jraftop
-
Posts
6 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by jraftop
-
-
Hi Maniac
I have been at work all day but I have run Avira again since the logs above and it has detected 1 hidden object and another infection. Avira scan log attached:
Avira Free Antivirus
Report file date: 16 November 2012 15:17
Scanning for 4505461 virus strains and unwanted programs.
The program is running as an unrestricted full version.
Online services are available.
Licensee : Avira Free Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows 7 Ultimate
Windows version : (Service Pack 1) [6.1.7601]
Boot mode : Normally booted
Username : Raft
Computer name : RAFT-PC
Version information:
BUILD.DAT : 12.1.9.1236 40872 Bytes 11/10/2012 15:58:00
AVSCAN.EXE : 12.3.0.48 468256 Bytes 14/11/2012 14:34:17
AVSCAN.DLL : 12.3.0.15 54736 Bytes 02/05/2012 14:31:39
LUKE.DLL : 12.3.0.15 68304 Bytes 02/05/2012 00:31:47
AVSCPLR.DLL : 12.3.0.14 97032 Bytes 01/05/2012 23:13:36
AVREG.DLL : 12.3.0.17 232200 Bytes 18/05/2012 22:32:16
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06/11/2009 19:18:34
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14/12/2010 00:23:21
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20/12/2011 00:32:24
VBASE003.VDF : 7.11.21.238 4472832 Bytes 01/02/2012 10:58:50
VBASE004.VDF : 7.11.26.44 4329472 Bytes 28/03/2012 11:43:53
VBASE005.VDF : 7.11.34.116 4034048 Bytes 29/06/2012 11:26:45
VBASE006.VDF : 7.11.41.250 4902400 Bytes 06/09/2012 18:52:03
VBASE007.VDF : 7.11.45.207 2363904 Bytes 11/10/2012 19:20:27
VBASE008.VDF : 7.11.45.208 2048 Bytes 11/10/2012 19:20:27
VBASE009.VDF : 7.11.45.209 2048 Bytes 11/10/2012 19:20:27
VBASE010.VDF : 7.11.45.210 2048 Bytes 11/10/2012 19:20:27
VBASE011.VDF : 7.11.45.211 2048 Bytes 11/10/2012 19:20:27
VBASE012.VDF : 7.11.45.212 2048 Bytes 11/10/2012 19:20:27
VBASE013.VDF : 7.11.45.213 2048 Bytes 11/10/2012 19:20:28
VBASE014.VDF : 7.11.46.65 220160 Bytes 16/10/2012 19:20:28
VBASE015.VDF : 7.11.46.153 173568 Bytes 18/10/2012 19:20:28
VBASE016.VDF : 7.11.46.223 162304 Bytes 19/10/2012 19:20:28
VBASE017.VDF : 7.11.47.35 126464 Bytes 22/10/2012 19:20:28
VBASE018.VDF : 7.11.47.95 175616 Bytes 24/10/2012 19:20:11
VBASE019.VDF : 7.11.47.177 164352 Bytes 26/10/2012 19:20:12
VBASE020.VDF : 7.11.47.229 143360 Bytes 28/10/2012 19:20:25
VBASE021.VDF : 7.11.48.47 138240 Bytes 30/10/2012 19:20:12
VBASE022.VDF : 7.11.48.135 122880 Bytes 01/11/2012 20:17:24
VBASE023.VDF : 7.11.48.209 142848 Bytes 05/11/2012 19:46:04
VBASE024.VDF : 7.11.48.243 119296 Bytes 05/11/2012 19:46:05
VBASE025.VDF : 7.11.49.47 136704 Bytes 07/11/2012 19:46:16
VBASE026.VDF : 7.11.49.135 194560 Bytes 09/11/2012 14:34:08
VBASE027.VDF : 7.11.49.209 188416 Bytes 12/11/2012 14:34:10
VBASE028.VDF : 7.11.50.27 212992 Bytes 14/11/2012 19:03:33
VBASE029.VDF : 7.11.50.28 2048 Bytes 14/11/2012 19:03:33
VBASE030.VDF : 7.11.50.29 2048 Bytes 14/11/2012 19:03:33
VBASE031.VDF : 7.11.50.70 143872 Bytes 16/11/2012 14:34:14
Engine version : 8.2.10.202
AEVDF.DLL : 8.1.2.10 102772 Bytes 13/07/2012 21:19:48
AESCRIPT.DLL : 8.1.4.66 463227 Bytes 12/11/2012 14:34:12
AESCN.DLL : 8.1.9.4 131445 Bytes 15/11/2012 19:03:36
AESBX.DLL : 8.2.5.12 606578 Bytes 16/06/2012 14:02:39
AERDL.DLL : 8.2.0.74 643445 Bytes 07/11/2012 19:46:21
AEPACK.DLL : 8.3.0.40 815479 Bytes 12/11/2012 14:34:12
AEOFFICE.DLL : 8.1.2.50 201084 Bytes 05/11/2012 19:46:08
AEHEUR.DLL : 8.1.4.138 5542265 Bytes 15/11/2012 19:03:35
AEHELP.DLL : 8.1.25.2 258423 Bytes 23/10/2012 19:20:30
AEGEN.DLL : 8.1.6.10 438646 Bytes 15/11/2012 19:03:33
AEEXP.DLL : 8.2.0.10 119158 Bytes 05/11/2012 19:46:09
AEEMU.DLL : 8.1.3.2 393587 Bytes 13/07/2012 21:19:42
AECORE.DLL : 8.1.29.2 201079 Bytes 07/11/2012 19:46:16
AEBB.DLL : 8.1.1.4 53619 Bytes 05/11/2012 19:46:05
AVWINLL.DLL : 12.3.0.15 27344 Bytes 01/05/2012 23:59:21
AVPREF.DLL : 12.3.0.32 50720 Bytes 14/11/2012 14:34:16
AVREP.DLL : 12.3.0.15 179208 Bytes 01/05/2012 23:13:35
AVARKT.DLL : 12.3.0.33 209696 Bytes 14/11/2012 14:34:16
AVEVTLOG.DLL : 12.3.0.15 169168 Bytes 01/05/2012 23:28:49
SQLITE3.DLL : 3.7.0.1 398288 Bytes 16/04/2012 22:11:02
AVSMTP.DLL : 12.3.0.32 63480 Bytes 13/08/2012 19:06:47
NETNT.DLL : 12.3.0.15 17104 Bytes 02/05/2012 00:33:29
RCIMAGE.DLL : 12.3.0.31 4445944 Bytes 13/08/2012 19:06:32
RCTEXT.DLL : 12.3.0.32 97056 Bytes 14/11/2012 14:34:15
Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: C:\program files (x86)\avira\antivir desktop\sysscan.avp
Logging.............................: default
Primary action......................: Interactive
Secondary action....................: Ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: extended
Start of the scan: 16 November 2012 15:17
Starting master boot sector scan:
Master boot sector HD0
[iNFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[iNFO] No virus was found!
Starting search for hidden objects.
Hidden driver
[NOTE] A memory modification has been detected, which could potentially be used to hide file access attempts.
The scan of running processes will be started
Scan process 'avscan.exe' - '81' Module(s) have been scanned
Scan process 'avcenter.exe' - '111' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '69' Module(s) have been scanned
Scan process 'jusched.exe' - '25' Module(s) have been scanned
Scan process 'avgnt.exe' - '82' Module(s) have been scanned
Scan process 'daemonu.exe' - '63' Module(s) have been scanned
Scan process 'SDWinSec.exe' - '48' Module(s) have been scanned
Scan process 'StarWindServiceAE.exe' - '36' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '63' Module(s) have been scanned
Scan process 'avguard.exe' - '62' Module(s) have been scanned
Scan process 'armsvc.exe' - '24' Module(s) have been scanned
Scan process 'sched.exe' - '43' Module(s) have been scanned
Starting to scan executable files (registry).
The registry was scanned ( '1594' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\Users\Raft\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\7QSCQB67\rFQfXT.bdKx
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Caphaw.D.326 back-door program
Beginning disinfection:
C:\Users\Raft\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\7QSCQB67\rFQfXT.bdKx
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Caphaw.D.326 back-door program
[NOTE] The file was moved to the quarantine directory under the name '5535c5c2.qua'.
End of the scan: 16 November 2012 16:15
Used time: 54:50 Minute(s)
The scan has been done completely.
26111 Scanned directories
455174 Files were scanned
1 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 Files were deleted
0 Viruses and unwanted programs were repaired
1 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
455173 Files not concerned
3480 Archives were scanned
0 Warnings
2 Notes
522302 Objects were scanned with rootkit scan
1 Hidden objects were found
-
Here's the other Malware Rootkit log:
Malwarebytes Anti-Rootkit 1.1.0.1009
Database version: v2012.11.15.08
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Raft :: RAFT-PC [administrator]
15/11/2012 21:58:46
mbar-log-2012-11-15 (21-58-46).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: PUP | PUM | P2P
Objects scanned: 27009
Time elapsed: 8 minute(s), 37 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
-
Avira is still detecting 1 hidden object however.
-
Hi Maniac
Many thanks for the quick response. I uninstalled Ad-Aware and then ran the Rootkit which did not find any malware. I have pasted the Malwarebytes Rootkit log first, followed by the DDS logs:
Rootkit:
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1009
© Malwarebytes Corporation 2011-2012
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
Account is Administrative
Internet Explorer version: 9.0.8112.16421
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.094000 GHz
Memory total: 4258193408, free: 2788265984
------------ Kernel report ------------
11/15/2012 21:49:31
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\sptd.sys
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\vmbus.sys
\SystemRoot\system32\drivers\winhv.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\vmstorfl.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\SysWOW64\speedfan.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\drivers\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\avkmgr.sys
\SystemRoot\system32\DRIVERS\avipbb.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\NETw5s64.sys
\SystemRoot\System32\drivers\vwifibus.sys
\SystemRoot\system32\DRIVERS\L1C62x64.sys
\SystemRoot\system32\DRIVERS\winbondcir.sys
\SystemRoot\system32\drivers\i8042prt.sys
\SystemRoot\system32\drivers\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\System32\Drivers\ahjksefy.SYS
\SystemRoot\System32\Drivers\SCSIPORT.SYS
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\circlass.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\HdAudio.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\agrsm64.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\drivers\modem.sys
\SystemRoot\system32\drivers\nvhda64v.sys
\SystemRoot\system32\DRIVERS\hidir.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\drivers\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_msahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\avgntflt.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\WinUSB.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\DRIVERS\lirsgt.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\spsys.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\user32.dll
\Windows\System32\imm32.dll
\Windows\System32\msctf.dll
\Windows\System32\nsi.dll
\Windows\System32\shell32.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\wininet.dll
\Windows\System32\Wldap32.dll
\Windows\System32\iertutil.dll
\Windows\System32\shlwapi.dll
\Windows\System32\difxapi.dll
\Windows\System32\lpk.dll
\Windows\System32\urlmon.dll
\Windows\System32\ole32.dll
\Windows\System32\imagehlp.dll
\Windows\System32\psapi.dll
\Windows\System32\msvcrt.dll
\Windows\System32\kernel32.dll
\Windows\System32\comdlg32.dll
\Windows\System32\advapi32.dll
\Windows\System32\setupapi.dll
\Windows\System32\normaliz.dll
\Windows\System32\ws2_32.dll
\Windows\System32\usp10.dll
\Windows\System32\clbcatq.dll
\Windows\System32\sechost.dll
\Windows\System32\gdi32.dll
\Windows\System32\oleaut32.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\wintrust.dll
\Windows\System32\comctl32.dll
\Windows\System32\KernelBase.dll
\Windows\System32\crypt32.dll
\Windows\System32\devobj.dll
\Windows\System32\msasn1.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8004c65060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\
Lower Device Object: 0xfffffa80046d5060
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
DriverEntry returned 0x0
Function returned 0x0
Downloaded database version: v2012.11.15.08
Downloaded database version: v2012.11.14.03
Initializing...
Done!
Scanning directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 2
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8004c65060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8004c65b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8004c65060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80046d5060, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
------------ End ----------
Upper DeviceData: 0xfffff8a002477340, 0xfffffa8004c65060, 0xfffffa80040fe790
Lower DeviceData: 0xfffff8a002d07280, 0xfffffa80046d5060, 0xfffffa8006e43e40
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: C6B8921
Partition information:
Partition 0 type is Other (0x27)
Partition is NOT ACTIVE.
Partition starts at LBA: 2048 Numsec = 27262976
Partition 1 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 27265024 Numsec = 590557184
Partition file system is NTFS
Partition is bootable
Partition 2 type is Other (0x12)
Partition is NOT ACTIVE.
Partition starts at LBA: 617822208 Numsec = 7317504
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 320072933376 bytes
Sector size: 512 bytes
Scanning physical sectors of unpartitioned space on drive 0 (1-2047-625122448-625142448)...
Done!
Performing system, memory and registry scan...
Done!
Scan finished
=======================================
DDS Logs:
DDS (Ver_2012-11-07.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16455 BrowserJavaVersion: 10.9.2
Run by Raft at 22:03:18 on 2012-11-15
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.4061.2749 [GMT 0:00]
.
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\WUDFHost.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [AlcoholAutomount] "C:\Program Files (x86)\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe" -automount
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRunOnce: [Z1] C:\Users\Raft\Desktop\mbar-1.01.0.1009\mbar\mbar.exe /cleanup /s
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
TCP: NameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{BF339D0F-1AB2-49F5-BA87-5212C7F8F7DE} : DHCPNameServer = 194.168.4.100 194.168.8.100
SSODL: WebCheck - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2012-5-18 27760]
R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2012-5-18 86224]
R2 AntiVirService;Avira Realtime Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2012-5-18 110032]
R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2012-5-18 98848]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-11-13 1153368]
R2 StarWindServiceAE;StarWind AE Service;C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe [2009-12-23 370688]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);C:\Windows\System32\drivers\L1C62x64.sys [2009-6-10 57344]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2009-9-15 6952960]
R3 winbondcir;Winbond IR Transceiver;C:\Windows\System32\drivers\winbondcir.sys [2007-3-28 46592]
S2 AxAutoMntSrv;Alcohol Virtual Drive Auto-mount Service;C:\Program Files (x86)\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe [2012-1-5 75624]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-5-18 20992]
S3 RTCore64;RTCore64;C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [2012-5-14 10568]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-5-19 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-5-18 1255736]
.
=============== Created Last 30 ================
.
2012-11-15 22:01:50 8955792 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2012-11-15 22:01:44 9291768 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{052C45F4-6D3D-49BD-857D-4737E4D1AE5C}\mpengine.dll
2012-11-14 22:19:14 -------- d-----w- C:\Program Files (x86)\ESET
2012-11-14 19:50:54 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
2012-11-14 19:50:54 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys
2012-11-14 19:50:54 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2012-11-14 19:50:53 9728 ----a-w- C:\Windows\System32\Wdfres.dll
2012-11-14 19:32:38 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
2012-11-14 19:32:38 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
2012-11-14 19:32:35 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
2012-11-14 19:32:34 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
2012-11-14 19:32:32 744448 ----a-w- C:\Windows\System32\WUDFx.dll
2012-11-14 19:32:32 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
2012-11-14 19:32:32 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
2012-11-14 19:26:58 95744 ----a-w- C:\Windows\System32\synceng.dll
2012-11-14 19:26:58 78336 ----a-w- C:\Windows\SysWow64\synceng.dll
2012-11-14 18:51:43 -------- d-----w- C:\Users\Raft\AppData\Roaming\LavasoftStatistics
2012-11-14 18:47:09 -------- d-----w- C:\Users\Raft\AppData\Local\Downloaded Installations
2012-11-14 18:46:58 -------- d-----w- C:\ProgramData\blekko toolbars
2012-11-14 18:46:51 -------- d-----w- C:\Program Files (x86)\adawaretb
2012-11-14 18:46:49 -------- d-----w- C:\Program Files (x86)\Toolbar Cleaner
2012-11-14 18:42:44 -------- d-----w- C:\Program Files (x86)\Trend Micro
2012-11-13 21:28:04 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2012-11-13 21:27:16 -------- d-----w- C:\Program Files\iPod
2012-11-13 21:27:15 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-11-13 21:27:15 -------- d-----w- C:\Program Files\iTunes
2012-11-13 19:21:00 -------- d-----w- C:\Program Files\CCleaner
2012-11-13 19:06:27 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-11-13 19:06:27 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-11-13 19:03:16 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2012-11-13 19:00:16 -------- d-----w- C:\Users\Raft\AppData\Roaming\Malwarebytes
2012-11-13 19:00:10 -------- d-----w- C:\ProgramData\Malwarebytes
2012-11-13 19:00:09 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-11-13 19:00:09 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-11-10 18:00:14 -------- d-----w- C:\GOG Games
2012-11-10 18:00:07 -------- d-----w- C:\Users\Raft\AppData\Local\Programs
2012-11-10 15:51:07 -------- d-----w- C:\Arcanum
2012-10-23 19:24:56 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-10-23 19:24:56 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-10-23 19:24:51 715776 ----a-w- C:\Windows\System32\kerberos.dll
2012-10-23 19:24:51 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll
2012-10-23 19:24:46 1464320 ----a-w- C:\Windows\System32\crypt32.dll
2012-10-23 19:24:44 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-10-23 19:24:44 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-10-23 19:24:44 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-10-23 19:24:44 1159680 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-10-23 19:24:44 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
.
==================== Find3M ====================
.
2012-11-13 19:02:59 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-11-13 19:02:59 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-10-18 18:25:58 3149824 ----a-w- C:\Windows\System32\win32k.sys
2012-10-09 18:17:13 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll
2012-10-09 18:17:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll
2012-10-09 17:40:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40:31 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll
2012-10-08 11:31:03 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-10-08 11:23:52 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-10-08 11:22:55 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-10-08 11:18:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-10-08 11:17:35 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-10-08 11:13:33 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-10-08 07:56:24 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-10-08 07:48:03 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-10-08 07:47:44 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-10-08 07:44:05 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-10-08 07:43:21 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-10-08 07:40:56 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-10-03 17:56:54 1914248 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-10-03 17:44:21 70656 ----a-w- C:\Windows\System32\nlaapi.dll
2012-10-03 17:44:21 303104 ----a-w- C:\Windows\System32\nlasvc.dll
2012-10-03 17:44:17 246272 ----a-w- C:\Windows\System32\netcorehc.dll
2012-10-03 17:44:17 18944 ----a-w- C:\Windows\System32\netevent.dll
2012-10-03 17:44:16 216576 ----a-w- C:\Windows\System32\ncsi.dll
2012-10-03 17:42:16 569344 ----a-w- C:\Windows\System32\iphlpsvc.dll
2012-10-03 16:42:24 18944 ----a-w- C:\Windows\SysWow64\netevent.dll
2012-10-03 16:42:24 175104 ----a-w- C:\Windows\SysWow64\netcorehc.dll
2012-10-03 16:42:23 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll
2012-10-03 16:07:26 45568 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys
2012-08-31 18:19:35 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2012-08-30 18:03:45 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-08-30 17:12:02 3968880 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-08-30 17:12:02 3914096 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-08-24 18:05:07 220160 ----a-w- C:\Windows\System32\wintrust.dll
2012-08-24 16:57:48 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-08-22 18:12:40 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
2012-08-22 18:12:40 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
2012-08-22 18:12:33 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-08-21 21:01:00 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe
2012-08-21 13:01:20 125872 ----a-w- C:\Windows\System32\GEARAspi64.dll
2012-08-21 13:01:20 106928 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
2012-08-20 18:48:44 362496 ----a-w- C:\Windows\System32\wow64win.dll
2012-08-20 18:48:44 243200 ----a-w- C:\Windows\System32\wow64.dll
2012-08-20 18:48:44 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2012-08-20 18:48:43 215040 ----a-w- C:\Windows\System32\winsrv.dll
2012-08-20 18:48:37 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2012-08-20 18:48:35 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2012-08-20 18:46:22 338432 ----a-w- C:\Windows\System32\conhost.exe
2012-08-20 17:40:21 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2012-08-20 17:38:44 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2012-08-20 17:38:26 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2012-08-20 17:37:19 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2012-08-20 17:37:18 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2012-08-20 15:38:21 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2012-08-20 15:38:20 2048 ----a-w- C:\Windows\SysWow64\user.exe
2012-08-20 15:33:28 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-08-20 15:33:28 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 15:33:28 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 15:33:28 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
.
============= FINISH: 22:03:26.67 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-07.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume2
Install Date: 18/05/2012 23:04:46
System Uptime: 15/11/2012 21:44:33 (1 hours ago)
.
Motherboard: Acer | | JM50-MV
Processor: Intel® Core2 Duo CPU T6500 @ 2.10GHz | U2E1 | 2100/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 282 GiB total, 226.817 GiB free.
D: is CDROM ()
F: is CDROM ()
G: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: SBRE
Device ID: ROOT\LEGACY_SBRE\0000
Manufacturer:
Name: SBRE
PNP Device ID: ROOT\LEGACY_SBRE\0000
Service: SBRE
.
==== System Restore Points ===================
.
RP51: 13/11/2012 19:01:31 - Installed Java 7 Update 9
RP52: 13/11/2012 22:37:04 - Installed Java 7 Update 4
RP53: 14/11/2012 19:31:26 - Windows Update
RP54: 15/11/2012 18:30:27 - Removed Steam
RP55: 15/11/2012 18:32:59 - Removed Skype™ 5.10
.
==== Installed Programs ======================
.
2007 Microsoft Office Suite Service Pack 2 (SP2)
7-Zip 9.20 (x64 edition)
Adobe Flash Player 11 ActiveX 64-bit
Adobe Reader X (10.1.4)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Avira Free Antivirus
Bonjour
CCleaner
ESET Online Scanner v3
HijackThis 2.0.2
iTunes
Java 7 Update 9
Java Auto Updater
Java 7 Update 4
JavaFX 2.1.1
Malwarebytes Anti-Malware version 1.65.1.1000
Media Player Classic - Home Cinema 1.6.1.4235 x64
Microsoft .NET Framework 4 Client Profile
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
MSI Afterburner 2.2.1
MSI Kombustor 2.3.0
NVIDIA Control Panel 301.42
NVIDIA Graphics Driver 301.42
NVIDIA HD Audio Driver 1.3.16.0
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 9.12.0213
NVIDIA Update 1.8.15
NVIDIA Update Components
Picasa 3
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
SpeedFan (remove only)
Spybot - Search & Destroy
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
VLC media player 2.0.1
.
==== Event Viewer Messages From Past Week ========
.
15/11/2012 21:45:26, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SBRE
15/11/2012 21:45:03, Error: Service Control Manager [7000] - The atksgt service failed to start due to the following error: This driver has been blocked from loading
15/11/2012 21:45:03, Error: Application Popup [875] - Driver atksgt.sys has been blocked from loading.
15/11/2012 21:42:40, Error: volsnap [8] - The flush and hold writes operation on volume C: timed out while waiting for a release writes command.
13/11/2012 21:26:13, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Apple Mobile Device service, but this action failed with the following error: An instance of the service is already running.
13/11/2012 21:25:13, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
13/11/2012 21:24:41, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
13/11/2012 21:14:39, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
13/11/2012 18:54:41, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Apple Mobile Device service to connect.
13/11/2012 18:54:41, Error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/11/2012 15:42:12, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume E:.
.
==== End Of File ===========================
Thanks
jraftop
-
Hello there, I'm sure I have a trojan on my laptop:
My laptop began to act strangely over a period of 3 or 4 days. Avira detected a hidden object but no virus/trojan detection Malwarebytes showed no detection. Chrome refused to run, it would open momentarily then shut again - I couldn't even uninstall it), Steam begun to end unexpectantly and I was getting memory errors with WerFault.exe. After a reboot Avira detected 85 hidden objects but still no specific detection. Malwarebytes detected Trojan.ZbotR in the Appdata/Roaming folder and in the registry. I removed rebooted but Avira still detected hidden objects and Malwarebytes detected the same infection.
I then attempted a gung-ho approach in an attempt to remove the infection and found a FAQ on the web about way to hopefully remove malware which involved doing the following:
Disabled Tea-Timer, Avira and Defender
Installied Ad-Aware and ran it (Don't think it achieved anything)
Ran TFC
Ran OTL
Ran an ESET Online Scan which detected the following: C:\Users\Raft\AppData\Roaming\Skype\julesraft\httpfe\WPDShextAutoplay.exe a variant of Win32/Kryptik.AOQT trojan (cleaned by deleting - quarantined)
After a reboot Avira detected 9 hidden object and a Malwarebytes detected the same infection. I then ran off to work and this evening I have rebooted and re-run Avira and Malwarebytes. The former still detects 9 hidden objects but Malwarebytes doesn't detect anything.
I have attached the DDS logs below:
DDS (Ver_2012-11-07.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16455 BrowserJavaVersion: 10.9.2
Run by Raft at 20:11:56 on 2012-11-15
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.4061.2793 [GMT 0:00]
.
AV: Lavasoft Ad-Aware *Disabled/Updated* {445B48C3-0FA4-6B16-8F07-6506F305D800}
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Lavasoft Ad-Aware *Disabled/Updated* {FF3AA927-299E-6498-B5B7-5E74888292BD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Lavasoft Ad-Aware *Disabled* {7C60C9E6-45CB-6A4E-A458-CC330DD69F7B}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
C:\PROGRA~2\AD-AWA~1\AdAware.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
C:\Windows\splwow64.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [AlcoholAutomount] "C:\Program Files (x86)\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe" -automount
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
mRun: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
TCP: NameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{BF339D0F-1AB2-49F5-BA87-5212C7F8F7DE} : DHCPNameServer = 194.168.4.100 194.168.8.100
SSODL: WebCheck - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2012-5-18 27760]
R1 SBRE;SBRE;C:\Windows\System32\drivers\sbredrv.sys [2012-11-14 57976]
R2 Ad-Aware Service;Ad-Aware Service;C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2012-9-20 1236368]
R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2012-5-18 86224]
R2 AntiVirService;Avira Realtime Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2012-5-18 110032]
R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2012-5-18 98848]
R2 SBAMSvc;Ad-Aware;C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [2011-12-19 3289032]
R2 sbapifs;sbapifs;C:\Windows\System32\drivers\sbapifs.sys [2011-11-29 74872]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-11-13 1153368]
R2 StarWindServiceAE;StarWind AE Service;C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe [2009-12-23 370688]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);C:\Windows\System32\drivers\L1C62x64.sys [2009-6-10 57344]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2009-9-15 6952960]
R3 winbondcir;Winbond IR Transceiver;C:\Windows\System32\drivers\winbondcir.sys [2007-3-28 46592]
S2 AxAutoMntSrv;Alcohol Virtual Drive Auto-mount Service;C:\Program Files (x86)\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe [2012-1-5 75624]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-5-18 20992]
S3 RTCore64;RTCore64;C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [2012-5-14 10568]
S3 sbhips;sbhips;C:\Windows\System32\drivers\sbhips.sys [2012-11-14 60536]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-5-19 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-5-18 1255736]
.
=============== Created Last 30 ================
.
2012-11-14 22:19:14 -------- d-----w- C:\Program Files (x86)\ESET
2012-11-14 19:50:54 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
2012-11-14 19:50:54 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys
2012-11-14 19:50:54 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2012-11-14 19:50:53 9728 ----a-w- C:\Windows\System32\Wdfres.dll
2012-11-14 19:32:38 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
2012-11-14 19:32:38 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
2012-11-14 19:32:35 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
2012-11-14 19:32:34 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
2012-11-14 19:32:32 744448 ----a-w- C:\Windows\System32\WUDFx.dll
2012-11-14 19:32:32 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
2012-11-14 19:32:32 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
2012-11-14 19:26:58 95744 ----a-w- C:\Windows\System32\synceng.dll
2012-11-14 19:26:58 78336 ----a-w- C:\Windows\SysWow64\synceng.dll
2012-11-14 18:51:43 -------- d-----w- C:\Users\Raft\AppData\Roaming\LavasoftStatistics
2012-11-14 18:47:24 60536 ----a-w- C:\Windows\System32\drivers\sbhips.sys
2012-11-14 18:47:23 57976 ----a-w- C:\Windows\System32\drivers\sbredrv.sys
2012-11-14 18:47:23 45936 ----a-w- C:\Windows\System32\sbbd.exe
2012-11-14 18:47:21 -------- d-----w- C:\Program Files (x86)\Ad-Aware Antivirus
2012-11-14 18:47:09 -------- d-----w- C:\Users\Raft\AppData\Local\Downloaded Installations
2012-11-14 18:46:58 -------- d-----w- C:\Users\Raft\AppData\Local\adawarebp
2012-11-14 18:46:58 -------- d-----w- C:\ProgramData\blekko toolbars
2012-11-14 18:46:57 -------- d-----w- C:\ProgramData\Ad-Aware Browsing Protection
2012-11-14 18:46:51 -------- d-----w- C:\Program Files (x86)\adawaretb
2012-11-14 18:46:49 -------- d-----w- C:\Program Files (x86)\Toolbar Cleaner
2012-11-14 18:45:54 -------- d-----w- C:\Users\Raft\AppData\Roaming\Ad-Aware Antivirus
2012-11-14 18:42:44 -------- d-----w- C:\Program Files (x86)\Trend Micro
2012-11-13 21:28:04 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2012-11-13 21:27:16 -------- d-----w- C:\Program Files\iPod
2012-11-13 21:27:15 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-11-13 21:27:15 -------- d-----w- C:\Program Files\iTunes
2012-11-13 19:21:00 -------- d-----w- C:\Program Files\CCleaner
2012-11-13 19:06:27 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-11-13 19:06:27 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-11-13 19:03:16 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2012-11-13 19:00:16 -------- d-----w- C:\Users\Raft\AppData\Roaming\Malwarebytes
2012-11-13 19:00:10 -------- d-----w- C:\ProgramData\Malwarebytes
2012-11-13 19:00:09 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-11-13 19:00:09 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-11-10 18:00:14 -------- d-----w- C:\GOG Games
2012-11-10 18:00:07 -------- d-----w- C:\Users\Raft\AppData\Local\Programs
2012-11-10 15:51:07 -------- d-----w- C:\Arcanum
2012-10-23 19:24:56 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-10-23 19:24:56 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-10-23 19:24:51 715776 ----a-w- C:\Windows\System32\kerberos.dll
2012-10-23 19:24:51 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll
2012-10-23 19:24:46 1464320 ----a-w- C:\Windows\System32\crypt32.dll
2012-10-23 19:24:44 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-10-23 19:24:44 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-10-23 19:24:44 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-10-23 19:24:44 1159680 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-10-23 19:24:44 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
.
==================== Find3M ====================
.
2012-11-13 19:02:59 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-11-13 19:02:59 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-10-18 18:25:58 3149824 ----a-w- C:\Windows\System32\win32k.sys
2012-10-09 18:17:13 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll
2012-10-09 18:17:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll
2012-10-09 17:40:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40:31 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll
2012-10-08 11:31:03 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-10-08 11:23:52 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-10-08 11:22:55 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-10-08 11:18:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-10-08 11:17:35 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-10-08 11:13:33 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-10-08 07:56:24 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-10-08 07:48:03 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-10-08 07:47:44 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-10-08 07:44:05 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-10-08 07:43:21 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-10-08 07:40:56 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-10-03 17:56:54 1914248 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-10-03 17:44:21 70656 ----a-w- C:\Windows\System32\nlaapi.dll
2012-10-03 17:44:21 303104 ----a-w- C:\Windows\System32\nlasvc.dll
2012-10-03 17:44:17 246272 ----a-w- C:\Windows\System32\netcorehc.dll
2012-10-03 17:44:17 18944 ----a-w- C:\Windows\System32\netevent.dll
2012-10-03 17:44:16 216576 ----a-w- C:\Windows\System32\ncsi.dll
2012-10-03 17:42:16 569344 ----a-w- C:\Windows\System32\iphlpsvc.dll
2012-10-03 16:42:24 18944 ----a-w- C:\Windows\SysWow64\netevent.dll
2012-10-03 16:42:24 175104 ----a-w- C:\Windows\SysWow64\netcorehc.dll
2012-10-03 16:42:23 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll
2012-10-03 16:07:26 45568 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys
2012-08-31 18:19:35 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2012-08-30 18:03:45 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-08-30 17:12:02 3968880 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-08-30 17:12:02 3914096 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-08-24 18:05:07 220160 ----a-w- C:\Windows\System32\wintrust.dll
2012-08-24 16:57:48 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-08-22 18:12:40 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
2012-08-22 18:12:40 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
2012-08-22 18:12:33 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-08-21 21:01:00 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe
2012-08-21 13:01:20 125872 ----a-w- C:\Windows\System32\GEARAspi64.dll
2012-08-21 13:01:20 106928 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
2012-08-20 18:48:44 362496 ----a-w- C:\Windows\System32\wow64win.dll
2012-08-20 18:48:44 243200 ----a-w- C:\Windows\System32\wow64.dll
2012-08-20 18:48:44 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2012-08-20 18:48:43 215040 ----a-w- C:\Windows\System32\winsrv.dll
2012-08-20 18:48:37 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2012-08-20 18:48:35 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2012-08-20 18:46:22 338432 ----a-w- C:\Windows\System32\conhost.exe
2012-08-20 17:40:21 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2012-08-20 17:38:44 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2012-08-20 17:38:26 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2012-08-20 17:37:19 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2012-08-20 17:37:18 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2012-08-20 15:38:21 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2012-08-20 15:38:20 2048 ----a-w- C:\Windows\SysWow64\user.exe
2012-08-20 15:33:28 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-08-20 15:33:28 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 15:33:28 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 15:33:28 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
.
============= FINISH: 20:12:05.25 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-07.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume2
Install Date: 18/05/2012 23:04:46
System Uptime: 15/11/2012 19:00:19 (1 hours ago)
.
Motherboard: Acer | | JM50-MV
Processor: Intel® Core™2 Duo CPU T6500 @ 2.10GHz | U2E1 | 2100/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 282 GiB total, 227.721 GiB free.
D: is CDROM ()
F: is CDROM ()
G: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP51: 13/11/2012 19:01:31 - Installed Java 7 Update 9
RP52: 13/11/2012 22:37:04 - Installed Java™ 7 Update 4
RP53: 14/11/2012 19:31:26 - Windows Update
RP54: 15/11/2012 18:30:27 - Removed Steam
RP55: 15/11/2012 18:32:59 - Removed Skype™ 5.10
.
==== Installed Programs ======================
.
2007 Microsoft Office Suite Service Pack 2 (SP2)
7-Zip 9.20 (x64 edition)
Ad-Aware Antivirus
Ad-Aware Browsing Protection
Adobe Flash Player 11 ActiveX 64-bit
Adobe Reader X (10.1.4)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Avira Free Antivirus
Bonjour
CCleaner
ESET Online Scanner v3
HijackThis 2.0.2
iTunes
Java 7 Update 9
Java Auto Updater
Java™ 7 Update 4
JavaFX 2.1.1
Malwarebytes Anti-Malware version 1.65.1.1000
Media Player Classic - Home Cinema 1.6.1.4235 x64
Microsoft .NET Framework 4 Client Profile
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
MSI Afterburner 2.2.1
MSI Kombustor 2.3.0
NVIDIA Control Panel 301.42
NVIDIA Graphics Driver 301.42
NVIDIA HD Audio Driver 1.3.16.0
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 9.12.0213
NVIDIA Update 1.8.15
NVIDIA Update Components
Picasa 3
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
SpeedFan (remove only)
Spybot - Search & Destroy
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
VLC media player 2.0.1
.
==== Event Viewer Messages From Past Week ========
.
15/11/2012 19:00:54, Error: Service Control Manager [7000] - The atksgt service failed to start due to the following error: This driver has been blocked from loading
15/11/2012 19:00:54, Error: Application Popup [875] - Driver atksgt.sys has been blocked from loading.
13/11/2012 21:26:13, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Apple Mobile Device service, but this action failed with the following error: An instance of the service is already running.
13/11/2012 21:25:13, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
13/11/2012 21:24:41, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
13/11/2012 21:14:39, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
13/11/2012 18:54:41, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Apple Mobile Device service to connect.
13/11/2012 18:54:41, Error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/11/2012 15:42:12, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume E:.
.
==== End Of File ===========================
Laptop infected with Trojan.ZbotR
in Resolved Malware Removal Logs
Posted
That sounds worrying. I will definitely format and re-install Windows 7 on this laptop then. I do have 2 quick questions:
1) I have an external HDD which contains a lot of backed up stuff which I do not want to lose. However, this HDD has been recently used on this laptop. I have no clue if the infection may have come from the HDD or if the HDD has been infected by the laptop. Is there anyway to ensure that the HDD is clean without formatting?
2) I also have a desktop PC which I recently ran a routine scan on and is showing a hidden object in Avira but no other signs. Malwarebytes, ESET and Avira are not picking up any infection. Considering the external HDD has been used on both computers do you recommend that the desktop should also be reformatted or should I post the DSS logs on this forum to see if there is any actual infection? Keeping in mind that Avira did not detect any hidden objects a couple of weeks ago.
Many thanks for all your help with this.
jraftop