Jump to content

is my computer safe after 0access trojan removal?

AsterNik

By AsterNik
in Resolved Malware Removal Logs

 Share

Recommended Posts

AsterNik

AsterNik

Posted
Posted

Dear experts,

 

 

Recently, the mbar anti rootkit scan detected 0access trojan:

 

Folders Detected: 1
C:\Windows\system64 (Trojan.0Access) -> Delete on reboot.
 
Going through the forum here and applying various advices, tools antiviruses etc, it seems to be infection clean now... However, I will attach files from TDSSkiller, combofix, DDS etc for your kind analysis of my computer current security status. I will appreciate an expert's advice if it's now safe to use for on-line banking, etc, as zeroaccess might be quite nasty. Thank you in advance for your help - I am an telecom engineer, so I would appreciate geeky analysis of attached files ;-)
 
Nik
 
P.S. From DDS I will juxt copy below, and reports from other tools are attached zipped.
 
DDS.txt:
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.16428  BrowserJavaVersion: 10.45.2
Run by NikDim at 21:20:42 on 2013-11-14
#Option Extended Search is enabled.
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4095.2573 [GMT 1:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\alg.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\HP Laser Gaming Mouse with VoodooDNA\hid.exe
C:\Program Files (x86)\WordWeb\wweb32.exe
C:\Program Files (x86)\HP Laser Gaming Mouse with VoodooDNA\Tray.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Users\NikDim\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\NikDim\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\NikDim\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\NikDim\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\NikDim\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\NikDim\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\NikDim\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\NikDim\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\NikDim\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\NikDim\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
mRun: [HP VoodooDNA Mouse] "C:\Program Files (x86)\HP Laser Gaming Mouse with VoodooDNA\hid.exe"
mRun: [WordWeb] "C:\Program Files (x86)\WordWeb\wweb32.exe" -startup
mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: EnableShellExecuteHooks = dword:1
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
 
 
 
 
 
 
TCP: NameServer = 192.168.1.1 0.0.0.0
TCP: Interfaces\{AA163233-FB76-46E7-A286-29B31805DBCF} : DHCPNameServer = 192.168.1.1 0.0.0.0
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
.
INFO: x64-HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2013-3-31 82600]
R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2013-3-31 42664]
R0 gfibto;gfibto;C:\Windows\System32\drivers\gfibto.sys [2013-5-12 14456]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-9-27 248240]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-8-30 239616]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2013-8-30 344064]
R2 AODDriver4.2;AODDriver4.2;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-11-20 57512]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-7-5 96256]
R3 GamingMsFltr;HP HDX Mouse;C:\Windows\System32\drivers\gamingms.sys [2009-12-7 11520]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-1-17 349800]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2011-1-17 38456]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-8 104912]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-8 123856]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-7-25 162672]
S3 Abyssus;Razer Abyssus;C:\Windows\System32\drivers\Abyssus.sys [2011-6-18 10880]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\System32\drivers\ssadadb.sys [2011-5-13 36328]
S3 gfiark;gfiark;C:\Windows\System32\drivers\gfiark.sys [2013-5-12 39504]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-11-14 111616]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-9-27 134944]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 348376]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-4 19456]
S3 RTL8192cu;Realtek RTL8192CU Wireless LAN 802.11n USB 2.0 Network Adapter;C:\Windows\System32\drivers\rtl8192cu.sys [2011-6-18 627744]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\System32\drivers\ssadbus.sys [2011-5-13 157672]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\System32\drivers\ssadmdfl.sys [2011-5-13 16872]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\System32\drivers\ssadmdm.sys [2011-5-13 177640]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);C:\Windows\System32\drivers\ssadserd.sys [2011-5-13 146920]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-11-14 56832]
S3 VKbms;Virtual HID Minidriver;C:\Windows\System32\drivers\VKbms.sys [2011-6-18 13312]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-6-17 1255736]
S4 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-8-6 291896]
S4 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]
.
=============== Created Last 60 ================
.
2013-11-14 19:47:07 -------- d-sh--w- C:\$RECYCLE.BIN
2013-11-14 19:47:04 -------- d-----w- C:\Users\NikDim\AppData\Local\temp
2013-11-14 15:55:09 10280728 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DFFEB2B9-112A-4B7B-918B-114E1AA8C182}\mpengine.dll
2013-11-14 03:12:42 965000 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CB5B0126-4438-4F2F-AE90-5ECE0FB53868}\gapaengine.dll
2013-11-14 03:12:38 10280728 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-11-14 03:07:04 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2013-11-14 03:07:04 194048 ----a-w- C:\Windows\SysWow64\elshyph.dll
2013-11-14 03:05:29 44544 ----a-w- C:\Windows\System32\TsUsbGDCoInstaller.dll
2013-11-14 03:04:39 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2013-11-14 03:04:37 -------- d-----w- C:\Program Files\Microsoft Security Client
2013-11-14 03:01:18 197120 ----a-w- C:\Windows\System32\credui.dll
2013-11-14 03:01:18 1930752 ----a-w- C:\Windows\System32\authui.dll
2013-11-14 03:01:18 190464 ----a-w- C:\Windows\System32\SmartcardCredentialProvider.dll
2013-11-14 03:01:18 1796096 ----a-w- C:\Windows\SysWow64\authui.dll
2013-11-14 03:01:18 168960 ----a-w- C:\Windows\SysWow64\credui.dll
2013-11-14 03:01:18 152576 ----a-w- C:\Windows\SysWow64\SmartcardCredentialProvider.dll
2013-11-13 09:42:13 1474048 ----a-w- C:\Windows\System32\crypt32.dll
2013-11-13 09:41:57 792576 ----a-w- C:\Windows\SysWow64\TSWorkspace.dll
2013-11-13 09:41:57 1030144 ----a-w- C:\Windows\System32\TSWorkspace.dll
2013-11-13 02:01:50 98816 ----a-w- C:\Windows\sed.exe
2013-11-13 02:01:50 256000 ----a-w- C:\Windows\PEV.exe
2013-11-13 02:01:50 208896 ----a-w- C:\Windows\MBR.exe
2013-11-13 01:51:52 -------- d-----w- C:\TDSSKiller_Quarantine
2013-11-12 23:00:12 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2013-11-12 22:37:16 -------- d-----w- C:\AdwCleaner
2013-11-07 05:04:59 2582888 ----a-w- C:\Windows\System32\D3DCompiler_42.dll
2013-11-03 02:04:08 -------- d-----w- C:\Users\NikDim\AppData\Local\WarThunder
2013-11-03 02:04:08 -------- d-----w- C:\ProgramData\WarThunder
2013-10-29 23:57:30 -------- d-----w- C:\Users\NikDim\openvr
2013-10-21 03:02:10 -------- d-----w- C:\Users\NikDim\AppData\Local\Apps
2013-10-18 17:58:46 -------- d-----w- C:\ProgramData\Oracle
2013-10-18 17:58:15 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-10-17 19:52:21 -------- d-----w- C:\Users\NikDim\AppData\Local\Opera Software
2013-10-17 19:52:20 -------- d-----w- C:\Users\NikDim\AppData\Roaming\Opera Software
2013-10-17 19:52:17 -------- d-----w- C:\Program Files (x86)\Opera Next
2013-10-16 01:21:49 -------- d-----w- C:\Windows\System32\wbem\Framework\root\OpenHardwareMonitor
2013-10-16 01:21:49 -------- d-----w- C:\Windows\System32\wbem\Framework\root
2013-10-16 01:21:49 -------- d-----w- C:\Windows\System32\wbem\Framework
2013-10-13 00:58:39 9694160 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F6E90B08-DC8F-45FB-BEA3-D5AB3138D0D4}\mpengine.dll
2013-10-13 00:36:48 983488 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2013-10-13 00:34:51 461312 ----a-w- C:\Windows\System32\scavengeui.dll
2013-10-13 00:23:23 -------- d-----w- C:\Users\NikDim\AppData\Local\AMD
2013-10-13 00:22:50 -------- d-----w- C:\Users\NikDim\AppData\Local\ATI
2013-10-13 00:22:05 0 ----a-w- C:\Windows\ativpsrm.bin
2013-10-13 00:19:57 -------- d-----w- C:\Program Files (x86)\AMD AVT
2013-10-13 00:19:54 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies
2013-10-13 00:19:07 -------- d-----w- C:\ProgramData\AMD
2013-10-13 00:18:29 -------- d-----w- C:\Program Files\Common Files\ATI Technologies
2013-10-13 00:17:59 -------- d-----w- C:\Program Files (x86)\ATI Technologies
2013-10-13 00:13:49 -------- d-----w- C:\ProgramData\Package Cache
2013-10-13 00:13:33 -------- d-----w- C:\Program Files\ATI
2013-10-13 00:08:56 -------- d-----w- C:\Program Files\ATI Technologies
2013-10-13 00:07:45 -------- d-----w- C:\AMD
2013-10-08 19:59:05 0 ----a-w- C:\Windows\SysWow64\winlogon.exe
2013-10-08 19:59:05 0 ----a-w- C:\Windows\SysWow64\smss.exe
2013-10-08 19:59:05 0 ----a-w- C:\Windows\SysWow64\services.exe
2013-10-08 19:59:05 0 ----a-w- C:\Windows\SysWow64\lsass.exe
2013-10-08 19:59:05 0 ----a-w- C:\Windows\SysWow64\csrss.exe
2013-09-27 08:53:06 248240 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2013-09-27 08:53:06 134944 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2013-09-15 23:28:01 -------- d-----w- C:\Users\NikDim\AppData\Local\tmd2
.
==================== Find6M  ====================
.
2013-10-22 19:52:32 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-12 02:30:42 830464 ----a-w- C:\Windows\System32\nshwfp.dll
2013-10-12 02:29:21 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL
2013-10-12 02:29:08 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL
2013-10-12 02:03:08 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll
2013-10-12 02:01:25 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL
2013-10-05 19:57:25 1168384 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-10-03 02:23:48 404480 ----a-w- C:\Windows\System32\gdi32.dll
2013-10-03 02:00:44 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2013-10-02 02:22:20 56832 ----a-w- C:\Windows\System32\drivers\TsUsbFlt.sys
2013-10-02 02:11:13 13824 ----a-w- C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe
2013-10-02 02:08:53 12800 ----a-w- C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
2013-10-02 01:48:59 56832 ----a-w- C:\Windows\System32\MsRdpWebAccess.dll
2013-10-02 01:48:08 18944 ----a-w- C:\Windows\System32\wksprtPS.dll
2013-10-02 01:29:05 62976 ----a-w- C:\Windows\System32\tsgqec.dll
2013-10-02 00:15:45 1057280 ----a-w- C:\Windows\System32\rdvidcrl.dll
2013-10-02 00:14:58 50176 ----a-w- C:\Windows\SysWow64\MsRdpWebAccess.dll
2013-10-02 00:14:20 17920 ----a-w- C:\Windows\SysWow64\wksprtPS.dll
2013-10-02 00:08:30 83968 ----a-w- C:\Windows\System32\TSWbPrxy.exe
2013-10-02 00:01:16 420864 ----a-w- C:\Windows\System32\wksprt.exe
2013-10-01 23:58:48 53248 ----a-w- C:\Windows\SysWow64\tsgqec.dll
2013-10-01 23:31:09 1147392 ----a-w- C:\Windows\System32\mstsc.exe
2013-10-01 23:08:10 855552 ----a-w- C:\Windows\SysWow64\rdvidcrl.dll
2013-10-01 22:34:12 1068544 ----a-w- C:\Windows\SysWow64\mstsc.exe
2013-10-01 20:57:46 6578176 ----a-w- C:\Windows\System32\mstscax.dll
2013-10-01 20:55:10 5698048 ----a-w- C:\Windows\SysWow64\mstscax.dll
2013-09-28 01:09:10 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
2013-09-25 02:26:40 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2013-09-25 02:26:40 154560 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2013-09-25 02:23:33 28672 ----a-w- C:\Windows\System32\sspisrv.dll
2013-09-25 02:23:33 135680 ----a-w- C:\Windows\System32\sspicli.dll
2013-09-25 02:23:01 28160 ----a-w- C:\Windows\System32\secur32.dll
2013-09-25 02:22:59 340992 ----a-w- C:\Windows\System32\schannel.dll
2013-09-25 02:21:50 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2013-09-25 02:21:07 1447936 ----a-w- C:\Windows\System32\lsasrv.dll
2013-09-25 01:58:17 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2013-09-25 01:57:26 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2013-09-25 01:57:24 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
2013-09-25 01:56:42 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2013-09-25 01:03:24 30720 ----a-w- C:\Windows\System32\lsass.exe
2013-09-08 02:30:37 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-09-08 02:27:14 327168 ----a-w- C:\Windows\System32\mswsock.dll
2013-09-08 02:03:58 231424 ----a-w- C:\Windows\SysWow64\mswsock.dll
2013-09-06 00:16:46 270240 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2013-09-06 00:04:28 189248 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2013-09-04 12:12:11 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2013-09-04 12:11:51 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2013-09-04 12:11:49 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2013-09-04 12:11:43 52736 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2013-09-04 12:11:43 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2013-09-04 12:11:42 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2013-09-04 12:11:40 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys
2013-09-01 20:04:23 12872 ----a-w- C:\Windows\System32\bootdelete.exe
2013-08-31 00:14:10 156712 ----a-w- C:\Windows\System32\amdhcp64.dll
2013-08-31 00:14:10 141256 ----a-w- C:\Windows\SysWow64\amdhcp32.dll
2013-08-31 00:14:08 78432 ----a-w- C:\Windows\System32\atimpc64.dll
2013-08-31 00:14:08 78432 ----a-w- C:\Windows\System32\amdpcom64.dll
2013-08-31 00:14:06 71704 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2013-08-31 00:14:06 71704 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2013-08-31 00:14:00 142792 ----a-w- C:\Windows\System32\atiuxp64.dll
2013-08-31 00:14:00 125824 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2013-08-31 00:13:58 97984 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2013-08-31 00:13:58 114488 ----a-w- C:\Windows\System32\atiu9p64.dll
2013-08-31 00:13:56 1233080 ----a-w- C:\Windows\System32\aticfx64.dll
2013-08-31 00:13:54 1027544 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2013-08-31 00:13:50 9464840 ----a-w- C:\Windows\System32\atidxx64.dll
2013-08-31 00:13:46 8215992 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2013-08-31 00:13:42 6176008 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2013-08-31 00:13:38 6189416 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2013-08-31 00:13:32 6767240 ----a-w- C:\Windows\System32\atiumd6a.dll
2013-08-31 00:13:30 7256496 ----a-w- C:\Windows\System32\atiumd64.dll
2013-08-31 00:11:28 12528640 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2013-08-30 23:48:44 127488 ----a-w- C:\Windows\System32\coinst_13.152.dll
2013-08-30 23:48:04 229376 ----a-w- C:\Windows\System32\clinfo.exe
2013-08-30 23:47:50 995342 ----a-w- C:\Windows\SysWow64\amdocl_as32.exe
2013-08-30 23:47:50 798734 ----a-w- C:\Windows\SysWow64\amdocl_ld32.exe
2013-08-30 23:47:50 1187342 ----a-w- C:\Windows\System32\amdocl_as64.exe
2013-08-30 23:47:50 1061902 ----a-w- C:\Windows\System32\amdocl_ld64.exe
2013-08-30 23:47:46 98816 ----a-w- C:\Windows\System32\OpenVideo64.dll
2013-08-30 23:47:40 83456 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
2013-08-30 23:47:36 86528 ----a-w- C:\Windows\System32\OVDecode64.dll
2013-08-30 23:47:30 73216 ----a-w- C:\Windows\SysWow64\OVDecode.dll
2013-08-30 23:47:14 28192256 ----a-w- C:\Windows\System32\amdocl64.dll
2013-08-30 23:45:04 23760896 ----a-w- C:\Windows\SysWow64\amdocl.dll
2013-08-30 23:43:12 63488 ----a-w- C:\Windows\System32\OpenCL.dll
2013-08-30 23:43:08 57344 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2013-08-30 23:35:00 25387520 ----a-w- C:\Windows\System32\atio6axx.dll
2013-08-30 23:18:20 368640 ----a-w- C:\Windows\System32\atiapfxx.exe
2013-08-30 23:18:12 62464 ----a-w- C:\Windows\System32\aticalrt64.dll
2013-08-30 23:18:10 52224 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2013-08-30 23:18:02 55808 ----a-w- C:\Windows\System32\aticalcl64.dll
2013-08-30 23:18:00 49152 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2013-08-30 23:17:46 15716352 ----a-w- C:\Windows\System32\aticaldd64.dll
2013-08-30 23:14:36 14302208 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2013-08-30 23:13:58 21400064 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2013-08-30 22:59:02 442368 ----a-w- C:\Windows\System32\atidemgy.dll
2013-08-30 22:58:50 26112 ----a-w- C:\Windows\System32\atimuixx.dll
2013-08-30 22:58:44 571904 ----a-w- C:\Windows\System32\atieclxx.exe
2013-08-30 22:57:54 239616 ----a-w- C:\Windows\System32\atiesrxx.exe
2013-08-30 22:56:30 190976 ----a-w- C:\Windows\System32\atitmm64.dll
.
============= FINISH: 21:21:01.01 ===============
 
Attach.txt:
 
 
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium 
Boot Device: \Device\HarddiskVolume1
Install Date: 6/17/2011 17:23:03
System Uptime: 11/14/2013 20:53:39 (1 hours ago)
.
Motherboard: FOXCONN |  | 2AA9 
Processor: AMD Athlon™ II X3 445 Processor | CPU 1 | 3100/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 760 GiB total, 321.513 GiB free.
D: is FIXED (NTFS) - 13 GiB total, 1.589 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP365: 11/13/2013 00:17:20 - Malwarebytes Anti-Rootkit Restore Point
RP367: 11/13/2013 02:20:32 - Installed Microsoft Fix it 50267
RP369: 11/13/2013 06:25:38 - Removed Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
RP371: 11/13/2013 06:26:06 - Removed Microsoft Visual C++ 2005 Redistributable
RP372: 11/13/2013 06:29:33 - Removed Ubisoft Game Launcher
RP374: 11/13/2013 09:48:27 - Removed Microsoft Visual C++ 2005 Redistributable (x64)
RP376: 11/13/2013 09:48:54 - Removed Microsoft Visual C++ 2005 Redistributable
RP378: 11/13/2013 09:49:28 - Removed Microsoft Visual C++ 2005 Redistributable
RP380: 11/13/2013 10:42:47 - Windows Update
RP382: 11/14/2013 04:01:58 - Windows Update
RP384: 11/14/2013 05:20:06 - Windows Update
RP385: 11/14/2013 16:57:47 - SiSoftware Sandra Lite
.
==== Installed Programs ======================
.
???? ??? Windows Live
???? Windows Live
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.05)
Adobe Shockwave Player 12.0
AMD Accelerated Video Transcoding
AMD Catalyst Control Center
AMD Catalyst Install Manager
AMD Drag and Drop Transcoding
AMD Fuel
AMD Media Foundation Decoders
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Cisco WebEx Meetings
Citrix Online Launcher
Counter-Strike: Source
CPUID CPU-Z 1.58
CPUID HWMonitor 1.23
CutePDF Writer 2.8
D3DX10
Football Manager 2014 Demo
FXLider MetaTrader
Genius PDF
Google Chrome
Google Earth
Google Update Helper
GoToMeeting 5.5.0.1132
Heroes of Might and Magic IV: Winds of War
Hewlett-Packard ACLM.NET v1.1.1.0
HP Auto
HP Client Services
HP Customer Experience Enhancements
HP Laser Gaming Mouse with VoodooDNA
HP Odometer
HP Product Detection
HP Support Information
INFOGRAD(Jule. 2013 ver. 1.0.1)
IrfanView (remove only)
Java 7 Update 45
Java Auto Updater
Junk Mail filter update
LabelPrint
Lightworks
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 1.1
Microsoft .NET Framework 4.5
Microsoft Application Error Reporting
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727
Might & Magic Heroes VI
Monkey Island™ Special Edition Collection
Mozilla Thunderbird 17.0.5 (x86 en-US)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NVIDIA 3D Vision Controller Driver
OpenAL
OpenOffice.org 3.3
Opera Next 18.0.1284.26
PlayReady PC Runtime amd64
Power2Go
PowerDirector
Realtek High Definition Audio Driver
Recovery Manager
Security Update for Microsoft .NET Framework 4.5 (KB2737083)
Security Update for Microsoft .NET Framework 4.5 (KB2742613)
Security Update for Microsoft .NET Framework 4.5 (KB2789648)
Security Update for Microsoft .NET Framework 4.5 (KB2833957)
Security Update for Microsoft .NET Framework 4.5 (KB2840642v2)
Security Update for Microsoft .NET Framework 4.5 (KB2861208)
Skype™ 6.7
Steam
swMSM
Team Fortress 2
The Elder Scrolls V: Skyrim
Tomb Raider Survival Edition Repack
Total Commander (Remove or Repair)
Update for Microsoft .NET Framework 4.5 (KB2750147)
Update for Microsoft .NET Framework 4.5 (KB2805221)
Update for Microsoft .NET Framework 4.5 (KB2805226)
VLC media player 2.1.0
Vuze
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR 4.01 (64-bit)
WordWeb
.
==== Event Viewer Messages From Past Week ========
.
11/14/2013 20:45:22, Error: Service Control Manager [7030]  - The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
11/14/2013 20:44:57, Error: Application Popup [1060]  - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
11/14/2013 19:57:51, Error: Microsoft-Windows-SharedAccess_NAT [31004]  - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
11/14/2013 17:55:06, Error: mbamchameleon [61440]  - 
11/14/2013 16:52:59, Error: NetBT [4321]  - The name "HPNIKTOP       :0" could not be registered on the interface with IP address 192.168.1.2. The computer with the IP address 169.254.162.198 did not allow the name to be claimed by this computer.
11/14/2013 05:16:10, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80242016: Cumulative Security Update for Internet Explorer 10 for Windows 7 Service Pack 1 for x64-based Systems (KB2888505).
11/13/2013 11:17:37, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800f0816: Security Update for Windows 7 for x64-based Systems (KB2876331).
11/13/2013 11:17:37, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800f0816: Security Update for Windows 7 for x64-based Systems (KB2862330).
11/13/2013 11:17:37, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800f0816: Security Update for Windows 7 for x64-based Systems (KB2862152).
11/13/2013 00:18:11, Error: Microsoft-Windows-SharedAccess_NAT [34001]  - The ICS_IPV6 failed to configure IPv6 stack.
11/12/2013 23:56:54, Error: Service Control Manager [7024]  - The HomeGroup Listener service terminated with service-specific error %%-2147023143.
11/11/2013 00:00:45, Error: Service Control Manager [7034]  - The Adobe Acrobat Update Service service terminated unexpectedly.  It has done this 1 time(s).
.
==== End Of File ===========================

 

ComboFix.zip

mbar.zip

RKreport0_S_11142013_212815.zip

TDSS.zip

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Hello AsterNik! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
One or more of the identified infections is related to a nasty rootkit component which is difficult to remove. Rootkits and backdoor Trojans are very dangerous because they use advanced techniques (backdoors) as a means of accessing a computer system that bypasses security mechanisms and steal sensitive information which they send back to the hacker. Many rootkits can hook into the Windows 32-bit kernel, and patch several APIs to hide new registry keys and files they install. Remote attackers use backdoor Trojans and rootkits as part of an exploit to gain unauthorized access to a computer and take control of it without your knowledge.

If your computer was used for online banking, has credit card information or other sensitive data on it, you should immediately disconnect from the Internet until your system is cleaned. All passwords should be changed immediately to include those used for banking, email, eBay, paypal and online forums from a CLEAN COMPUTER. You should consider them to be compromised. You should change each password by using a different computer and not the infected one. If not, an attacker may get the new passwords and transaction information. If using a router, you need to reset it with a strong logon/password so the malware cannot gain control before connecting again. Banking and credit card institutions should be notified of the possible security breach. Because your computer was compromised please read How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

Although the rootkit has been identified and may be removed, your PC has likely been compromised and there is no way to be sure the computer can ever be trusted again. It is dangerous and incorrect to assume that because this malware has been removed the computer is now secure. In some instances an infection may have caused so much damage to your system that it cannot be completely cleaned or repaired. The malware may leave so many remnants behind that security tools cannot find them. Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, delete the partition, reformat and reinstall the Operating System.

Please read:

Should you decide not to follow this advice, we will do our best to help clean the computer of any infections but we cannot guarantee it to be trustworthy or that the removal will be successful. If you wish to proceed, disinfection will require more time and more advanced tools.

Please let us know how you would like to proceed.

Link to post
Share on other sites
AsterNik

AsterNik

Posted
  • Author
Posted

Hi Borislav, zdravo i sve najbolje zelim! I have tried to post reply with antimalware various tools  executed on my PC after mbar trojan 0accesss detection and deletion, But somehow I  can't see it in the forum, Can you please analyse this files for me, attached after all the steps taken from forum advices? They are zipped (securely!) and attached as my previous post with text copy of all of them somehow didn't  show up in forum post. For any pay professional services, please contact me on nidza72@gmail.com in case I would need it it from your company. I am an telecom engineer, so full 'geek' analysis of attached files are very welcomed!

 

BR,

 

Nik

 

P.S. -   please do not advise about FDISK/reinstalll! I really want to kill the pests, not just deleting everything!

 

 

 

ComboFix.zip

DDS.zip

mbar.zip

RKreport0_S_11142013_212815.zip

TDSS.zip

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

P2P/Piracy Warning:

If you're using Peer 2 Peer software such as Vuze or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

When you are ready, generate a new fresh DDS log files and post them in your next reply with the others log files you already attached. Check my notes again:

Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

Link to post
Share on other sites
AsterNik

AsterNik

Posted
  • Author
Posted
Hi, I deleted vuze already. I also changed the usrname/pass on my ADSL router, however, not sure about how to change NAT. It is from Huawei, by the way...and all ADSL subscribers here in Serbia got same usrname/pass for the router access 192.168.1.1!

 

Currently I am running: Malwerbyte trial PRO, Malwerbyte anti exploit beta, avast AV+firewall. Also checked with McAfee rootkit  removal - all of them showing everything ok. I was also using Sophos AV suit trial for some time but removed as I didn't like it; it also reported no malware.  

 

Panda cloud cleaner scan before all that tools found suspicious/malware MEM.exe (in the ATI folder, but that's part of ATI CCC for the graphic card, so I unisntalled ATI/AMD CCC ;-(, but of course, not graphic drivers. 

 

The only problem, my steam cloud synchronization stop to work for the Skyrim game..., must be some of the tools disabled it. I didn't do any of the DLC downloads for steam games as well. I also deleted one game that was cracked. Am now using Iobit uninstaller for powerful uninstall.  I checked my paypal, steam and world of tanks gaming accounts, there were no fraudulent activities, no fake posts on facebook, no email spoofing.... I will not access my banking account yet, of course! Disabled extensions and deleted history in all browsers....

 

Ok here is the DDS report, I disconnect from the internet, disabled avast, stop malwerbytes PRO and exploit beta... during the report tool running. And then started the tools again after the report is done.

 

DDS.txt

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 

Internet Explorer: 11.0.9600.16428  BrowserJavaVersion: 10.45.2

Run by NikDim at 18:50:37 on 2013-11-17

#Option Extended Search is enabled.

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4095.2599 [GMT 1:00]

.

AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}

AV: avast! Internet Security *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: avast! Internet Security *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

FW: avast! Internet Security *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\atieclxx.exe

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\Program Files\AVAST Software\Avast\afwServ.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\System32\alg.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\Dwm.exe

C:\Windows\System32\WUDFHost.exe

C:\Windows\system32\taskhost.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\HP Laser Gaming Mouse with VoodooDNA\hid.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files (x86)\HP Laser Gaming Mouse with VoodooDNA\Tray.exe

C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Users\NikDim\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\NikDim\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\NikDim\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\NikDim\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\NikDim\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\NikDim\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\NikDim\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\NikDim\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\NikDim\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\NikDim\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = about:blank

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

mRun: [HP VoodooDNA Mouse] "C:\Program Files (x86)\HP Laser Gaming Mouse with VoodooDNA\hid.exe"

mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

uPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: EnableShellExecuteHooks = dword:1

mPolicies-Explorer: NoDrives = dword:0

mPolicies-System: ConsentPromptBehaviorAdmin = dword:0

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

mPolicies-System: PromptOnSecureDesktop = dword:0

IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

LSP: C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll







TCP: NameServer = 192.168.1.1 0.0.0.0

TCP: Interfaces\{AA163233-FB76-46E7-A286-29B31805DBCF} : DHCPNameServer = 192.168.1.1 0.0.0.0

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

AppInit_DLLs=  

SSODL: WebCheck - <orphaned>

x64-BHO: ExplorerWnd Helper: {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll

x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll

.

INFO: x64-HKLM has more than 50 listed domains.

   If you wish to scan all of them, select the 'Force scan all domains' option.

.

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-SSODL: WebCheck - <orphaned>

.

============= SERVICES / DRIVERS ===============

.

R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2013-3-31 82600]

R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2013-3-31 42664]

R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2013-11-17 65776]

R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2013-11-17 205320]

R0 gfibto;gfibto;C:\Windows\System32\drivers\gfibto.sys [2013-5-12 14456]

R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-9-27 248240]

R1 aswKbd;aswKbd;C:\Windows\System32\drivers\aswKbd.sys [2013-11-17 28184]

R1 aswNdisFlt;Avast! Firewall Driver;C:\Windows\System32\drivers\aswNdisFlt.sys [2013-11-17 447888]

R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2013-11-17 1032416]

R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2013-11-17 409832]

R1 SAVOnAccess;SAVOnAccess;C:\Windows\System32\drivers\savonaccess.sys [2013-11-16 154952]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-8-30 239616]

R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2013-11-17 38984]

R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-11-17 84328]

R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-11-17 50344]

R2 avast! Firewall;avast! Firewall;C:\Program Files\AVAST Software\Avast\afwServ.exe [2013-11-17 116776]

R2 LiveUpdateSvc;LiveUpdate;C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2013-11-16 2151744]

R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-7-5 96256]

R3 GamingMsFltr;HP HDX Mouse;C:\Windows\System32\drivers\gamingms.sys [2009-12-7 11520]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-1-17 349800]

R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2011-1-17 38456]

S1 ESProtectionDriver;Malwarebytes Anti-Exploit;C:\Program Files\Malwarebytes Anti-Exploit\mbae.sys [2013-11-16 62168]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-8 104912]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-8 123856]

S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-11-17 418376]

S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-11-17 701512]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-7-25 162672]

S2 swi_update_64;Sophos Web Intelligence Update;C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe [2013-11-16 2012152]

S3 Abyssus;Razer Abyssus;C:\Windows\System32\drivers\Abyssus.sys [2011-6-18 10880]

S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\System32\drivers\ssadadb.sys [2011-5-13 36328]

S3 gfiark;gfiark;C:\Windows\System32\drivers\gfiark.sys [2013-5-12 39504]

S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-11-14 111616]

S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-11-17 25928]

S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-9-27 134944]

S3 NisSrv;NisSrv;"c:\Program Files\Microsoft Security Client\NisSrv.exe" --> c:\Program Files\Microsoft Security Client\NisSrv.exe [?]

S3 PSKMAD;PSKMAD;C:\Windows\System32\drivers\PSKMAD.sys [2013-11-16 47632]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-4 19456]

S3 RTL8192cu;Realtek RTL8192CU Wireless LAN 802.11n USB 2.0 Network Adapter;C:\Windows\System32\drivers\rtl8192cu.sys [2011-6-18 627744]

S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\System32\drivers\ssadbus.sys [2011-5-13 157672]

S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\System32\drivers\ssadmdfl.sys [2011-5-13 16872]

S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\System32\drivers\ssadmdm.sys [2011-5-13 177640]

S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);C:\Windows\System32\drivers\ssadserd.sys [2011-5-13 146920]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-11-14 56832]

S3 VKbms;Virtual HID Minidriver;C:\Windows\System32\drivers\VKbms.sys [2011-6-18 13312]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-6-17 1255736]

S4 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-8-6 291896]

S4 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]

S4 SophosBootDriver;SophosBootDriver;C:\Windows\System32\drivers\SophosBootDriver.sys [2013-11-16 25608]

.

=============== Created Last 60 ================

.

2013-11-17 07:53:36 -------- d-----w- C:\Users\NikDim\AppData\Roaming\WordWeb

2013-11-17 07:36:38 116440 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys

2013-11-17 07:35:58 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys

2013-11-17 02:43:55 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service

2013-11-17 02:12:18 -------- d-----w- C:\Users\NikDim\AppData\Roaming\AVAST Software

2013-11-17 02:11:25 92544 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys

2013-11-17 02:11:25 84328 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys

2013-11-17 02:11:25 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys

2013-11-17 02:11:25 205320 ----a-w- C:\Windows\System32\drivers\aswVmm.sys

2013-11-17 02:11:25 1032416 ----a-w- C:\Windows\System32\drivers\aswSnx.sys

2013-11-17 02:11:22 28184 ----a-w- C:\Windows\System32\drivers\aswKbd.sys

2013-11-17 02:11:16 43152 ----a-w- C:\Windows\avastSS.scr

2013-11-17 02:11:05 447888 ----a-w- C:\Windows\System32\drivers\aswNdisFlt.sys

2013-11-17 02:10:47 -------- d-----w- C:\Program Files\AVAST Software

2013-11-17 02:09:26 -------- d-----w- C:\ProgramData\AVAST Software

2013-11-17 02:05:53 -------- d-----w- C:\CCE_Quarantine

2013-11-16 23:18:57 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2013-11-16 23:18:57 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-11-16 22:45:17 743248 ----a-w- C:\Windows\SysWow64\msvcp100d.dll

2013-11-16 22:45:17 1498960 ----a-w- C:\Windows\SysWow64\msvcr100d.dll

2013-11-16 22:45:16 1858896 ----a-w- C:\Windows\System32\msvcr100d.dll

2013-11-16 22:45:16 1014096 ----a-w- C:\Windows\System32\msvcp100d.dll

2013-11-16 22:45:16 -------- d-----w- C:\Program Files\Malwarebytes Anti-Exploit

2013-11-16 21:35:08 47632 ----a-w- C:\Windows\System32\drivers\PSKMAD.sys

2013-11-16 21:34:58 -------- d-----w- C:\Program Files (x86)\Panda Security

2013-11-16 19:09:53 -------- d-----w- C:\Users\NikDim\AppData\Roaming\IObit

2013-11-16 19:09:52 -------- d-----w- C:\ProgramData\IObit

2013-11-16 19:09:51 -------- d-----w- C:\ProgramData\ProductData

2013-11-16 19:09:49 -------- d-----w- C:\Program Files (x86)\IObit

2013-11-16 02:18:05 -------- d-----w- C:\Users\NikDim\AppData\Local\Sophos

2013-11-16 01:53:50 -------- d-sh--w- C:\$RECYCLE.BIN

2013-11-16 01:22:08 -------- d-----w- C:\Program Files (x86)\Common Files\Sophos

2013-11-16 01:21:49 37880 ----a-w- C:\Windows\System32\sophosboottasks.exe

2013-11-16 01:21:37 -------- d-----w- C:\Program Files (x86)\Common Files\Cisco Systems

2013-11-16 01:18:14 25608 ----a-w- C:\Windows\System32\drivers\SophosBootDriver.sys

2013-11-16 01:18:14 154952 ----a-w- C:\Windows\System32\drivers\savonaccess.sys

2013-11-16 01:18:08 -------- d-----w- C:\escw_103_sa

2013-11-16 00:10:47 -------- d-----w- C:\ProgramData\Sophos

2013-11-16 00:09:54 -------- d-----w- C:\Program Files (x86)\Sophos

2013-11-15 23:30:37 10280728 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9586FD7B-0C5C-4C1A-B01F-D255FCF75277}\mpengine.dll

2013-11-15 22:39:50 -------- d-----w- C:\Users\NikDim\Doctor Web

2013-11-15 06:02:21 -------- d-----w- C:\Windows\ERUNT

2013-11-15 02:34:50 10280728 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2013-11-14 19:47:04 -------- d-----w- C:\Users\NikDim\AppData\Local\temp

2013-11-14 03:12:42 965000 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CB5B0126-4438-4F2F-AE90-5ECE0FB53868}\gapaengine.dll

2013-11-14 03:07:04 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe

2013-11-14 03:07:04 194048 ----a-w- C:\Windows\SysWow64\elshyph.dll

2013-11-14 03:05:29 44544 ----a-w- C:\Windows\System32\TsUsbGDCoInstaller.dll

2013-11-14 03:04:39 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client

2013-11-14 03:04:37 -------- d-----w- C:\Program Files\Microsoft Security Client

2013-11-14 03:01:18 197120 ----a-w- C:\Windows\System32\credui.dll

2013-11-14 03:01:18 1930752 ----a-w- C:\Windows\System32\authui.dll

2013-11-14 03:01:18 190464 ----a-w- C:\Windows\System32\SmartcardCredentialProvider.dll

2013-11-14 03:01:18 1796096 ----a-w- C:\Windows\SysWow64\authui.dll

2013-11-14 03:01:18 168960 ----a-w- C:\Windows\SysWow64\credui.dll

2013-11-14 03:01:18 152576 ----a-w- C:\Windows\SysWow64\SmartcardCredentialProvider.dll

2013-11-13 09:42:13 1474048 ----a-w- C:\Windows\System32\crypt32.dll

2013-11-13 09:41:57 792576 ----a-w- C:\Windows\SysWow64\TSWorkspace.dll

2013-11-13 09:41:57 1030144 ----a-w- C:\Windows\System32\TSWorkspace.dll

2013-11-13 01:51:52 -------- d-----w- C:\TDSSKiller_Quarantine

2013-11-07 05:04:59 2582888 ----a-w- C:\Windows\System32\D3DCompiler_42.dll

2013-11-03 02:04:08 -------- d-----w- C:\Users\NikDim\AppData\Local\WarThunder

2013-11-03 02:04:08 -------- d-----w- C:\ProgramData\WarThunder

2013-10-29 23:57:30 -------- d-----w- C:\Users\NikDim\openvr

2013-10-21 03:02:10 -------- d-----w- C:\Users\NikDim\AppData\Local\Apps

2013-10-18 17:58:46 -------- d-----w- C:\ProgramData\Oracle

2013-10-18 17:58:15 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2013-10-17 19:52:21 -------- d-----w- C:\Users\NikDim\AppData\Local\Opera Software

2013-10-17 19:52:20 -------- d-----w- C:\Users\NikDim\AppData\Roaming\Opera Software

2013-10-17 19:52:17 -------- d-----w- C:\Program Files (x86)\Opera Next

2013-10-16 01:21:49 -------- d-----w- C:\Windows\System32\wbem\Framework\root\OpenHardwareMonitor

2013-10-16 01:21:49 -------- d-----w- C:\Windows\System32\wbem\Framework\root

2013-10-16 01:21:49 -------- d-----w- C:\Windows\System32\wbem\Framework

2013-10-13 00:58:39 9694160 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F6E90B08-DC8F-45FB-BEA3-D5AB3138D0D4}\mpengine.dll

2013-10-13 00:36:48 983488 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys

2013-10-13 00:34:51 461312 ----a-w- C:\Windows\System32\scavengeui.dll

2013-10-13 00:23:23 -------- d-----w- C:\Users\NikDim\AppData\Local\AMD

2013-10-13 00:22:50 -------- d-----w- C:\Users\NikDim\AppData\Local\ATI

2013-10-13 00:22:05 0 ----a-w- C:\Windows\ativpsrm.bin

2013-10-13 00:19:57 -------- d-----w- C:\Program Files (x86)\AMD AVT

2013-10-13 00:19:54 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies

2013-10-13 00:19:07 -------- d-----w- C:\ProgramData\AMD

2013-10-13 00:18:29 -------- d-----w- C:\Program Files\Common Files\ATI Technologies

2013-10-13 00:13:49 -------- d-----w- C:\ProgramData\Package Cache

2013-10-13 00:13:33 -------- d-----w- C:\Program Files\ATI

2013-10-13 00:07:45 -------- d-----w- C:\AMD

2013-10-08 19:59:05 0 ----a-w- C:\Windows\SysWow64\winlogon.exe

2013-10-08 19:59:05 0 ----a-w- C:\Windows\SysWow64\smss.exe

2013-10-08 19:59:05 0 ----a-w- C:\Windows\SysWow64\services.exe

2013-10-08 19:59:05 0 ----a-w- C:\Windows\SysWow64\lsass.exe

2013-10-08 19:59:05 0 ----a-w- C:\Windows\SysWow64\csrss.exe

2013-09-27 08:53:06 248240 ----a-w- C:\Windows\System32\drivers\MpFilter.sys

2013-09-27 08:53:06 134944 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys

.

==================== Find6M  ====================

.

2013-10-22 19:52:32 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-10-12 02:30:42 830464 ----a-w- C:\Windows\System32\nshwfp.dll

2013-10-12 02:29:21 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL

2013-10-12 02:29:08 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL

2013-10-12 02:03:08 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll

2013-10-12 02:01:25 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL

2013-10-05 19:57:25 1168384 ----a-w- C:\Windows\SysWow64\crypt32.dll

2013-10-03 02:23:48 404480 ----a-w- C:\Windows\System32\gdi32.dll

2013-10-03 02:00:44 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll

2013-10-02 02:22:20 56832 ----a-w- C:\Windows\System32\drivers\TsUsbFlt.sys

2013-10-02 02:11:13 13824 ----a-w- C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe

2013-10-02 02:08:53 12800 ----a-w- C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll

2013-10-02 01:48:59 56832 ----a-w- C:\Windows\System32\MsRdpWebAccess.dll

2013-10-02 01:48:08 18944 ----a-w- C:\Windows\System32\wksprtPS.dll

2013-10-02 01:29:05 62976 ----a-w- C:\Windows\System32\tsgqec.dll

2013-10-02 00:15:45 1057280 ----a-w- C:\Windows\System32\rdvidcrl.dll

2013-10-02 00:14:58 50176 ----a-w- C:\Windows\SysWow64\MsRdpWebAccess.dll

2013-10-02 00:14:20 17920 ----a-w- C:\Windows\SysWow64\wksprtPS.dll

2013-10-02 00:08:30 83968 ----a-w- C:\Windows\System32\TSWbPrxy.exe

2013-10-02 00:01:16 420864 ----a-w- C:\Windows\System32\wksprt.exe

2013-10-01 23:58:48 53248 ----a-w- C:\Windows\SysWow64\tsgqec.dll

2013-10-01 23:31:09 1147392 ----a-w- C:\Windows\System32\mstsc.exe

2013-10-01 23:08:10 855552 ----a-w- C:\Windows\SysWow64\rdvidcrl.dll

2013-10-01 22:34:12 1068544 ----a-w- C:\Windows\SysWow64\mstsc.exe

2013-10-01 20:57:46 6578176 ----a-w- C:\Windows\System32\mstscax.dll

2013-10-01 20:55:10 5698048 ----a-w- C:\Windows\SysWow64\mstscax.dll

2013-09-28 01:09:10 497152 ----a-w- C:\Windows\System32\drivers\afd.sys

2013-09-25 02:26:40 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys

2013-09-25 02:26:40 154560 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys

2013-09-25 02:23:33 28672 ----a-w- C:\Windows\System32\sspisrv.dll

2013-09-25 02:23:33 135680 ----a-w- C:\Windows\System32\sspicli.dll

2013-09-25 02:23:01 28160 ----a-w- C:\Windows\System32\secur32.dll

2013-09-25 02:22:59 340992 ----a-w- C:\Windows\System32\schannel.dll

2013-09-25 02:21:50 307200 ----a-w- C:\Windows\System32\ncrypt.dll

2013-09-25 02:21:07 1447936 ----a-w- C:\Windows\System32\lsasrv.dll

2013-09-25 01:58:17 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll

2013-09-25 01:57:26 22016 ----a-w- C:\Windows\SysWow64\secur32.dll

2013-09-25 01:57:24 247808 ----a-w- C:\Windows\SysWow64\schannel.dll

2013-09-25 01:56:42 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll

2013-09-25 01:03:24 30720 ----a-w- C:\Windows\System32\lsass.exe

2013-09-08 02:30:37 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2013-09-08 02:27:14 327168 ----a-w- C:\Windows\System32\mswsock.dll

2013-09-08 02:03:58 231424 ----a-w- C:\Windows\SysWow64\mswsock.dll

2013-09-06 00:16:46 270240 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr

2013-09-06 00:04:28 189248 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0

2013-09-04 12:12:11 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys

2013-09-04 12:11:51 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys

2013-09-04 12:11:49 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys

2013-09-04 12:11:43 52736 ----a-w- C:\Windows\System32\drivers\usbehci.sys

2013-09-04 12:11:43 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys

2013-09-04 12:11:42 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys

2013-09-04 12:11:40 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys

2013-09-01 20:04:23 12872 ----a-w- C:\Windows\System32\bootdelete.exe

2013-08-31 00:14:10 156712 ----a-w- C:\Windows\System32\amdhcp64.dll

2013-08-31 00:14:10 141256 ----a-w- C:\Windows\SysWow64\amdhcp32.dll

2013-08-31 00:14:08 78432 ----a-w- C:\Windows\System32\atimpc64.dll

2013-08-31 00:14:08 78432 ----a-w- C:\Windows\System32\amdpcom64.dll

2013-08-31 00:14:06 71704 ----a-w- C:\Windows\SysWow64\atimpc32.dll

2013-08-31 00:14:06 71704 ----a-w- C:\Windows\SysWow64\amdpcom32.dll

2013-08-31 00:14:00 142792 ----a-w- C:\Windows\System32\atiuxp64.dll

2013-08-31 00:14:00 125824 ----a-w- C:\Windows\SysWow64\atiuxpag.dll

2013-08-31 00:13:58 97984 ----a-w- C:\Windows\SysWow64\atiu9pag.dll

2013-08-31 00:13:58 114488 ----a-w- C:\Windows\System32\atiu9p64.dll

2013-08-31 00:13:56 1233080 ----a-w- C:\Windows\System32\aticfx64.dll

2013-08-31 00:13:54 1027544 ----a-w- C:\Windows\SysWow64\aticfx32.dll

2013-08-31 00:13:50 9464840 ----a-w- C:\Windows\System32\atidxx64.dll

2013-08-31 00:13:46 8215992 ----a-w- C:\Windows\SysWow64\atidxx32.dll

2013-08-31 00:13:42 6176008 ----a-w- C:\Windows\SysWow64\atiumdva.dll

2013-08-31 00:13:38 6189416 ----a-w- C:\Windows\SysWow64\atiumdag.dll

2013-08-31 00:13:32 6767240 ----a-w- C:\Windows\System32\atiumd6a.dll

2013-08-31 00:13:30 7256496 ----a-w- C:\Windows\System32\atiumd64.dll

2013-08-31 00:11:28 12528640 ----a-w- C:\Windows\System32\drivers\atikmdag.sys

2013-08-30 23:48:44 127488 ----a-w- C:\Windows\System32\coinst_13.152.dll

2013-08-30 23:48:04 229376 ----a-w- C:\Windows\System32\clinfo.exe

2013-08-30 23:47:50 995342 ----a-w- C:\Windows\SysWow64\amdocl_as32.exe

2013-08-30 23:47:50 798734 ----a-w- C:\Windows\SysWow64\amdocl_ld32.exe

2013-08-30 23:47:50 1187342 ----a-w- C:\Windows\System32\amdocl_as64.exe

2013-08-30 23:47:50 1061902 ----a-w- C:\Windows\System32\amdocl_ld64.exe

2013-08-30 23:47:46 98816 ----a-w- C:\Windows\System32\OpenVideo64.dll

2013-08-30 23:47:40 83456 ----a-w- C:\Windows\SysWow64\OpenVideo.dll

2013-08-30 23:47:36 86528 ----a-w- C:\Windows\System32\OVDecode64.dll

2013-08-30 23:47:30 73216 ----a-w- C:\Windows\SysWow64\OVDecode.dll

2013-08-30 23:47:14 28192256 ----a-w- C:\Windows\System32\amdocl64.dll

2013-08-30 23:45:04 23760896 ----a-w- C:\Windows\SysWow64\amdocl.dll

2013-08-30 23:43:12 63488 ----a-w- C:\Windows\System32\OpenCL.dll

2013-08-30 23:43:08 57344 ----a-w- C:\Windows\SysWow64\OpenCL.dll

2013-08-30 23:35:00 25387520 ----a-w- C:\Windows\System32\atio6axx.dll

2013-08-30 23:18:20 368640 ----a-w- C:\Windows\System32\atiapfxx.exe

2013-08-30 23:18:12 62464 ----a-w- C:\Windows\System32\aticalrt64.dll

2013-08-30 23:18:10 52224 ----a-w- C:\Windows\SysWow64\aticalrt.dll

2013-08-30 23:18:02 55808 ----a-w- C:\Windows\System32\aticalcl64.dll

2013-08-30 23:18:00 49152 ----a-w- C:\Windows\SysWow64\aticalcl.dll

2013-08-30 23:17:46 15716352 ----a-w- C:\Windows\System32\aticaldd64.dll

2013-08-30 23:14:36 14302208 ----a-w- C:\Windows\SysWow64\aticaldd.dll

2013-08-30 23:13:58 21400064 ----a-w- C:\Windows\SysWow64\atioglxx.dll

2013-08-30 22:59:02 442368 ----a-w- C:\Windows\System32\atidemgy.dll

2013-08-30 22:58:50 26112 ----a-w- C:\Windows\System32\atimuixx.dll

2013-08-30 22:58:44 571904 ----a-w- C:\Windows\System32\atieclxx.exe

2013-08-30 22:57:54 239616 ----a-w- C:\Windows\System32\atiesrxx.exe

2013-08-30 22:56:30 190976 ----a-w- C:\Windows\System32\atitmm64.dll

.

============= FINISH: 18:51:14.09 ===============

 

attach.txt

 

 

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium 

Boot Device: \Device\HarddiskVolume1

Install Date: 6/17/2011 17:23:03

System Uptime: 11/17/2013 08:54:44 (10 hours ago)

.

Motherboard: FOXCONN |  | 2AA9 

Processor: AMD Athlon II X3 445 Processor | CPU 1 | 3100/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 760 GiB total, 353.481 GiB free.

D: is FIXED (NTFS) - 13 GiB total, 1.589 GiB free.

E: is CDROM ()

F: is Removable

G: is Removable

H: is Removable

I: is Removable

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP395: 11/16/2013 02:24:50 - Installed Sophos AutoUpdate

RP397: 11/16/2013 18:57:48 - Removed Sophos Client Firewall

RP399: 11/16/2013 19:08:00 - Removed Sophos AutoUpdate

RP401: 11/16/2013 19:09:47 - Removed Sophos Anti-Virus

RP403: 11/16/2013 19:10:42 - Removed Sophos Virus Removal Tool.

RP405: 11/16/2013 19:15:38 - Removed Sophos Anti-Virus

RP407: 11/16/2013 19:30:57 - Removed Sophos Anti-Virus

RP409: 11/16/2013 19:52:32 - Removed Sophos Anti-Virus

RP411: 11/16/2013 20:05:14 - Removed Sophos Anti-Virus

RP413: 11/16/2013 20:07:01 - Removed Sophos Anti-Virus

RP415: 11/16/2013 20:12:28 - Removed Sophos Anti-Virus

RP417: 11/16/2013 23:30:39 - Removed Microsoft .NET Framework 1.1

RP419: 11/16/2013 23:36:47 - Windows Update

RP420: 11/17/2013 03:10:34 - avast! antivirus system restore point

.

==== Installed Programs ======================

.

???? ??? Windows Live

???? Windows Live

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader XI (11.0.05)

Adobe Shockwave Player 12.0

AMD Accelerated Video Transcoding

AMD Catalyst Install Manager

AMD Media Foundation Decoders

avast! Internet Security

Catalyst Control Center InstallProxy

Cisco WebEx Meetings

Citrix Online Launcher

Counter-Strike: Source

CPUID CPU-Z 1.58

CPUID HWMonitor 1.23

D3DX10

Football Manager 2014 Demo

Genius PDF

Google Chrome

Google Earth

Google Update Helper

GoToMeeting 5.5.0.1132

Heroes of Might and Magic IV: Winds of War

Hewlett-Packard ACLM.NET v1.1.1.0

HP Auto

HP Client Services

HP Customer Experience Enhancements

HP Laser Gaming Mouse with VoodooDNA

HP Odometer

HP Product Detection

HP Support Information

IObit Uninstaller

IrfanView (remove only)

Java 7 Update 45

Java Auto Updater

Junk Mail filter update

LabelPrint

Lightworks

Malwarebytes Anti-Exploit version 0.09.4.2000

Malwarebytes Anti-Malware version 1.75.0.1300

Microsoft .NET Framework 4.5

Microsoft Application Error Reporting

Microsoft Security Client

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727

Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727

Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727

Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727

Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727

Might & Magic Heroes VI

Mozilla Maintenance Service

Mozilla Thunderbird 24.0 (x86 en-US)

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP3 Parser

MSXML 4.0 SP3 Parser (KB2758694)

NVIDIA 3D Vision Controller Driver

OpenAL

OpenOffice.org 3.3

Opera Next 18.0.1284.26

Panda Cloud Cleaner

PlayReady PC Runtime amd64

Power2Go

PowerDirector

Realtek High Definition Audio Driver

Recovery Manager

Security Update for Microsoft .NET Framework 4.5 (KB2737083)

Security Update for Microsoft .NET Framework 4.5 (KB2742613)

Security Update for Microsoft .NET Framework 4.5 (KB2789648)

Security Update for Microsoft .NET Framework 4.5 (KB2833957)

Security Update for Microsoft .NET Framework 4.5 (KB2840642v2)

Security Update for Microsoft .NET Framework 4.5 (KB2861208)

Skype™ 6.7

Steam

swMSM

The Elder Scrolls V: Skyrim

Total Commander (Remove or Repair)

Update for Microsoft .NET Framework 4.5 (KB2750147)

Update for Microsoft .NET Framework 4.5 (KB2805221)

Update for Microsoft .NET Framework 4.5 (KB2805226)

VLC media player 2.1.0

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live Mail

Windows Live Messenger

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

WinRAR 5.00 (64-bit)

WordWeb

.

==== Event Viewer Messages From Past Week ========

.

11/17/2013 08:55:02, Error: Service Control Manager [7023]  - The Microsoft Antimalware Service service terminated with the following error:  %%-2147024894

11/17/2013 08:50:51, Error: Microsoft-Windows-SharedAccess_NAT [31004]  - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.

11/17/2013 08:48:29, Error: mbamchameleon [61440]  - 

11/17/2013 03:50:45, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.

11/17/2013 03:50:45, Error: Service Control Manager [7000]  - The Steam Client Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.

11/17/2013 03:11:23, Error: Service Control Manager [7030]  - The avast! Antivirus service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

11/17/2013 03:07:11, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk1\DR1.

11/16/2013 22:35:08, Error: Application Popup [1060]  - \SystemRoot\System32\DRIVERS\PSKMAD.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

11/16/2013 04:21:36, Error: Service Control Manager [7030]  - The Sophos Client Firewall service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

11/16/2013 04:21:36, Error: Service Control Manager [7030]  - The Sophos Client Firewall Manager service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

11/16/2013 03:06:14, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Sophos Anti-Virus service, but this action failed with the following error:  An instance of the service is already running.

11/16/2013 03:06:13, Error: Service Control Manager [7031]  - The Sophos Anti-Virus service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 500 milliseconds: Restart the service.

11/15/2013 21:45:37, Error: Microsoft-Windows-Kernel-General [5]  - {Registry Hive Recovered} Registry hive (file): '\??\Volume{e19dc3a3-21de-11e0-a346-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{744D42D3-299D-466D-A4E3-615465D08EAF}' was corrupted and it has been recovered. Some data might have been lost.

11/15/2013 21:43:57, Error: Microsoft-Windows-Kernel-General [5]  - {Registry Hive Recovered} Registry hive (file): '\??\Volume{e19dc3a3-21de-11e0-a346-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{C6216B34-F045-4D27-ADE5-0E0A91FE39FD}' was corrupted and it has been recovered. Some data might have been lost.

11/15/2013 21:42:18, Error: Microsoft-Windows-Kernel-General [5]  - {Registry Hive Recovered} Registry hive (file): '\??\Volume{e19dc3a3-21de-11e0-a346-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{2A4FA1F8-B9E3-443C-8347-02CC5A268A69}' was corrupted and it has been recovered. Some data might have been lost.

11/15/2013 21:40:34, Error: Microsoft-Windows-Kernel-General [5]  - {Registry Hive Recovered} Registry hive (file): '\??\Volume{e19dc3a3-21de-11e0-a346-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{D0F5E94D-9BB1-483D-9CAC-769C16E33812}' was corrupted and it has been recovered. Some data might have been lost.

11/15/2013 21:34:15, Error: Microsoft-Windows-Kernel-General [5]  - {Registry Hive Recovered} Registry hive (file): '\??\Volume{e19dc3a3-21de-11e0-a346-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{F8563A94-9B77-4469-BD76-852F78B99B98}' was corrupted and it has been recovered. Some data might have been lost.

.

==== End Of File ===========================
Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.