Popups in Internet explorer while using firefox

By alben92 · 8 replies
Dec 18, 2010
  1. I made the stupid mistake of opening a suspect .exe file because I was desperate for a keygen. Anyway, when I ran the .exe file my Microsoft filefront Client Security told me that it was a possible trojan so i took action and removed it then ran a full scan and found nothing, although popups started to appear , from IE.

    I went to sleep for 6 hours or so and when I woke up I had about a 100 popups from IE. Although the popups have stopped now after i ran the 8-step Virus guide.

    I will post the logs in my next reply

    Thanks in advance
  2. alben92

    alben92 TS Rookie Topic Starter

    Malwarebytes' Anti-Malware 1.50

    Databasversion: 5348

    Windows 6.1.7600
    Internet Explorer 8.0.7600.16385

    2010-12-18 15:56:22
    mbam-log-2010-12-18 (15-56-17).txt

    Scan type: Quick Scan
    Objects scanned: 152074
    Time elapsed:6 minute(s), 16 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 4
    Registry Values Infected: 1
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 2

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CURRENT_USER\SOFTWARE\JP595IR86O (Trojan.FakeAlert) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\NtWqIVLZEWZU (Trojan.FakeAlert) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> No action taken.
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> No action taken.

    Registry Values Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\JP595IR86O (Trojan.FakeAlert) -> Value: JP595IR86O -> No action taken.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    c:\Windows\Tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job (Trojan.Downloader) -> No action taken.
    c:\Windows\Tasks\{bbaeaeaf-1275-40e2-bd6c-bc8f88bd114a}.job (Trojan.Downloader) -> No action taken.
  3. alben92

    alben92 TS Rookie Topic Starter

    GMER - http://www.gmer.net
    Rootkit quick scan 2010-12-18 16:09:47
    Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 ST912081 rev.3.AH
    Running: lp622k0t.exe; Driver: D:\Users\alst1701\AppData\Local\Temp\ageyykoc.sys

    ---- Devices - GMER 1.0.15 ----

    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 84C6E1F8
    Device \Driver\iaStor \Device\Ide\iaStor0 [88D5D620] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi \Device\Ide\IdePort0 84C6E1F8
    Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 [88D5D620] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\a3jl0o1m \Device\Scsi\a3jl0o1m1Port2Path0Target0Lun0 86677470
    Device \Driver\a3jl0o1m \Device\Scsi\a3jl0o1m1 86677470
    Device \FileSystem\Ntfs \Ntfs 84C711F8

    AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 VMkbd.sys
    AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernellägesdrivrutin för Framework Runtime/Microsoft Corporation)

    ---- EOF - GMER 1.0.15 ----
  4. alben92

    alben92 TS Rookie Topic Starter

    DDS (Ver_10-12-12.02) - NTFSx86
    Run by alst1701 at 16:15:29,88 on 2010-12-18
    Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_21
    Microsoft Windows 7 Enterprise 6.1.7600.0.1252.46.1053.18.2039.1190 [GMT 1:00]

    AV: Microsoft Forefront Client Security *Enabled/Updated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66}
    SP: Microsoft Forefront Client Security *Enabled/Updated* {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ============== Running Processes ===============

    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MsMpEng.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Windows Home Server\esClient.exe
    C:\Program Files\Microsoft Forefront\Client Security\Client\SSA\FcsSas.exe
    C:\Program Files\Blaze Media Pro\NMSAccess32.exe
    C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
    C:\Program Files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    C:\Program Files\Microsoft Forefront\Client Security\Client\Microsoft Operations Manager 2005\MOMService.exe
    C:\Program Files\VMware\VMware Player\vmware-authd.exe
    C:\Program Files\Windows Home Server\WHSConnector.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\VMware\VMware Player\hqtray.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
    C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\Program Files\Personal\bin\Personal.exe
    C:\Program Files\Windows Home Server\WHSTrayApp.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe

    ============== Pseudo HJT Report ===============

    uInternet Settings,ProxyServer = http=;https=
    uInternet Settings,ProxyOverride = <local>
    BHO: Länkhjälp till Adobe PDF Reader: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~1\office14\GROOVEEX.DLL
    BHO: Windows Live inloggningshjälpen: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: BrowserHelper Class: {9a065c65-4ee7-4ddd-9918-f129089a894a} - c:\program files\windows home server\WHSDeskBands.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
    BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~1\office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
    TB: Home Server Banner: {d73e76a3-f902-45bd-8fc8-95ae8e014671} - c:\program files\windows home server\WHSDeskBands.dll
    EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
    uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
    uRun: [DAEMON Tools Pro Agent] "c:\program files\daemon tools pro\DTAgent.exe" -autorun
    uRun: [Google Update] "d:\users\alst1701\appdata\local\google\update\GoogleUpdate.exe" /c
    mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
    mRun: [<NO NAME>]
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
    mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
    mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
    mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [VMware hqtray] "c:\program files\vmware\vmware player\hqtray.exe"
    mRun: [Microsoft Forefront Client Security Antimalware Service] "c:\program files\microsoft forefront\client security\client\antimalware\MSASCui.exe" -hide
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\bankid~1.lnk - c:\program files\personal\bin\Personal.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\window~1.lnk - c:\windows\installer\{21e49794-7c13-4e84-8659-55bd378267d5}\WHSTrayApp.exe
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xportera till Microsoft Excel - c:\progra~1\micros~1\office14\EXCEL.EXE/3000
    IE: Ski&cka till OneNote - c:\progra~1\micros~1\office14\ONBttnIE.dll/105
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    LSP: c:\program files\vmware\vmware player\vsocklib.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: igfxcui - igfxdev.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~1\office14\GROOVEEX.DLL

    ================= FIREFOX ===================

    FF - ProfilePath - d:\users\alst1701\appdata\roaming\mozilla\firefox\profiles\sviqnift.default\
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: c:\progra~1\micros~1\office14\NPAUTHZ.DLL
    FF - plugin: c:\progra~1\micros~1\office14\NPSPWRAP.DLL
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\personal\bin\np_prsnl.dll
    FF - plugin: d:\users\alst1701\appdata\local\google\update\\npGoogleOneClick8.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    FF - Ext: Ad blocker: {4DC70064-89E2-4a55-8FC6-E8CDEAE3612C} - %profile%\extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3612C}
    FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}

    ============= SERVICES / DRIVERS ===============

    R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
    R2 arXfrSvc;Windows Media Center TV Archive Transfer Service;c:\program files\windows home server\Microsoft.HomeServer.Archive.TransferService.exe [2009-10-7 239464]
    R2 esClient;Windows Media Center Client Service;c:\program files\windows home server\esClient.exe [2009-10-7 97128]
    R2 FCSAM;Microsoft Forefront Client Security Antimalware Service;c:\program files\microsoft forefront\client security\client\antimalware\MsMpEng.exe [2010-7-20 16896]
    R2 FcsSas;Microsoft Forefront Client Security State Assessment Service;c:\program files\microsoft forefront\client security\client\ssa\FcsSas.exe [2007-4-6 73120]
    R2 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2009-7-8 26168]
    R2 MOM;MOM;c:\program files\microsoft forefront\client security\client\microsoft operations manager 2005\MOMService.exe [2005-7-21 134656]
    R2 TeamViewer5;TeamViewer 5;c:\program files\teamviewer\version5\TeamViewer_Service.exe [2010-9-16 1956136]
    R2 WHSConnector;Windows Home Server Connector Service;c:\program files\windows home server\WHSConnector.exe [2009-10-7 376680]
    R3 ATSwpWDF;AuthenTec TruePrint USB WBF WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [2009-9-1 625152]
    R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
    R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2010-8-24 227896]
    R3 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-7-6 71424]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\common files\vmware\usb\vmware-usbarbitrator.exe [2010-1-22 563760]
    S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-3-25 30969208]
    S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
    S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
    S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
    S3 Tdsshbecr;Handelsbanken card reader;c:\windows\system32\drivers\shbecr.sys [2008-9-23 42368]

    =============== Created Last 30 ================

    2010-12-18 14:48:59 -------- d-----w- d:\users\alst1701\appdata\roaming\Malwarebytes
    2010-12-18 14:48:45 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-12-18 14:48:44 -------- d-----w- c:\progra~2\Malwarebytes
    2010-12-18 14:48:41 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-12-18 14:48:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-12-18 11:26:23 6273872 ----a-w- c:\progra~2\microsoft\microsoft forefront\client security\client\antimalware\definition updates\{b08ec9ab-d57e-4149-b87e-657fec159417}\mpengine.dll
    2010-12-17 18:10:42 -------- d-----w- c:\program files\Blaze Media Pro
    2010-12-17 18:09:59 -------- dc-h--w- c:\progra~2\{784E3329-1B2A-421E-9427-596088B766F6}
    2010-12-17 18:09:07 -------- d-----w- d:\users\alst1701\appdata\local\PackageAware
    2010-12-17 18:08:45 -------- d-----w- c:\windows\system32\appmgmt
    2010-12-17 18:00:43 -------- d-----w- c:\program files\Audio Converter
    2010-12-17 11:11:39 29272 ----a-r- c:\windows\system32\AdobePDF.dll
    2010-12-17 11:10:54 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
    2010-12-07 02:07:30 -------- d-----w- d:\users\alst1701\appdata\roaming\mIRC
    2010-12-07 02:07:29 -------- d-----w- c:\program files\mIRC
    2010-11-30 08:48:32 7680 ----a-w- c:\program files\internet explorer\iecompat.dll

    ==================== Find3M ====================

    2010-11-04 05:52:17 978944 ----a-w- c:\windows\system32\wininet.dll
    2010-11-04 05:48:36 44544 ----a-w- c:\windows\system32\licmgr10.dll
    2010-11-04 04:41:26 386048 ----a-w- c:\windows\system32\html.iec
    2010-11-04 04:08:54 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    2010-11-02 04:41:12 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll
    2010-11-02 04:40:36 496128 ----a-w- c:\windows\system32\taskschd.dll
    2010-11-02 04:40:36 305152 ----a-w- c:\windows\system32\taskcomp.dll
    2010-11-02 04:39:32 749056 ----a-w- c:\windows\system32\schedsvc.dll
    2010-11-02 04:34:44 192000 ----a-w- c:\windows\system32\taskeng.exe
    2010-11-02 04:34:33 179712 ----a-w- c:\windows\system32\schtasks.exe
    2010-10-27 04:32:36 2048 ----a-w- c:\windows\system32\tzres.dll
    2010-10-20 04:54:18 34304 ----a-w- c:\windows\system32\atmlib.dll
    2010-10-20 03:00:24 2327552 ----a-w- c:\windows\system32\win32k.sys
    2010-10-20 02:58:41 294400 ----a-w- c:\windows\system32\atmfd.dll
    2010-10-19 20:51:33 222080 ------w- c:\windows\system32\MpSigStub.exe
    2010-10-16 04:41:02 101760 ----a-w- c:\windows\system32\consent.exe
    2010-10-16 04:36:10 314368 ----a-w- c:\windows\system32\webio.dll

    ============= FINISH: 16:16:06,19 ===============
  5. alben92

    alben92 TS Rookie Topic Starter

    I´m using swedish language on my OS so some words might be hard to understand, but I've translated the malwarebytes log.

    I can't seem the upload the attachment.rar , could anyone tell me what the problem might be?
  6. Bobbye

    Bobbye Helper on the Fringe Posts: 16,334   +36

    Welcome to TechSpot! Desperate for a keygen?? Why?

    The log named Attach.txt does not need to be attached or zipped. That instruction was from the program author, but you were told to ignore it. I have removed the duplicate DDS.txt log. Please paste in the Attach.txt logs from DDS.
    Therer were malware entries found in Mbm but you did not check the line for removal so they all show No Action Taken.. Please update and run Malwarebytes again takng care to:
    Be sure that everything is checked, and click Remove Selected.
    Download CKScanner and save to your desktop.
    • Doubleclick CKScanner.exe and click Search For Files.
    • When the cursor hourglass disappears, click Save List To File.
    • A message box will verify that the file is saved.
    • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents
      in your next reply.
    Download Combofix to your desktop from one of these locations:
    Link 1
    Link 2
    • Double click combofix.exe & follow the prompts.
    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    • Query- Recovery Console image
    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • .Close any open browsers.
    • .Double click combofix.exe[​IMG] & follow the prompts to run.
    • When the scan completes it will open a text window. Please paste that log in your next reply.
    1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

    Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.
  7. alben92

    alben92 TS Rookie Topic Starter



    DDS (Ver_10-12-12.02)

    Microsoft Windows 7 Enterprise
    Boot Device: \Device\HarddiskVolume1
    Install Date: 2010-08-24 15:27:18
    System Uptime: 2010-12-18 15:57:36 (1 hours ago)

    Motherboard: Hewlett-Packard | | 30C0
    Processor: Intel(R) Core(TM)2 Duo CPU T8100 @ 2.10GHz | U10 | 2100/200mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 50 GiB total, 26,435 GiB free.
    D: is FIXED (NTFS) - 62 GiB total, 39,322 GiB free.
    E: is CDROM ()
    F: is FIXED (NTFS) - 233 GiB total, 118,721 GiB free.
    G: is CDROM ()

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    No restore point in system.

    ==== Installed Programs ======================

    Add or Remove Adobe Creative Suite 3 Master Collection
    Adobe Acrobat 8 Professional
    Adobe Acrobat 8.2.5 - CPSID_83708
    Adobe Acrobat 8.2.5 Professional
    Adobe After Effects CS3
    Adobe After Effects CS3 Presets
    Adobe After Effects CS3 Third Party Content
    Adobe Anchor Service CS3
    Adobe Asset Services CS3
    Adobe Bridge CS3
    Adobe Bridge Start Meeting
    Adobe BridgeTalk Plugin CS3
    Adobe Camera Raw 4.0
    Adobe CMaps
    Adobe Color - Photoshop Specific
    Adobe Color Common Settings
    Adobe Color EU Extra Settings
    Adobe Color JA Extra Settings
    Adobe Color NA Recommended Settings
    Adobe Creative Suite 3 Master Collection
    Adobe Default Language CS3
    Adobe Device Central CS3
    Adobe Dreamweaver CS3
    Adobe Encore CS3
    Adobe Encore CS3 Codecs
    Adobe ExtendScript Toolkit 2
    Adobe Extension Manager CS3
    Adobe Fireworks CS3
    Adobe Flash CS3
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Flash Video Encoder
    Adobe Fonts All
    Adobe Help Viewer CS3
    Adobe Illustrator CS3
    Adobe InDesign CS3
    Adobe InDesign CS3 Icon Handler
    Adobe Linguistics CS3
    Adobe MotionPicture Color Files
    Adobe PDF Library Files
    Adobe Photoshop CS3
    Adobe Premiere Pro CS3
    Adobe Premiere Pro CS3 Functional Content
    Adobe Premiere Pro CS3 Third Party Content
    Adobe Reader 9.3.4 - Svenska
    Adobe Setup
    Adobe SING CS3
    Adobe Stock Photos CS3
    Adobe Type Support
    Adobe Update Manager CS3
    Adobe WAS CS3
    Adobe Version Cue CS3 Client
    Adobe Video Profiles
    Adobe WinSoft Linguistics Plugin
    Adobe XMP DVA Panels CS3
    Adobe XMP Panels CS3
    AHV content for Acrobat and Flash
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Audacity 1.3.12 (Unicode)
    AuthenTec TrueSuite
    BankID säkerhetsprogram 4.10.4
    Blaze Media Pro
    Blender (remove only)
    Configuration Manager Client
    Definition update for Microsoft Office 2010 (KB982726)
    FFmpeg for Audacity on Windows
    Google Chrome
    Guitar Pro 5.2
    HP 3D DriveGuard
    HP Quick Launch Buttons
    Intel(R) TV Wizard
    Intel® Matrix Storage Manager
    Java Auto Updater
    Java(TM) 6 Update 21
    K-Lite Codec Pack 6.1.0 (Basic)
    LAME v3.98.2 for Audacity
    Malwarebytes' Anti-Malware
    Messenger Plus! Live
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Client Profile Language Pack - SVE
    Microsoft .NET Framework 4 Client Profile SVE Language Pack
    Microsoft .NET Framework 4 Extended
    Microsoft .NET Framework 4 Extended Language Pack - SVE
    Microsoft .NET Framework 4 Extended SVE Language Pack
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Forefront Client Security Antimalware Service
    Microsoft Forefront Client Security State Assessment Service
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access MUI (Swedish) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Excel MUI (Swedish) 2010
    Microsoft Office Groove MUI (English) 2010
    Microsoft Office Groove MUI (Swedish) 2010
    Microsoft Office InfoPath MUI (English) 2010
    Microsoft Office InfoPath MUI (Swedish) 2010
    Microsoft Office Language Pack 2010 - English
    Microsoft Office O MUI (English) 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office OneNote MUI (Swedish) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office Outlook MUI (Swedish) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office PowerPoint MUI (Swedish) 2010
    Microsoft Office Professional Plus 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (Finnish) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (German) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proof (Swedish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Proofing (Swedish) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Publisher MUI (Swedish) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared MUI (Swedish) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office SharePoint Designer MUI (English) 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft Office Word MUI (Swedish) 2010
    Microsoft Office X MUI (English) 2010
    Microsoft Operations Manager 2005 Agent
    Microsoft Outlook Hotmail Connector 32 bitar
    Microsoft Silverlight
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Mozilla Firefox (3.6.13)
    PDF Settings
    Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
    Security Update for Microsoft Office 2010 (KB2289078)
    Security Update for Microsoft Office 2010 (KB2289161)
    Security Update for Microsoft Publisher 2010 (KB2409055)
    Security Update for Microsoft Word 2010 (KB2345000)
    Skype Toolbars
    Skype™ 4.2
    Synaptics Pointing Device Driver
    TeamViewer 5
    Update for Microsoft Office 2010 (KB2202188)
    Update for Microsoft Office 2010 (KB2413186)
    Update for Microsoft OneNote 2010 (KB2433299)
    Update for Microsoft Outlook Social Connector (KB2289116)
    Uppdatering för Microsoft Outlook Social Connector (KB2289116)
    Windows Home Server Connector
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live inloggningsassistenten
    Windows Live Messenger
    Windows Live Upload Tool
    WinRAR archiver
    Visma Administration
    VLC media player 1.0.5
    WMP Tag Plus 1.2
    VMware Player

    ==== End Of File ===========================
  8. alben92

    alben92 TS Rookie Topic Starter

    I needed a keygen since I accidentally ripped apart my authentic key. The company is not active any more so I couldnt call their service.

    I ran a full scan in Malwarebytes and deleted all threats from the quarantine. I will complete the next steps in a few hours and reply when done.
  9. Bobbye

    Bobbye Helper on the Fringe Posts: 16,334   +36

    So what did you pirate?
Topic Status:
Not open for further replies.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...