Jump to content

Is my PC infected?


AntP

Recommended Posts

I made a topic in the Generam MBAM Forum yesterday regarding recent updating problems. I ran DDS as requested, and I was advised to create a topic here to address certain problems. Here are the logs created when I ran it yesterday. My PC doesn't appear to be showing obvious symptoms of infection, but better safe than sorry.

dds.txt

attach.txt

Link to post
Share on other sites

Hello AntP! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.

Step 1

Please uninstall this application: Vuze

Step 2

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Step 3

Download aswMBR.exe to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan

aswMBR2-1.gif

On completion of the scan click save log, save it to your desktop and post in your next reply

aswMBR2.png

In your next reply, post the following log files:

  • Malwarebytes' Anti-Malware log
  • aswMBR log
  • a new fresh DDS log

Link to post
Share on other sites

For privacy, I've replaced references to my name with XXXXX.

Malwarebytes quick scan log:

Malwarebytes Anti-Malware 1.65.1.1000

www.malwarebytes.org

Database version: v2012.11.11.07

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

XXXXX :: XXXXX [administrator]

11/11/2012 20:52:18

mbam-log-2012-11-11 (20-52-18).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 223753

Time elapsed: 2 minute(s), 36 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

aswMBR scan log:

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software

Run date: 2012-11-11 20:56:42

-----------------------------

20:56:42.319 OS Version: Windows x64 6.1.7601 Service Pack 1

20:56:42.319 Number of processors: 8 586 0x1E05

20:56:42.319 ComputerName: XXXXX UserName:

20:56:43.411 Initialize success

20:56:58.461 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

20:56:58.461 Disk 0 Vendor: WDC_WD10 80.0 Size: 953869MB BusType: 3

20:56:58.477 Disk 0 MBR read successfully

20:56:58.477 Disk 0 MBR scan

20:56:58.492 Disk 0 Windows 7 default MBR code

20:56:58.492 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 23552 MB offset 2048

20:56:58.508 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 48236544

20:56:58.508 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 464846 MB offset 48441344

20:56:58.523 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 465369 MB offset 1000445952

20:56:58.555 Disk 0 scanning C:\Windows\system32\drivers

20:57:04.280 Service scanning

20:57:15.200 Modules scanning

20:57:15.200 Disk 0 trace - called modules:

20:57:15.231 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll

20:57:15.247 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80065cf790]

20:57:15.247 3 CLASSPNP.SYS[fffff88001b2c43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80062f7050]

20:57:15.262 Scan finished successfully

20:57:22.641 Disk 0 MBR has been saved successfully to "C:\Users\XXXXX\Desktop\MBR.dat"

20:57:22.641 The log file has been saved successfully to "C:\Users\XXXXX\Desktop\aswMBR.txt"

First DDS log:

DDS (Ver_2012-11-07.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16450

Run by XXXXX at 20:59:13 on 2012-11-11

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.6135.4364 [GMT 0:00]

.

AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\atieclxx.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe

C:\Program Files (x86)\Packard Bell\Hotkey Utility\HotkeyUtility.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe

C:\OEM\USBDECTION\USBS3S4Detection.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\Packard Bell\Hotkey Utility\HotkeyUI.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\WUDFHost.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://mail.aol.com/33490-111/aol-6/en-gb/Suite.aspx

uDefault_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0809&m=ipower_g5800&r=17360411h116pe445v175y56412427

mStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0809&m=ipower_g5800&r=17360411h116pe445v175y56412427

mDefault_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0809&m=ipower_g5800&r=17360411h116pe445v175y56412427

mWinlogon: Userinit = userinit.exe,

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [RoccatKova+] "C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.EXE"

mRun: [Hotkey Utility] C:\Program Files (x86)\Packard Bell\Hotkey Utility\HotkeyUtility.exe

mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC} - <orphaned>

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab

DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: NameServer = 192.168.1.254

TCP: Interfaces\{BB45D8D3-78B6-4398-8309-1FF8FEF3A0C2} : DHCPNameServer = 192.168.1.254

TCP: Interfaces\{BB45D8D3-78B6-4398-8309-1FF8FEF3A0C2}\244564F4E4 : DHCPNameServer = 192.168.22.22 192.168.22.23

TCP: Interfaces\{BB45D8D3-78B6-4398-8309-1FF8FEF3A0C2}\244584F6D65684572623D243934325 : DHCPNameServer = 192.168.1.254

TCP: Interfaces\{BB45D8D3-78B6-4398-8309-1FF8FEF3A0C2}\2445F40756E6A7F6E656 : DHCPNameServer = 192.168.22.22 192.168.22.23

TCP: Interfaces\{CF03636F-AA3D-4E24-A09A-8FB02E93DB56} : DHCPNameServer = 192.168.1.254

TCP: Interfaces\{CF03636F-AA3D-4E24-A09A-8FB02E93DB56}\244584F6D65684572623D243934325 : DHCPNameServer = 192.168.1.254

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SSODL: WebCheck - <orphaned>

x64-mStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0809&m=ipower_g5800&r=17360411h116pe445v175y56412427

x64-mDefault_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0809&m=ipower_g5800&r=17360411h116pe445v175y56412427

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL

x64-Run: [iAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe

x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-SSODL: WebCheck - <orphaned>

Hosts: 78.140.176.186 filesonic.com www.filesonic.com

Hosts: 94.75.229.70 crocko.com www.crocko.com

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\r3m9hdu0.default\

FF - prefs.js: browser.startup.homepage - hxxps://mail.google.com

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll

FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll

FF - plugin: C:\Windows\SysWOW64\npmproxy.dll

FF - ExtSQL: 2012-10-18 11:08; https-everywhere@eff.org; C:\Users\XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\r3m9hdu0.default\extensions\https-everywhere@eff.org

FF - ExtSQL: 2012-10-18 11:16; en-GB@dictionaries.addons.mozilla.org; C:\Users\XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\r3m9hdu0.default\extensions\en-GB@dictionaries.addons.mozilla.org

FF - ExtSQL: 2012-10-18 11:16; scriptish@erikvold.com; C:\Users\XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\r3m9hdu0.default\extensions\scriptish@erikvold.com.xpi

.

============= SERVICES / DRIVERS ===============

.

R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-4-3 55024]

R1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2012-10-17 27800]

R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-9 169312]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-7-28 204288]

R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2012-10-17 84256]

R2 AntiVirService;Avira Real-Time Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2012-10-17 108320]

R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2012-10-17 99248]

R2 Greg_Service;GRegService;C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe [2009-8-28 1150496]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-2 382824]

R2 Updater Service;Updater Service;C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [2010-3-30 243232]

R2 USBS3S4Detection;USBS3S4Detection;C:\OEM\USBDECTION\USBS3S4Detection.exe [2009-12-10 76320]

R3 KovaPlusFltr;ROCCAT Kova[+] Mouse;C:\Windows\System32\drivers\KovaPlusFltr.sys [2010-1-25 15104]

R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2010-3-30 763904]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-3-30 346144]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2011-6-6 231440]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-10-24 19456]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-10-24 57856]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-4-4 1255736]

.

=============== Created Last 30 ================

.

2012-11-11 18:01:22 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{0FE20662-D3F5-4946-80F1-FF6C0926A081}\offreg.dll

2012-11-10 08:15:37 -------- d-----w- C:\Users\XXXXX\AppData\Roaming\Malwarebytes

2012-11-10 08:15:31 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-11-10 08:15:31 -------- d-----w- C:\ProgramData\Malwarebytes

2012-11-10 08:15:31 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-11-09 07:51:21 9291768 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{0FE20662-D3F5-4946-80F1-FF6C0926A081}\mpengine.dll

2012-10-18 10:03:51 -------- d-----w- C:\Users\XXXXX\AppData\Local\Mozilla

2012-10-18 10:02:49 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-10-18 10:02:49 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-10-17 08:22:30 -------- d-----w- C:\Users\XXXXX\AppData\Roaming\Avira

2012-10-17 08:17:09 99248 ----a-w- C:\Windows\System32\drivers\avgntflt.sys

2012-10-17 08:17:09 27800 ----a-w- C:\Windows\System32\drivers\avkmgr.sys

2012-10-17 08:17:09 -------- d-----w- C:\ProgramData\Avira

2012-10-17 08:17:09 -------- d-----w- C:\Program Files (x86)\Avira

.

==================== Find3M ====================

.

2012-10-02 19:51:15 3536817 ----a-w- C:\Windows\System32\nvcoproc.bin

2012-10-02 19:51:11 3293544 ----a-w- C:\Windows\System32\nvsvc64.dll

2012-10-02 19:51:04 6200680 ----a-w- C:\Windows\System32\nvcpl.dll

2012-10-02 19:50:57 891240 ----a-w- C:\Windows\System32\nvvsvc.exe

2012-10-02 19:50:57 63336 ----a-w- C:\Windows\System32\nvshext.dll

2012-10-02 19:50:57 2557800 ----a-w- C:\Windows\System32\nvsvcr.dll

2012-10-02 19:50:57 118120 ----a-w- C:\Windows\System32\nvmctray.dll

2012-10-02 12:15:52 430952 ----a-w- C:\Windows\SysWow64\nvStreaming.exe

2012-09-14 19:19:29 2048 ----a-w- C:\Windows\System32\tzres.dll

2012-09-14 18:28:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2012-08-31 18:19:35 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys

2012-08-30 18:03:45 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-08-30 17:12:02 3968880 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-08-30 17:12:02 3914096 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-08-24 18:13:17 154480 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys

2012-08-24 18:09:34 458712 ----a-w- C:\Windows\System32\drivers\cng.sys

2012-08-24 18:05:07 220160 ----a-w- C:\Windows\System32\wintrust.dll

2012-08-24 18:05:03 340992 ----a-w- C:\Windows\System32\schannel.dll

2012-08-24 18:04:18 307200 ----a-w- C:\Windows\System32\ncrypt.dll

2012-08-24 18:03:09 1448448 ----a-w- C:\Windows\System32\lsasrv.dll

2012-08-24 16:57:48 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll

2012-08-24 16:57:40 247808 ----a-w- C:\Windows\SysWow64\schannel.dll

2012-08-24 16:57:40 22016 ----a-w- C:\Windows\SysWow64\secur32.dll

2012-08-24 16:57:37 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll

2012-08-24 16:53:35 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll

2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll

2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll

2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-08-23 14:13:11 243200 ----a-w- C:\Windows\System32\rdpudd.dll

2012-08-23 14:10:20 19456 ----a-w- C:\Windows\System32\drivers\rdpvideominiport.sys

2012-08-23 14:07:35 57856 ----a-w- C:\Windows\System32\drivers\TsUsbFlt.sys

2012-08-23 13:47:20 46592 ----a-w- C:\Windows\SysWow64\MsRdpWebAccess.dll

2012-08-23 13:46:20 16896 ----a-w- C:\Windows\SysWow64\wksprtPS.dll

2012-08-23 13:41:52 13312 ----a-w- C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe

2012-08-23 13:40:56 13312 ----a-w- C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll

2012-08-23 13:24:57 15360 ----a-w- C:\Windows\System32\RdpGroupPolicyExtension.dll

2012-08-23 13:20:40 54272 ----a-w- C:\Windows\System32\MsRdpWebAccess.dll

2012-08-23 13:18:14 37376 ----a-w- C:\Windows\SysWow64\tsgqec.dll

2012-08-23 13:17:54 18432 ----a-w- C:\Windows\System32\wksprtPS.dll

2012-08-23 13:06:58 43520 ----a-w- C:\Windows\System32\TsUsbGDCoInstaller.dll

2012-08-23 12:52:53 44032 ----a-w- C:\Windows\System32\tsgqec.dll

2012-08-23 11:20:06 62976 ----a-w- C:\Windows\System32\TSWbPrxy.exe

2012-08-23 11:15:57 269312 ----a-w- C:\Windows\SysWow64\aaclient.dll

2012-08-23 11:14:09 384000 ----a-w- C:\Windows\System32\wksprt.exe

2012-08-23 11:12:17 192000 ----a-w- C:\Windows\SysWow64\rdpendp_winip.dll

2012-08-23 10:54:24 322560 ----a-w- C:\Windows\System32\aaclient.dll

2012-08-23 10:51:14 228864 ----a-w- C:\Windows\System32\rdpendp_winip.dll

2012-08-23 10:39:24 1048064 ----a-w- C:\Windows\SysWow64\mstsc.exe

2012-08-23 10:22:22 1123840 ----a-w- C:\Windows\System32\mstsc.exe

2012-08-23 09:51:57 3174912 ----a-w- C:\Windows\System32\rdpcorets.dll

2012-08-23 08:19:01 4916224 ----a-w- C:\Windows\SysWow64\mstscax.dll

2012-08-23 08:13:07 5773824 ----a-w- C:\Windows\System32\mstscax.dll

2012-08-22 18:12:50 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2012-08-22 18:12:40 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys

2012-08-22 18:12:40 376688 ----a-w- C:\Windows\System32\drivers\netio.sys

2012-08-22 18:12:33 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS

2012-08-21 21:01:00 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe

2012-08-21 12:01:20 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys

2012-08-21 12:01:20 125872 ----a-w- C:\Windows\System32\GEARAspi64.dll

2012-08-21 12:01:20 106928 ----a-w- C:\Windows\SysWow64\GEARAspi.dll

2012-08-20 18:48:44 362496 ----a-w- C:\Windows\System32\wow64win.dll

2012-08-20 18:48:44 243200 ----a-w- C:\Windows\System32\wow64.dll

2012-08-20 18:48:44 13312 ----a-w- C:\Windows\System32\wow64cpu.dll

2012-08-20 18:48:43 215040 ----a-w- C:\Windows\System32\winsrv.dll

2012-08-20 18:48:37 16384 ----a-w- C:\Windows\System32\ntvdm64.dll

2012-08-20 18:48:35 424448 ----a-w- C:\Windows\System32\KernelBase.dll

2012-08-20 18:46:22 338432 ----a-w- C:\Windows\System32\conhost.exe

2012-08-20 17:40:21 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2012-08-20 17:38:44 44032 ----a-w- C:\Windows\apppatch\acwow64.dll

2012-08-20 17:38:26 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2012-08-20 17:37:19 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2012-08-20 17:37:18 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll

2012-08-20 15:38:21 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2012-08-20 15:38:20 2048 ----a-w- C:\Windows\SysWow64\user.exe

2012-08-20 15:33:28 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

2012-08-20 15:33:28 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

2012-08-20 15:33:28 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

2012-08-20 15:33:28 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

.

============= FINISH: 20:59:31.38 ===============

Second DDS log:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-07.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 03/04/2011 13:12:23

System Uptime: 11/11/2012 07:45:43 (13 hours ago)

.

Motherboard: Packard Bell | | ipower G5800

Processor: Intel® Core i7 CPU 860 @ 2.80GHz | CPU 1 | 2772/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 454 GiB total, 384.908 GiB free.

D: is FIXED (NTFS) - 454 GiB total, 454.355 GiB free.

E: is CDROM ()

F: is Removable

G: is Removable

H: is Removable

I: is Removable

J: is Removable

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318}

Description: Microsoft PS/2 Mouse

Device ID: ACPI\PNP0F03\4&DC382E&0

Manufacturer: Microsoft

Name: Microsoft PS/2 Mouse

PNP Device ID: ACPI\PNP0F03\4&DC382E&0

Service: i8042prt

.

==== System Restore Points ===================

.

RP350: 06/11/2012 08:42:31 - Windows Update

RP351: 10/11/2012 08:06:57 - Reinstalling MBAM

RP352: 11/11/2012 16:30:56 - Removed Steam

RP353: 11/11/2012 20:46:59 - MBAM

.

==== Installed Programs ======================

.

Acrobat.com

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Photoshop Elements 8.0

Adobe Reader X (10.1.4)

Advertising Center

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Avira Free Antivirus

Bejeweled 2 Deluxe

BioShock 2

Blasterball 3

Bob the Builder Can-Do-Zoo

Bonjour

Build-a-lot 2

Catalyst Control Center InstallProxy

CCleaner

CDisplayEx 1.8

Chicken Invaders 3 - Revenge of the Yolk

Combined Community Codec Pack 2011-11-11

Compatibility Pack for the 2007 Office system

CyberLink MediaShow

D3DX10

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Escape Rosecliff Island

Faerie Solitaire

FATE - The Traitor Soul

Google Update Helper

Hotkey Utility

Identity Card

ImagXpress

Insaniquarium Deluxe

Intel® Matrix Storage Manager

iTunes

Jewel Quest

Jewel Quest Solitaire 3

Junk Mail filter update

Mahjongg Artifacts

Malwarebytes Anti-Malware version 1.65.1.1000

Media Player Classic - Home Cinema 1.6.0.4014 x64

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Home and Business 2010

Microsoft Office Office 64-bit Components 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared 64-bit MUI (English) 2010

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Single Image 2010

Microsoft Office Suite Activation Assistant

Microsoft Office Word MUI (English) 2010

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft Works

Mozilla Firefox 16.0.2 (x86 en-US)

Mozilla Maintenance Service

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Nero 9 Essentials

Nero ControlCenter

Nero DiscSpeed

Nero DiscSpeed Help

Nero DriveSpeed

Nero DriveSpeed Help

Nero Express Help

Nero InfoTool

Nero InfoTool Help

Nero Installer

Nero Online Upgrade

Nero StartSmart

Nero StartSmart Help

Nero StartSmart OEM

NeroExpress

neroxml

NVIDIA 3D Vision Controller Driver

NVIDIA 3D Vision Controller Driver 306.97

NVIDIA 3D Vision Driver 306.97

NVIDIA Control Panel 306.97

NVIDIA Graphics Driver 306.97

NVIDIA HD Audio Driver 1.3.18.0

NVIDIA Install Application

NVIDIA PhysX

NVIDIA Stereoscopic 3D Driver

NVIDIA Update 1.10.8

NVIDIA Update Components

Packard Bell Game Console

Packard Bell Games

Packard Bell InfoCentre

Packard Bell Recovery Management

Packard Bell Registration

Packard Bell ScreenSaver

Packard Bell Software Suite SE

Packard Bell Updater

Penguins!

Photo Frame

Polar Bowler

Polar Golfer

Polar Pool

Realtek Ethernet Controller Driver For Windows 7

Realtek High Definition Audio Driver

ROCCAT Kova[+] Mouse Driver

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2553260) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589322) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition

Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition

Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)

Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition

Security Update for Microsoft Word 2010 (KB2553488) 32-Bit Edition

Swiff Player 1.7.2

swMSM

System Requirements Lab

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2598289) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition

Virtual Families

Virtual Villagers - A New Home

VoiceOver Kit

Welcome Center

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live Mail

Windows Live Messenger

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live Sync

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

WinRAR 4.00 (64-bit)

Yahtzee

Zuma Deluxe

.

==== Event Viewer Messages From Past Week ========

.

11/11/2012 07:48:17, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The system cannot find the file specified.

10/11/2012 08:10:43, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: %%-2147023781

05/11/2012 17:57:30, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk6\DR20.

05/11/2012 16:42:45, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk6\DR18.

05/11/2012 16:37:45, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk6\DR17.

05/11/2012 16:20:47, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk6\DR16.

05/11/2012 16:14:34, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk6\DR15.

05/11/2012 16:13:21, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk6\DR12.

05/11/2012 16:12:28, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk6\DR10.

05/11/2012 16:10:00, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk6\DR8.

05/11/2012 16:08:36, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk6\DR7.

05/11/2012 16:06:45, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk6\DR6.

.

==== End Of File ===========================

Is it necessary to keep the MBR.dat file that was created after the aswMBR scan?

Link to post
Share on other sites

No, you don't need it.

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\ESET\Eset Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic

Link to post
Share on other sites

Here's what was in the log. I'm not sure if there's supposed to be more to it.

ESETSmartInstaller@High as CAB hook log:

OnlineScanner64.ocx - registred OK

OnlineScanner.ocx - registred OK

If it helps, here's the information that was displayed in the scanner window after the scan had finished.

Scanned files: 165785

Infected files: 0

Cleaned files: 0

Total scan time: 01:05:44

Scan status: Finished

I have a quick question. Will I be able to reinstall Vuze when this is all over?

Link to post
Share on other sites

Sorry for double posting, but someone has found a solution to my previous problem, and MBAM is updating just fine now. Since everything else on my PC seems to be working fine as well, I don't think I need any more help. Thanks for everything :).

Link to post
Share on other sites

  • 2 weeks later...

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.