2.txt 2012-12-26 22:17
.
Pre-Run: 912,385,757,184 bytes free
Post-Run: 912,324,587,520 bytes free
.
- - End Of File - - A6875F29A96DDDA01AEFC73D1C6BA1F9
 

kevinf80

Kevin
Malware Specialist
Joined
Mar 21, 2006
Messages
11,417
Upload a File to Virustotal

Go to http://www.virustotal.com/

  • Click the Browse... button
  • Navigate to the file c:\windows\PE_Rom.dll or just copy/paste it in.
  • Click the Scan it tab
  • If you get a message saying File has already been analyzed: click Reanalyze file now
  • Copy and paste the results back here please.
 

mountainlion

Thread Starter
Joined
Jan 9, 2007
Messages
151
i clicked on additional info,is that what you wanted?

VirusTotal
SHA256: c079ac756702aeb088663bf72b1461fbf8bad3dffb28496580cdc7c0545a6deb
File name: PE_Rom.dll
Detection ratio: 0 / 46
Analysis date: 2012-12-26 22:35:30 UTC ( 0 minutes ago )
0
0
More details

Analysis
Comments
Votes
Additional information

ssdeep
49152:tC7MMZpmdzZ+sLxw2ayVCXlR7TUv9IuV/FJ7Tcv9IuVWUTUQ:0YMZpiZBLKROCXlR7WV/FJ7OVWKF
TrID
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
F-Prot packer identifier
UPX
ExifTool

MIMEType.................: application/octet-stream
Subsystem................: Windows GUI
MachineType..............: Intel 386 or later, and compatibles
TimeStamp................: 0000:00:00 00:00:00
FileType.................: Win32 DLL
PEType...................: PE32
CodeSize.................: 4096
LinkerVersion............: 9.0
EntryPoint...............: 0x7d40
InitializedDataSize......: 4096
SubsystemVersion.........: 5.0
ImageVersion.............: 0.0
OSVersion................: 5.0
UninitializedDataSize....: 24576

Portable Executable structural information

Target machine................: 0x14C (Intel 386 or later processors and compatible processors)
Entry point address...........: 0x00007D40

PE Sections...................:

Name Virtual Address Virtual Size Raw Size Entropy MD5
UPX0 4096 24576 0 0.00 d41d8cd98f00b204e9800998ecf8427e
UPX1 28672 4096 4096 7.50 f71600cd694e45107e54b35e07e7f0cd
UPX2 32768 4096 1024 3.93 8a9fa88c48fffd29fcdbb95502603777

PE Imports....................:

[[KERNEL32.DLL]]
VirtualProtect, VirtualFree, LoadLibraryA, VirtualAlloc, GetProcAddress

[[ASIO.dll]]
GetPortVal


PE Exports....................:

ASEX_Model_String, ASEX_block_count, ASEX_boot_block_version, ASEX_caller_id, ASEX_check_bios_image, ASEX_customer, ASEX_date, ASEX_flash_size, ASEX_get_bios_image, ASEX_hardware_compatible_version, ASEX_logo, ASEX_major_version, ASEX_mb, ASEX_message, ASEX_minor_version, ASEX_product, ASEX_systemflag, ASEX_update_bios_firmware

ClamAV PUA Engine
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: http://www.clamav.net/support/faq/pua.
First seen by VirusTotal
2012-12-26 22:35:30 UTC ( 2 minutes ago )
Last seen by VirusTotal
2012-12-26 22:35:30 UTC ( 2 minutes ago )
File names (max. 25)

PE_Rom.dll
 

kevinf80

Kevin
Malware Specialist
Joined
Mar 21, 2006
Messages
11,417
Can also upload to Jotti for another check unless you know what it is or what it belongs to,

1. Click HERE to get to Jotti's site.

2. At the top of the Jotti window, use the Browse button to locate the following file on your system:

c:\windows\PE_Rom.dll

3. Once you have located the file, click SUBMIT and the content of the file will be uploaded by the site and analysed.

4. Please provide me with the results of the analysis.

Do you still get the last alert you mention?
 

mountainlion

Thread Starter
Joined
Jan 9, 2007
Messages
151
Here is the additional info from Jottis site below
It said 1 out of 19 scanners reproted malware.
File size: 4648880 bytes
Filetype: PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
MD5: e7752313899990fd92836478d2e592c4
SHA1: 3545463cd7cbeca842b0527027ad5487cdca8c38
Packer (Avast): UPX
Packer (Drweb): UPX
Packer (Kaspersky): UPX

Yes i still get the alert,its something to do with asus setup,its no big deal,i think maybe in time it will go when my drivers/motherboard get updated etc as there isnt anything else though i have the latest drivers for both.
 

kevinf80

Kevin
Malware Specialist
Joined
Mar 21, 2006
Messages
11,417
Yes I see the alert is related to ASUS, also the file I ask you to update comes on your system maybe at the same time. There are other ASUS entries that arrive together:

2012-12-26 21:02 . 2012-12-26 21:05 4648880 ----a-w- c:\windows\PE_Rom.dll
2012-12-26 21:02 . 2012-12-26 21:02 -------- d-----w- c:\programdata\ASUS OC Profiles
2012-12-26 21:02 . 2012-12-26 21:02 -------- d-----w- c:\programdata\ASUS PowerControl Profiles
2012-12-26 21:01 . 2012-12-26 21:01 -------- d-----w- c:\program files\ASUS


I agree with you, if this alert is related to ASUS it is maybe not malicious. The file uploaded is a packer, it maybe is ok if you know for sure is also part of ASUS.

Do you have any other issues or problems that cause you concern, or are you happy to clean up and close out...
 

mountainlion

Thread Starter
Joined
Jan 9, 2007
Messages
151
Thanks kevin for all your help,asus isnt malicious and in time it will go or i'll just unistall the drivers then reinstall,thanks again for all your help kevin,you know your stuff!!
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top