Jump to content

jraftop

Members
 View Profile  See their activity

  • Posts

    6

  • Joined

  • Last visited

Reputation

0 Neutral
  1. jraftop
    That sounds worrying. I will definitely format and re-install Windows 7 on this laptop then. I do have 2 quick questions: 1) I have an external HDD which contains a lot of backed up stuff which I do not want to lose. However, this HDD has been recently used on this laptop. I have no clue if the infection may have come from the HDD or if the HDD has been infected by the laptop. Is there anyway to ensure that the HDD is clean without formatting? 2) I also have a desktop PC which I recently ran a routine scan on and is showing a hidden object in Avira but no other signs. Malwarebytes, ESET and Avira are not picking up any infection. Considering the external HDD has been used on both computers do you recommend that the desktop should also be reformatted or should I post the DSS logs on this forum to see if there is any actual infection? Keeping in mind that Avira did not detect any hidden objects a couple of weeks ago. Many thanks for all your help with this. jraftop
  2. jraftop
    Hi Maniac I have been at work all day but I have run Avira again since the logs above and it has detected 1 hidden object and another infection. Avira scan log attached: Avira Free Antivirus Report file date: 16 November 2012 15:17 Scanning for 4505461 virus strains and unwanted programs. The program is running as an unrestricted full version. Online services are available. Licensee : Avira Free Antivirus Serial number : 0000149996-ADJIE-0000001 Platform : Windows 7 Ultimate Windows version : (Service Pack 1) [6.1.7601] Boot mode : Normally booted Username : Raft Computer name : RAFT-PC Version information: BUILD.DAT : 12.1.9.1236 40872 Bytes 11/10/2012 15:58:00 AVSCAN.EXE : 12.3.0.48 468256 Bytes 14/11/2012 14:34:17 AVSCAN.DLL : 12.3.0.15 54736 Bytes 02/05/2012 14:31:39 LUKE.DLL : 12.3.0.15 68304 Bytes 02/05/2012 00:31:47 AVSCPLR.DLL : 12.3.0.14 97032 Bytes 01/05/2012 23:13:36 AVREG.DLL : 12.3.0.17 232200 Bytes 18/05/2012 22:32:16 VBASE000.VDF : 7.10.0.0 19875328 Bytes 06/11/2009 19:18:34 VBASE001.VDF : 7.11.0.0 13342208 Bytes 14/12/2010 00:23:21 VBASE002.VDF : 7.11.19.170 14374912 Bytes 20/12/2011 00:32:24 VBASE003.VDF : 7.11.21.238 4472832 Bytes 01/02/2012 10:58:50 VBASE004.VDF : 7.11.26.44 4329472 Bytes 28/03/2012 11:43:53 VBASE005.VDF : 7.11.34.116 4034048 Bytes 29/06/2012 11:26:45 VBASE006.VDF : 7.11.41.250 4902400 Bytes 06/09/2012 18:52:03 VBASE007.VDF : 7.11.45.207 2363904 Bytes 11/10/2012 19:20:27 VBASE008.VDF : 7.11.45.208 2048 Bytes 11/10/2012 19:20:27 VBASE009.VDF : 7.11.45.209 2048 Bytes 11/10/2012 19:20:27 VBASE010.VDF : 7.11.45.210 2048 Bytes 11/10/2012 19:20:27 VBASE011.VDF : 7.11.45.211 2048 Bytes 11/10/2012 19:20:27 VBASE012.VDF : 7.11.45.212 2048 Bytes 11/10/2012 19:20:27 VBASE013.VDF : 7.11.45.213 2048 Bytes 11/10/2012 19:20:28 VBASE014.VDF : 7.11.46.65 220160 Bytes 16/10/2012 19:20:28 VBASE015.VDF : 7.11.46.153 173568 Bytes 18/10/2012 19:20:28 VBASE016.VDF : 7.11.46.223 162304 Bytes 19/10/2012 19:20:28 VBASE017.VDF : 7.11.47.35 126464 Bytes 22/10/2012 19:20:28 VBASE018.VDF : 7.11.47.95 175616 Bytes 24/10/2012 19:20:11 VBASE019.VDF : 7.11.47.177 164352 Bytes 26/10/2012 19:20:12 VBASE020.VDF : 7.11.47.229 143360 Bytes 28/10/2012 19:20:25 VBASE021.VDF : 7.11.48.47 138240 Bytes 30/10/2012 19:20:12 VBASE022.VDF : 7.11.48.135 122880 Bytes 01/11/2012 20:17:24 VBASE023.VDF : 7.11.48.209 142848 Bytes 05/11/2012 19:46:04 VBASE024.VDF : 7.11.48.243 119296 Bytes 05/11/2012 19:46:05 VBASE025.VDF : 7.11.49.47 136704 Bytes 07/11/2012 19:46:16 VBASE026.VDF : 7.11.49.135 194560 Bytes 09/11/2012 14:34:08 VBASE027.VDF : 7.11.49.209 188416 Bytes 12/11/2012 14:34:10 VBASE028.VDF : 7.11.50.27 212992 Bytes 14/11/2012 19:03:33 VBASE029.VDF : 7.11.50.28 2048 Bytes 14/11/2012 19:03:33 VBASE030.VDF : 7.11.50.29 2048 Bytes 14/11/2012 19:03:33 VBASE031.VDF : 7.11.50.70 143872 Bytes 16/11/2012 14:34:14 Engine version : 8.2.10.202 AEVDF.DLL : 8.1.2.10 102772 Bytes 13/07/2012 21:19:48 AESCRIPT.DLL : 8.1.4.66 463227 Bytes 12/11/2012 14:34:12 AESCN.DLL : 8.1.9.4 131445 Bytes 15/11/2012 19:03:36 AESBX.DLL : 8.2.5.12 606578 Bytes 16/06/2012 14:02:39 AERDL.DLL : 8.2.0.74 643445 Bytes 07/11/2012 19:46:21 AEPACK.DLL : 8.3.0.40 815479 Bytes 12/11/2012 14:34:12 AEOFFICE.DLL : 8.1.2.50 201084 Bytes 05/11/2012 19:46:08 AEHEUR.DLL : 8.1.4.138 5542265 Bytes 15/11/2012 19:03:35 AEHELP.DLL : 8.1.25.2 258423 Bytes 23/10/2012 19:20:30 AEGEN.DLL : 8.1.6.10 438646 Bytes 15/11/2012 19:03:33 AEEXP.DLL : 8.2.0.10 119158 Bytes 05/11/2012 19:46:09 AEEMU.DLL : 8.1.3.2 393587 Bytes 13/07/2012 21:19:42 AECORE.DLL : 8.1.29.2 201079 Bytes 07/11/2012 19:46:16 AEBB.DLL : 8.1.1.4 53619 Bytes 05/11/2012 19:46:05 AVWINLL.DLL : 12.3.0.15 27344 Bytes 01/05/2012 23:59:21 AVPREF.DLL : 12.3.0.32 50720 Bytes 14/11/2012 14:34:16 AVREP.DLL : 12.3.0.15 179208 Bytes 01/05/2012 23:13:35 AVARKT.DLL : 12.3.0.33 209696 Bytes 14/11/2012 14:34:16 AVEVTLOG.DLL : 12.3.0.15 169168 Bytes 01/05/2012 23:28:49 SQLITE3.DLL : 3.7.0.1 398288 Bytes 16/04/2012 22:11:02 AVSMTP.DLL : 12.3.0.32 63480 Bytes 13/08/2012 19:06:47 NETNT.DLL : 12.3.0.15 17104 Bytes 02/05/2012 00:33:29 RCIMAGE.DLL : 12.3.0.31 4445944 Bytes 13/08/2012 19:06:32 RCTEXT.DLL : 12.3.0.32 97056 Bytes 14/11/2012 14:34:15 Configuration settings for the scan: Jobname.............................: Complete system scan Configuration file..................: C:\program files (x86)\avira\antivir desktop\sysscan.avp Logging.............................: default Primary action......................: Interactive Secondary action....................: Ignore Scan master boot sector.............: on Scan boot sector....................: on Boot sectors........................: C:, Process scan........................: on Extended process scan...............: on Scan registry.......................: on Search for rootkits.................: on Integrity checking of system files..: off Scan all files......................: All files Scan archives.......................: on Recursion depth.....................: 20 Smart extensions....................: on Macro heuristic.....................: on File heuristic......................: extended Start of the scan: 16 November 2012 15:17 Starting master boot sector scan: Master boot sector HD0 [iNFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [iNFO] No virus was found! Starting search for hidden objects. Hidden driver [NOTE] A memory modification has been detected, which could potentially be used to hide file access attempts. The scan of running processes will be started Scan process 'avscan.exe' - '81' Module(s) have been scanned Scan process 'avcenter.exe' - '111' Module(s) have been scanned Scan process 'iTunesHelper.exe' - '69' Module(s) have been scanned Scan process 'jusched.exe' - '25' Module(s) have been scanned Scan process 'avgnt.exe' - '82' Module(s) have been scanned Scan process 'daemonu.exe' - '63' Module(s) have been scanned Scan process 'SDWinSec.exe' - '48' Module(s) have been scanned Scan process 'StarWindServiceAE.exe' - '36' Module(s) have been scanned Scan process 'AppleMobileDeviceService.exe' - '63' Module(s) have been scanned Scan process 'avguard.exe' - '62' Module(s) have been scanned Scan process 'armsvc.exe' - '24' Module(s) have been scanned Scan process 'sched.exe' - '43' Module(s) have been scanned Starting to scan executable files (registry). The registry was scanned ( '1594' files ). Starting the file scan: Begin scan in 'C:\' C:\Users\Raft\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\7QSCQB67\rFQfXT.bdKx [DETECTION] Contains a recognition pattern of the (harmful) BDS/Caphaw.D.326 back-door program Beginning disinfection: C:\Users\Raft\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\7QSCQB67\rFQfXT.bdKx [DETECTION] Contains a recognition pattern of the (harmful) BDS/Caphaw.D.326 back-door program [NOTE] The file was moved to the quarantine directory under the name '5535c5c2.qua'. End of the scan: 16 November 2012 16:15 Used time: 54:50 Minute(s) The scan has been done completely. 26111 Scanned directories 455174 Files were scanned 1 Viruses and/or unwanted programs were found 0 Files were classified as suspicious 0 Files were deleted 0 Viruses and unwanted programs were repaired 1 Files were moved to quarantine 0 Files were renamed 0 Files cannot be scanned 455173 Files not concerned 3480 Archives were scanned 0 Warnings 2 Notes 522302 Objects were scanned with rootkit scan 1 Hidden objects were found
  3. jraftop
    Here's the other Malware Rootkit log: Malwarebytes Anti-Rootkit 1.1.0.1009 www.malwarebytes.org Database version: v2012.11.15.08 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Raft :: RAFT-PC [administrator] 15/11/2012 21:58:46 mbar-log-2012-11-15 (21-58-46).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken Scan options disabled: PUP | PUM | P2P Objects scanned: 27009 Time elapsed: 8 minute(s), 37 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  4. jraftop
    Avira is still detecting 1 hidden object however.
  5. jraftop
    Hi Maniac Many thanks for the quick response. I uninstalled Ad-Aware and then ran the Rootkit which did not find any malware. I have pasted the Malwarebytes Rootkit log first, followed by the DDS logs: Rootkit: --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.01.0.1009 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 9.0.8112.16421 File system is: NTFS Disk drives: C:\ DRIVE_FIXED CPU speed: 2.094000 GHz Memory total: 4258193408, free: 2788265984 ------------ Kernel report ------------ 11/15/2012 21:49:31 ------------ Loaded modules ----------- \SystemRoot\system32\ntoskrnl.exe \SystemRoot\system32\hal.dll \SystemRoot\system32\kdcom.dll \SystemRoot\system32\mcupdate_GenuineIntel.dll \SystemRoot\system32\PSHED.dll \SystemRoot\system32\CLFS.SYS \SystemRoot\system32\CI.dll \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\System32\Drivers\sptd.sys \SystemRoot\system32\drivers\ACPI.sys \SystemRoot\system32\drivers\WMILIB.SYS \SystemRoot\system32\drivers\msisadrv.sys \SystemRoot\system32\drivers\vdrvroot.sys \SystemRoot\system32\drivers\pci.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\system32\DRIVERS\compbatt.sys \SystemRoot\system32\DRIVERS\BATTC.SYS \SystemRoot\system32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\system32\drivers\vmbus.sys \SystemRoot\system32\drivers\winhv.sys \SystemRoot\system32\drivers\atapi.sys \SystemRoot\system32\drivers\ataport.SYS \SystemRoot\system32\drivers\msahci.sys \SystemRoot\system32\drivers\PCIIDEX.SYS \SystemRoot\system32\drivers\amdxata.sys \SystemRoot\system32\drivers\fltmgr.sys \SystemRoot\system32\drivers\fileinfo.sys \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\System32\Drivers\msrpc.sys \SystemRoot\System32\Drivers\ksecdd.sys \SystemRoot\System32\Drivers\cng.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\system32\drivers\vmstorfl.sys \SystemRoot\system32\drivers\volsnap.sys \SystemRoot\System32\Drivers\spldr.sys \SystemRoot\SysWOW64\speedfan.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\System32\drivers\hwpolicy.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\system32\DRIVERS\disk.sys \SystemRoot\system32\DRIVERS\CLASSPNP.SYS \SystemRoot\system32\drivers\cdrom.sys \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\drivers\VIDEOPRT.SYS \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\system32\drivers\rdpencdd.sys \SystemRoot\system32\drivers\rdprefmp.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\system32\drivers\afd.sys \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\DRIVERS\wfplwf.sys \SystemRoot\system32\DRIVERS\pacer.sys \SystemRoot\system32\DRIVERS\vwififlt.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\system32\drivers\termdd.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\system32\drivers\mssmbios.sys \SystemRoot\System32\drivers\discache.sys \SystemRoot\system32\drivers\csc.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\system32\DRIVERS\blbdrive.sys \SystemRoot\system32\DRIVERS\avkmgr.sys \SystemRoot\system32\DRIVERS\avipbb.sys \SystemRoot\system32\DRIVERS\tunnel.sys \SystemRoot\system32\DRIVERS\CmBatt.sys \SystemRoot\system32\drivers\wmiacpi.sys \SystemRoot\system32\DRIVERS\nvlddmkm.sys \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\dxgmms1.sys \SystemRoot\system32\DRIVERS\usbuhci.sys \SystemRoot\system32\DRIVERS\USBPORT.SYS \SystemRoot\system32\DRIVERS\usbehci.sys \SystemRoot\system32\drivers\HDAudBus.sys \SystemRoot\system32\DRIVERS\NETw5s64.sys \SystemRoot\System32\drivers\vwifibus.sys \SystemRoot\system32\DRIVERS\L1C62x64.sys \SystemRoot\system32\DRIVERS\winbondcir.sys \SystemRoot\system32\drivers\i8042prt.sys \SystemRoot\system32\drivers\kbdclass.sys \SystemRoot\system32\DRIVERS\mouclass.sys \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys \SystemRoot\System32\Drivers\ahjksefy.SYS \SystemRoot\System32\Drivers\SCSIPORT.SYS \SystemRoot\system32\DRIVERS\intelppm.sys \SystemRoot\system32\drivers\CompositeBus.sys \SystemRoot\system32\DRIVERS\AgileVpn.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\rassstp.sys \SystemRoot\system32\DRIVERS\rdpbus.sys \SystemRoot\system32\drivers\swenum.sys \SystemRoot\system32\drivers\ks.sys \SystemRoot\system32\DRIVERS\circlass.sys \SystemRoot\system32\DRIVERS\umbus.sys \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\drivers\HdAudio.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\system32\drivers\ksthunk.sys \SystemRoot\system32\DRIVERS\agrsm64.sys \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\system32\drivers\modem.sys \SystemRoot\system32\drivers\nvhda64v.sys \SystemRoot\system32\DRIVERS\hidir.sys \SystemRoot\system32\DRIVERS\HIDCLASS.SYS \SystemRoot\system32\DRIVERS\HIDPARSE.SYS \SystemRoot\system32\drivers\kbdhid.sys \SystemRoot\system32\DRIVERS\mouhid.sys \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\Drivers\dump_dumpata.sys \SystemRoot\System32\Drivers\dump_msahci.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\system32\DRIVERS\usbccgp.sys \SystemRoot\System32\Drivers\usbvideo.sys \SystemRoot\system32\DRIVERS\hidusb.sys \SystemRoot\system32\DRIVERS\monitor.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\System32\cdd.dll \SystemRoot\system32\drivers\luafv.sys \SystemRoot\system32\DRIVERS\avgntflt.sys \SystemRoot\system32\drivers\WudfPf.sys \SystemRoot\system32\DRIVERS\WinUSB.sys \SystemRoot\system32\DRIVERS\WUDFRd.sys \SystemRoot\system32\DRIVERS\lltdio.sys \SystemRoot\system32\DRIVERS\nwifi.sys \SystemRoot\system32\DRIVERS\ndisuio.sys \SystemRoot\system32\DRIVERS\rspndr.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \SystemRoot\system32\DRIVERS\lirsgt.sys \SystemRoot\system32\drivers\peauth.sys \SystemRoot\System32\Drivers\secdrv.SYS \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\System32\drivers\tcpipreg.sys \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\System32\DRIVERS\srv.sys \SystemRoot\system32\drivers\spsys.sys \??\C:\Windows\system32\drivers\mbamchameleon.sys \??\C:\Windows\system32\drivers\mbamswissarmy.sys \Windows\System32\ntdll.dll \Windows\System32\smss.exe \Windows\System32\apisetschema.dll \Windows\System32\autochk.exe \Windows\System32\user32.dll \Windows\System32\imm32.dll \Windows\System32\msctf.dll \Windows\System32\nsi.dll \Windows\System32\shell32.dll \Windows\System32\rpcrt4.dll \Windows\System32\wininet.dll \Windows\System32\Wldap32.dll \Windows\System32\iertutil.dll \Windows\System32\shlwapi.dll \Windows\System32\difxapi.dll \Windows\System32\lpk.dll \Windows\System32\urlmon.dll \Windows\System32\ole32.dll \Windows\System32\imagehlp.dll \Windows\System32\psapi.dll \Windows\System32\msvcrt.dll \Windows\System32\kernel32.dll \Windows\System32\comdlg32.dll \Windows\System32\advapi32.dll \Windows\System32\setupapi.dll \Windows\System32\normaliz.dll \Windows\System32\ws2_32.dll \Windows\System32\usp10.dll \Windows\System32\clbcatq.dll \Windows\System32\sechost.dll \Windows\System32\gdi32.dll \Windows\System32\oleaut32.dll \Windows\System32\cfgmgr32.dll \Windows\System32\wintrust.dll \Windows\System32\comctl32.dll \Windows\System32\KernelBase.dll \Windows\System32\crypt32.dll \Windows\System32\devobj.dll \Windows\System32\msasn1.dll \Windows\SysWOW64\normaliz.dll ----------- End ----------- <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xfffffa8004c65060 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\ Lower Device Object: 0xfffffa80046d5060 Lower Device Driver Name: \Driver\atapi\ Driver name found: atapi DriverEntry returned 0x0 Function returned 0x0 Downloaded database version: v2012.11.15.08 Downloaded database version: v2012.11.14.03 Initializing... Done! Scanning directory: C:\Windows\system32\drivers... <<<2>>> Device number: 0, partition: 2 Physical Sector Size: 512 Drive: 0, DevicePointer: 0xfffffa8004c65060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8004c65b90, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8004c65060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa80046d5060, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\ ------------ End ---------- Upper DeviceData: 0xfffff8a002477340, 0xfffffa8004c65060, 0xfffffa80040fe790 Lower DeviceData: 0xfffff8a002d07280, 0xfffffa80046d5060, 0xfffffa8006e43e40 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Done! Drive 0 Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: C6B8921 Partition information: Partition 0 type is Other (0x27) Partition is NOT ACTIVE. Partition starts at LBA: 2048 Numsec = 27262976 Partition 1 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 27265024 Numsec = 590557184 Partition file system is NTFS Partition is bootable Partition 2 type is Other (0x12) Partition is NOT ACTIVE. Partition starts at LBA: 617822208 Numsec = 7317504 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 320072933376 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-2047-625122448-625142448)... Done! Performing system, memory and registry scan... Done! Scan finished ======================================= DDS Logs: DDS (Ver_2012-11-07.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16455 BrowserJavaVersion: 10.9.2 Run by Raft at 22:03:18 on 2012-11-15 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.4061.2749 [GMT 0:00] . AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\System32\WUDFHost.exe C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\NOTEPAD.EXE C:\Windows\system32\taskhost.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\system32\vssvc.exe C:\Windows\System32\svchost.exe -k swprv C:\Windows\servicing\TrustedInstaller.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uSearch Bar = hxxp://www.google.com/ie uSearch Page = hxxp://www.google.com uDefault_Search_URL = hxxp://www.google.com/ie uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mWinlogon: Userinit = userinit.exe, BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll uRun: [AlcoholAutomount] "C:\Program Files (x86)\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe" -automount mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRunOnce: [Z1] C:\Users\Raft\Desktop\mbar-1.01.0.1009\mbar\mbar.exe /cleanup /s mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab TCP: NameServer = 194.168.4.100 194.168.8.100 TCP: Interfaces\{BF339D0F-1AB2-49F5-BA87-5212C7F8F7DE} : DHCPNameServer = 194.168.4.100 194.168.8.100 SSODL: WebCheck - <orphaned> x64-SSODL: WebCheck - <orphaned> . ============= SERVICES / DRIVERS =============== . R1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2012-5-18 27760] R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2012-5-18 86224] R2 AntiVirService;Avira Realtime Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2012-5-18 110032] R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2012-5-18 98848] R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-11-13 1153368] R2 StarWindServiceAE;StarWind AE Service;C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe [2009-12-23 370688] R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);C:\Windows\System32\drivers\L1C62x64.sys [2009-6-10 57344] R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2009-9-15 6952960] R3 winbondcir;Winbond IR Transceiver;C:\Windows\System32\drivers\winbondcir.sys [2007-3-28 46592] S2 AxAutoMntSrv;Alcohol Virtual Drive Auto-mount Service;C:\Program Files (x86)\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe [2012-1-5 75624] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-5-18 20992] S3 RTCore64;RTCore64;C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [2012-5-14 10568] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-5-19 59392] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-5-18 1255736] . =============== Created Last 30 ================ . 2012-11-15 22:01:50 8955792 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll 2012-11-15 22:01:44 9291768 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{052C45F4-6D3D-49BD-857D-4737E4D1AE5C}\mpengine.dll 2012-11-14 22:19:14 -------- d-----w- C:\Program Files (x86)\ESET 2012-11-14 19:50:54 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys 2012-11-14 19:50:54 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys 2012-11-14 19:50:54 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui 2012-11-14 19:50:53 9728 ----a-w- C:\Windows\System32\Wdfres.dll 2012-11-14 19:32:38 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys 2012-11-14 19:32:38 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys 2012-11-14 19:32:35 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll 2012-11-14 19:32:34 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll 2012-11-14 19:32:32 744448 ----a-w- C:\Windows\System32\WUDFx.dll 2012-11-14 19:32:32 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll 2012-11-14 19:32:32 229888 ----a-w- C:\Windows\System32\WUDFHost.exe 2012-11-14 19:26:58 95744 ----a-w- C:\Windows\System32\synceng.dll 2012-11-14 19:26:58 78336 ----a-w- C:\Windows\SysWow64\synceng.dll 2012-11-14 18:51:43 -------- d-----w- C:\Users\Raft\AppData\Roaming\LavasoftStatistics 2012-11-14 18:47:09 -------- d-----w- C:\Users\Raft\AppData\Local\Downloaded Installations 2012-11-14 18:46:58 -------- d-----w- C:\ProgramData\blekko toolbars 2012-11-14 18:46:51 -------- d-----w- C:\Program Files (x86)\adawaretb 2012-11-14 18:46:49 -------- d-----w- C:\Program Files (x86)\Toolbar Cleaner 2012-11-14 18:42:44 -------- d-----w- C:\Program Files (x86)\Trend Micro 2012-11-13 21:28:04 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys 2012-11-13 21:27:16 -------- d-----w- C:\Program Files\iPod 2012-11-13 21:27:15 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2012-11-13 21:27:15 -------- d-----w- C:\Program Files\iTunes 2012-11-13 19:21:00 -------- d-----w- C:\Program Files\CCleaner 2012-11-13 19:06:27 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy 2012-11-13 19:06:27 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2012-11-13 19:03:16 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll 2012-11-13 19:00:16 -------- d-----w- C:\Users\Raft\AppData\Roaming\Malwarebytes 2012-11-13 19:00:10 -------- d-----w- C:\ProgramData\Malwarebytes 2012-11-13 19:00:09 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-11-13 19:00:09 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-11-10 18:00:14 -------- d-----w- C:\GOG Games 2012-11-10 18:00:07 -------- d-----w- C:\Users\Raft\AppData\Local\Programs 2012-11-10 15:51:07 -------- d-----w- C:\Arcanum 2012-10-23 19:24:56 2048 ----a-w- C:\Windows\SysWow64\tzres.dll 2012-10-23 19:24:56 2048 ----a-w- C:\Windows\System32\tzres.dll 2012-10-23 19:24:51 715776 ----a-w- C:\Windows\System32\kerberos.dll 2012-10-23 19:24:51 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll 2012-10-23 19:24:46 1464320 ----a-w- C:\Windows\System32\crypt32.dll 2012-10-23 19:24:44 184320 ----a-w- C:\Windows\System32\cryptsvc.dll 2012-10-23 19:24:44 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll 2012-10-23 19:24:44 140288 ----a-w- C:\Windows\System32\cryptnet.dll 2012-10-23 19:24:44 1159680 ----a-w- C:\Windows\SysWow64\crypt32.dll 2012-10-23 19:24:44 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll . ==================== Find3M ==================== . 2012-11-13 19:02:59 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll 2012-11-13 19:02:59 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2012-10-18 18:25:58 3149824 ----a-w- C:\Windows\System32\win32k.sys 2012-10-09 18:17:13 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll 2012-10-09 18:17:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll 2012-10-09 17:40:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll 2012-10-09 17:40:31 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll 2012-10-08 11:31:03 2312704 ----a-w- C:\Windows\System32\jscript9.dll 2012-10-08 11:23:52 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-10-08 11:22:55 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-10-08 11:18:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-10-08 11:17:35 599040 ----a-w- C:\Windows\System32\vbscript.dll 2012-10-08 11:13:33 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-10-08 07:56:24 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-10-08 07:48:03 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-10-08 07:47:44 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-10-08 07:44:05 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-10-08 07:43:21 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll 2012-10-08 07:40:56 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-10-03 17:56:54 1914248 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2012-10-03 17:44:21 70656 ----a-w- C:\Windows\System32\nlaapi.dll 2012-10-03 17:44:21 303104 ----a-w- C:\Windows\System32\nlasvc.dll 2012-10-03 17:44:17 246272 ----a-w- C:\Windows\System32\netcorehc.dll 2012-10-03 17:44:17 18944 ----a-w- C:\Windows\System32\netevent.dll 2012-10-03 17:44:16 216576 ----a-w- C:\Windows\System32\ncsi.dll 2012-10-03 17:42:16 569344 ----a-w- C:\Windows\System32\iphlpsvc.dll 2012-10-03 16:42:24 18944 ----a-w- C:\Windows\SysWow64\netevent.dll 2012-10-03 16:42:24 175104 ----a-w- C:\Windows\SysWow64\netcorehc.dll 2012-10-03 16:42:23 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll 2012-10-03 16:07:26 45568 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys 2012-08-31 18:19:35 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys 2012-08-30 18:03:45 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-08-30 17:12:02 3968880 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-08-30 17:12:02 3914096 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2012-08-24 18:05:07 220160 ----a-w- C:\Windows\System32\wintrust.dll 2012-08-24 16:57:48 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll 2012-08-22 18:12:40 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys 2012-08-22 18:12:40 376688 ----a-w- C:\Windows\System32\drivers\netio.sys 2012-08-22 18:12:33 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS 2012-08-21 21:01:00 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe 2012-08-21 13:01:20 125872 ----a-w- C:\Windows\System32\GEARAspi64.dll 2012-08-21 13:01:20 106928 ----a-w- C:\Windows\SysWow64\GEARAspi.dll 2012-08-20 18:48:44 362496 ----a-w- C:\Windows\System32\wow64win.dll 2012-08-20 18:48:44 243200 ----a-w- C:\Windows\System32\wow64.dll 2012-08-20 18:48:44 13312 ----a-w- C:\Windows\System32\wow64cpu.dll 2012-08-20 18:48:43 215040 ----a-w- C:\Windows\System32\winsrv.dll 2012-08-20 18:48:37 16384 ----a-w- C:\Windows\System32\ntvdm64.dll 2012-08-20 18:48:35 424448 ----a-w- C:\Windows\System32\KernelBase.dll 2012-08-20 18:46:22 338432 ----a-w- C:\Windows\System32\conhost.exe 2012-08-20 17:40:21 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll 2012-08-20 17:38:44 44032 ----a-w- C:\Windows\apppatch\acwow64.dll 2012-08-20 17:38:26 25600 ----a-w- C:\Windows\SysWow64\setup16.exe 2012-08-20 17:37:19 5120 ----a-w- C:\Windows\SysWow64\wow32.dll 2012-08-20 17:37:18 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll 2012-08-20 15:38:21 7680 ----a-w- C:\Windows\SysWow64\instnm.exe 2012-08-20 15:38:20 2048 ----a-w- C:\Windows\SysWow64\user.exe 2012-08-20 15:33:28 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll 2012-08-20 15:33:28 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll 2012-08-20 15:33:28 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll 2012-08-20 15:33:28 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll . ============= FINISH: 22:03:26.67 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-07.01) . Microsoft Windows 7 Ultimate Boot Device: \Device\HarddiskVolume2 Install Date: 18/05/2012 23:04:46 System Uptime: 15/11/2012 21:44:33 (1 hours ago) . Motherboard: Acer | | JM50-MV Processor: Intel® Core2 Duo CPU T6500 @ 2.10GHz | U2E1 | 2100/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 282 GiB total, 226.817 GiB free. D: is CDROM () F: is CDROM () G: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1} Description: SBRE Device ID: ROOT\LEGACY_SBRE\0000 Manufacturer: Name: SBRE PNP Device ID: ROOT\LEGACY_SBRE\0000 Service: SBRE . ==== System Restore Points =================== . RP51: 13/11/2012 19:01:31 - Installed Java 7 Update 9 RP52: 13/11/2012 22:37:04 - Installed Java 7 Update 4 RP53: 14/11/2012 19:31:26 - Windows Update RP54: 15/11/2012 18:30:27 - Removed Steam RP55: 15/11/2012 18:32:59 - Removed Skype™ 5.10 . ==== Installed Programs ====================== . 2007 Microsoft Office Suite Service Pack 2 (SP2) 7-Zip 9.20 (x64 edition) Adobe Flash Player 11 ActiveX 64-bit Adobe Reader X (10.1.4) Apple Application Support Apple Mobile Device Support Apple Software Update Avira Free Antivirus Bonjour CCleaner ESET Online Scanner v3 HijackThis 2.0.2 iTunes Java 7 Update 9 Java Auto Updater Java 7 Update 4 JavaFX 2.1.1 Malwarebytes Anti-Malware version 1.65.1.1000 Media Player Classic - Home Cinema 1.6.1.4235 x64 Microsoft .NET Framework 4 Client Profile Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office InfoPath MUI (English) 2007 Microsoft Office Office 64-bit Components 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Professional Plus 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared 64-bit MUI (English) 2007 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 MSI Afterburner 2.2.1 MSI Kombustor 2.3.0 NVIDIA Control Panel 301.42 NVIDIA Graphics Driver 301.42 NVIDIA HD Audio Driver 1.3.16.0 NVIDIA Install Application NVIDIA PhysX NVIDIA PhysX System Software 9.12.0213 NVIDIA Update 1.8.15 NVIDIA Update Components Picasa 3 Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) SpeedFan (remove only) Spybot - Search & Destroy Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) VLC media player 2.0.1 . ==== Event Viewer Messages From Past Week ======== . 15/11/2012 21:45:26, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SBRE 15/11/2012 21:45:03, Error: Service Control Manager [7000] - The atksgt service failed to start due to the following error: This driver has been blocked from loading 15/11/2012 21:45:03, Error: Application Popup [875] - Driver atksgt.sys has been blocked from loading. 15/11/2012 21:42:40, Error: volsnap [8] - The flush and hold writes operation on volume C: timed out while waiting for a release writes command. 13/11/2012 21:26:13, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Apple Mobile Device service, but this action failed with the following error: An instance of the service is already running. 13/11/2012 21:25:13, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 13/11/2012 21:24:41, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 13/11/2012 21:14:39, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1. 13/11/2012 18:54:41, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Apple Mobile Device service to connect. 13/11/2012 18:54:41, Error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 10/11/2012 15:42:12, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume E:. . ==== End Of File =========================== Thanks jraftop
  6. jraftop
    Hello there, I'm sure I have a trojan on my laptop: My laptop began to act strangely over a period of 3 or 4 days. Avira detected a hidden object but no virus/trojan detection Malwarebytes showed no detection. Chrome refused to run, it would open momentarily then shut again - I couldn't even uninstall it), Steam begun to end unexpectantly and I was getting memory errors with WerFault.exe. After a reboot Avira detected 85 hidden objects but still no specific detection. Malwarebytes detected Trojan.ZbotR in the Appdata/Roaming folder and in the registry. I removed rebooted but Avira still detected hidden objects and Malwarebytes detected the same infection. I then attempted a gung-ho approach in an attempt to remove the infection and found a FAQ on the web about way to hopefully remove malware which involved doing the following: Disabled Tea-Timer, Avira and Defender Installied Ad-Aware and ran it (Don't think it achieved anything) Ran TFC Ran OTL Ran an ESET Online Scan which detected the following: C:\Users\Raft\AppData\Roaming\Skype\julesraft\httpfe\WPDShextAutoplay.exe a variant of Win32/Kryptik.AOQT trojan (cleaned by deleting - quarantined) After a reboot Avira detected 9 hidden object and a Malwarebytes detected the same infection. I then ran off to work and this evening I have rebooted and re-run Avira and Malwarebytes. The former still detects 9 hidden objects but Malwarebytes doesn't detect anything. I have attached the DDS logs below: DDS (Ver_2012-11-07.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16455 BrowserJavaVersion: 10.9.2 Run by Raft at 20:11:56 on 2012-11-15 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.4061.2793 [GMT 0:00] . AV: Lavasoft Ad-Aware *Disabled/Updated* {445B48C3-0FA4-6B16-8F07-6506F305D800} AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} SP: Lavasoft Ad-Aware *Disabled/Updated* {FF3AA927-299E-6498-B5B7-5E74888292BD} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Lavasoft Ad-Aware *Disabled* {7C60C9E6-45CB-6A4E-A458-CC330DD69F7B} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\System32\WUDFHost.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\System32\spoolsv.exe C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe C:\Windows\system32\svchost.exe -k imgsvc C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe C:\PROGRA~2\AD-AWA~1\AdAware.exe C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe C:\Windows\SysWOW64\NOTEPAD.EXE C:\Windows\system32\NOTEPAD.EXE C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE C:\Windows\splwow64.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uSearch Bar = hxxp://www.google.com/ie uSearch Page = hxxp://www.google.com uDefault_Search_URL = hxxp://www.google.com/ie uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mWinlogon: Userinit = userinit.exe, BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll uRun: [AlcoholAutomount] "C:\Program Files (x86)\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe" -automount mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe" mRun: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab TCP: NameServer = 194.168.4.100 194.168.8.100 TCP: Interfaces\{BF339D0F-1AB2-49F5-BA87-5212C7F8F7DE} : DHCPNameServer = 194.168.4.100 194.168.8.100 SSODL: WebCheck - <orphaned> x64-SSODL: WebCheck - <orphaned> . ============= SERVICES / DRIVERS =============== . R1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2012-5-18 27760] R1 SBRE;SBRE;C:\Windows\System32\drivers\sbredrv.sys [2012-11-14 57976] R2 Ad-Aware Service;Ad-Aware Service;C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2012-9-20 1236368] R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2012-5-18 86224] R2 AntiVirService;Avira Realtime Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2012-5-18 110032] R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2012-5-18 98848] R2 SBAMSvc;Ad-Aware;C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [2011-12-19 3289032] R2 sbapifs;sbapifs;C:\Windows\System32\drivers\sbapifs.sys [2011-11-29 74872] R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-11-13 1153368] R2 StarWindServiceAE;StarWind AE Service;C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe [2009-12-23 370688] R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);C:\Windows\System32\drivers\L1C62x64.sys [2009-6-10 57344] R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2009-9-15 6952960] R3 winbondcir;Winbond IR Transceiver;C:\Windows\System32\drivers\winbondcir.sys [2007-3-28 46592] S2 AxAutoMntSrv;Alcohol Virtual Drive Auto-mount Service;C:\Program Files (x86)\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe [2012-1-5 75624] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-5-18 20992] S3 RTCore64;RTCore64;C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [2012-5-14 10568] S3 sbhips;sbhips;C:\Windows\System32\drivers\sbhips.sys [2012-11-14 60536] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-5-19 59392] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-5-18 1255736] . =============== Created Last 30 ================ . 2012-11-14 22:19:14 -------- d-----w- C:\Program Files (x86)\ESET 2012-11-14 19:50:54 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys 2012-11-14 19:50:54 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys 2012-11-14 19:50:54 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui 2012-11-14 19:50:53 9728 ----a-w- C:\Windows\System32\Wdfres.dll 2012-11-14 19:32:38 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys 2012-11-14 19:32:38 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys 2012-11-14 19:32:35 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll 2012-11-14 19:32:34 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll 2012-11-14 19:32:32 744448 ----a-w- C:\Windows\System32\WUDFx.dll 2012-11-14 19:32:32 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll 2012-11-14 19:32:32 229888 ----a-w- C:\Windows\System32\WUDFHost.exe 2012-11-14 19:26:58 95744 ----a-w- C:\Windows\System32\synceng.dll 2012-11-14 19:26:58 78336 ----a-w- C:\Windows\SysWow64\synceng.dll 2012-11-14 18:51:43 -------- d-----w- C:\Users\Raft\AppData\Roaming\LavasoftStatistics 2012-11-14 18:47:24 60536 ----a-w- C:\Windows\System32\drivers\sbhips.sys 2012-11-14 18:47:23 57976 ----a-w- C:\Windows\System32\drivers\sbredrv.sys 2012-11-14 18:47:23 45936 ----a-w- C:\Windows\System32\sbbd.exe 2012-11-14 18:47:21 -------- d-----w- C:\Program Files (x86)\Ad-Aware Antivirus 2012-11-14 18:47:09 -------- d-----w- C:\Users\Raft\AppData\Local\Downloaded Installations 2012-11-14 18:46:58 -------- d-----w- C:\Users\Raft\AppData\Local\adawarebp 2012-11-14 18:46:58 -------- d-----w- C:\ProgramData\blekko toolbars 2012-11-14 18:46:57 -------- d-----w- C:\ProgramData\Ad-Aware Browsing Protection 2012-11-14 18:46:51 -------- d-----w- C:\Program Files (x86)\adawaretb 2012-11-14 18:46:49 -------- d-----w- C:\Program Files (x86)\Toolbar Cleaner 2012-11-14 18:45:54 -------- d-----w- C:\Users\Raft\AppData\Roaming\Ad-Aware Antivirus 2012-11-14 18:42:44 -------- d-----w- C:\Program Files (x86)\Trend Micro 2012-11-13 21:28:04 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys 2012-11-13 21:27:16 -------- d-----w- C:\Program Files\iPod 2012-11-13 21:27:15 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2012-11-13 21:27:15 -------- d-----w- C:\Program Files\iTunes 2012-11-13 19:21:00 -------- d-----w- C:\Program Files\CCleaner 2012-11-13 19:06:27 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy 2012-11-13 19:06:27 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2012-11-13 19:03:16 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll 2012-11-13 19:00:16 -------- d-----w- C:\Users\Raft\AppData\Roaming\Malwarebytes 2012-11-13 19:00:10 -------- d-----w- C:\ProgramData\Malwarebytes 2012-11-13 19:00:09 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-11-13 19:00:09 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-11-10 18:00:14 -------- d-----w- C:\GOG Games 2012-11-10 18:00:07 -------- d-----w- C:\Users\Raft\AppData\Local\Programs 2012-11-10 15:51:07 -------- d-----w- C:\Arcanum 2012-10-23 19:24:56 2048 ----a-w- C:\Windows\SysWow64\tzres.dll 2012-10-23 19:24:56 2048 ----a-w- C:\Windows\System32\tzres.dll 2012-10-23 19:24:51 715776 ----a-w- C:\Windows\System32\kerberos.dll 2012-10-23 19:24:51 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll 2012-10-23 19:24:46 1464320 ----a-w- C:\Windows\System32\crypt32.dll 2012-10-23 19:24:44 184320 ----a-w- C:\Windows\System32\cryptsvc.dll 2012-10-23 19:24:44 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll 2012-10-23 19:24:44 140288 ----a-w- C:\Windows\System32\cryptnet.dll 2012-10-23 19:24:44 1159680 ----a-w- C:\Windows\SysWow64\crypt32.dll 2012-10-23 19:24:44 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll . ==================== Find3M ==================== . 2012-11-13 19:02:59 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll 2012-11-13 19:02:59 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2012-10-18 18:25:58 3149824 ----a-w- C:\Windows\System32\win32k.sys 2012-10-09 18:17:13 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll 2012-10-09 18:17:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll 2012-10-09 17:40:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll 2012-10-09 17:40:31 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll 2012-10-08 11:31:03 2312704 ----a-w- C:\Windows\System32\jscript9.dll 2012-10-08 11:23:52 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-10-08 11:22:55 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-10-08 11:18:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-10-08 11:17:35 599040 ----a-w- C:\Windows\System32\vbscript.dll 2012-10-08 11:13:33 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-10-08 07:56:24 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-10-08 07:48:03 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-10-08 07:47:44 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-10-08 07:44:05 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-10-08 07:43:21 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll 2012-10-08 07:40:56 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-10-03 17:56:54 1914248 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2012-10-03 17:44:21 70656 ----a-w- C:\Windows\System32\nlaapi.dll 2012-10-03 17:44:21 303104 ----a-w- C:\Windows\System32\nlasvc.dll 2012-10-03 17:44:17 246272 ----a-w- C:\Windows\System32\netcorehc.dll 2012-10-03 17:44:17 18944 ----a-w- C:\Windows\System32\netevent.dll 2012-10-03 17:44:16 216576 ----a-w- C:\Windows\System32\ncsi.dll 2012-10-03 17:42:16 569344 ----a-w- C:\Windows\System32\iphlpsvc.dll 2012-10-03 16:42:24 18944 ----a-w- C:\Windows\SysWow64\netevent.dll 2012-10-03 16:42:24 175104 ----a-w- C:\Windows\SysWow64\netcorehc.dll 2012-10-03 16:42:23 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll 2012-10-03 16:07:26 45568 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys 2012-08-31 18:19:35 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys 2012-08-30 18:03:45 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-08-30 17:12:02 3968880 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-08-30 17:12:02 3914096 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2012-08-24 18:05:07 220160 ----a-w- C:\Windows\System32\wintrust.dll 2012-08-24 16:57:48 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll 2012-08-22 18:12:40 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys 2012-08-22 18:12:40 376688 ----a-w- C:\Windows\System32\drivers\netio.sys 2012-08-22 18:12:33 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS 2012-08-21 21:01:00 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe 2012-08-21 13:01:20 125872 ----a-w- C:\Windows\System32\GEARAspi64.dll 2012-08-21 13:01:20 106928 ----a-w- C:\Windows\SysWow64\GEARAspi.dll 2012-08-20 18:48:44 362496 ----a-w- C:\Windows\System32\wow64win.dll 2012-08-20 18:48:44 243200 ----a-w- C:\Windows\System32\wow64.dll 2012-08-20 18:48:44 13312 ----a-w- C:\Windows\System32\wow64cpu.dll 2012-08-20 18:48:43 215040 ----a-w- C:\Windows\System32\winsrv.dll 2012-08-20 18:48:37 16384 ----a-w- C:\Windows\System32\ntvdm64.dll 2012-08-20 18:48:35 424448 ----a-w- C:\Windows\System32\KernelBase.dll 2012-08-20 18:46:22 338432 ----a-w- C:\Windows\System32\conhost.exe 2012-08-20 17:40:21 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll 2012-08-20 17:38:44 44032 ----a-w- C:\Windows\apppatch\acwow64.dll 2012-08-20 17:38:26 25600 ----a-w- C:\Windows\SysWow64\setup16.exe 2012-08-20 17:37:19 5120 ----a-w- C:\Windows\SysWow64\wow32.dll 2012-08-20 17:37:18 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll 2012-08-20 15:38:21 7680 ----a-w- C:\Windows\SysWow64\instnm.exe 2012-08-20 15:38:20 2048 ----a-w- C:\Windows\SysWow64\user.exe 2012-08-20 15:33:28 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll 2012-08-20 15:33:28 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll 2012-08-20 15:33:28 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll 2012-08-20 15:33:28 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll . ============= FINISH: 20:12:05.25 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-07.01) . Microsoft Windows 7 Ultimate Boot Device: \Device\HarddiskVolume2 Install Date: 18/05/2012 23:04:46 System Uptime: 15/11/2012 19:00:19 (1 hours ago) . Motherboard: Acer | | JM50-MV Processor: Intel® Core™2 Duo CPU T6500 @ 2.10GHz | U2E1 | 2100/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 282 GiB total, 227.721 GiB free. D: is CDROM () F: is CDROM () G: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP51: 13/11/2012 19:01:31 - Installed Java 7 Update 9 RP52: 13/11/2012 22:37:04 - Installed Java™ 7 Update 4 RP53: 14/11/2012 19:31:26 - Windows Update RP54: 15/11/2012 18:30:27 - Removed Steam RP55: 15/11/2012 18:32:59 - Removed Skype™ 5.10 . ==== Installed Programs ====================== . 2007 Microsoft Office Suite Service Pack 2 (SP2) 7-Zip 9.20 (x64 edition) Ad-Aware Antivirus Ad-Aware Browsing Protection Adobe Flash Player 11 ActiveX 64-bit Adobe Reader X (10.1.4) Apple Application Support Apple Mobile Device Support Apple Software Update Avira Free Antivirus Bonjour CCleaner ESET Online Scanner v3 HijackThis 2.0.2 iTunes Java 7 Update 9 Java Auto Updater Java™ 7 Update 4 JavaFX 2.1.1 Malwarebytes Anti-Malware version 1.65.1.1000 Media Player Classic - Home Cinema 1.6.1.4235 x64 Microsoft .NET Framework 4 Client Profile Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office InfoPath MUI (English) 2007 Microsoft Office Office 64-bit Components 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Professional Plus 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared 64-bit MUI (English) 2007 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 MSI Afterburner 2.2.1 MSI Kombustor 2.3.0 NVIDIA Control Panel 301.42 NVIDIA Graphics Driver 301.42 NVIDIA HD Audio Driver 1.3.16.0 NVIDIA Install Application NVIDIA PhysX NVIDIA PhysX System Software 9.12.0213 NVIDIA Update 1.8.15 NVIDIA Update Components Picasa 3 Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) SpeedFan (remove only) Spybot - Search & Destroy Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) VLC media player 2.0.1 . ==== Event Viewer Messages From Past Week ======== . 15/11/2012 19:00:54, Error: Service Control Manager [7000] - The atksgt service failed to start due to the following error: This driver has been blocked from loading 15/11/2012 19:00:54, Error: Application Popup [875] - Driver atksgt.sys has been blocked from loading. 13/11/2012 21:26:13, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Apple Mobile Device service, but this action failed with the following error: An instance of the service is already running. 13/11/2012 21:25:13, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 13/11/2012 21:24:41, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 13/11/2012 21:14:39, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1. 13/11/2012 18:54:41, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Apple Mobile Device service to connect. 13/11/2012 18:54:41, Error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 10/11/2012 15:42:12, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume E:. . ==== End Of File ===========================
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.