Jump to content

Kaspersky and Malwarebyte are acting strangely.


Recommended Posts

This morning I started my PC and my Kaspersky kept blocking .tmp files starting with DN and following with a few random letters and numbers. I did a full scan and removed every threat, ran CCleaner, and cleaned my temp-folder and then restarted my PC. To make sure I downloaded Malwarebytes and ran a full scan and it found 15 additional threats (about 10 were from a Toolbar called "SweetIM", another one was a .dll in the Risk of Rain game folder in my Steam folder and 3 others I couldn't recognize.) - Just to make sure I removed all those too and now Malwarebytes keeps notifying me about blocking an attempt to visit a website. It reads "162.210.192.21 (Type: outgoing, Port: 50111, Process: avp.exe)" - I'm not sure if I'm infected but I guess I am? I then downloaded on advice of a friend a program called dds.scr. These are the following logs:

 

DDS:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16428  BrowserJavaVersion: 10.45.2
Run by Raito at 17:55:40 on 2013-12-28
Microsoft Windows 7 eXtreme   6.1.7601.1.1252.49.1031.18.8175.5180 [GMT 1:00]
.
AV: Kaspersky Internet Security *Enabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
SP: Kaspersky Internet Security *Enabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security *Enabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\inetsrv\inetinfo.exe
C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\mqsvc.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k iissvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\mqtgsvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
C:\Program Files (x86)\XFastUSB\XFastUsb.exe
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\SHARKOON Skiller\GameMon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_39.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_39.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uProxyServer = localhost:21320
uProxyOverride = <local>;*.local
mWinlogon: Userinit = userinit.exe,
BHO: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll
BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID-Anmelde-Hilfsprogramm: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll
uRun: [ASRockOCTuner] <no file>
mRun: [XFastUSB] "C:\Program Files (x86)\XFastUSB\XFastUsb.exe"
mRun: [THX TruStudio NB Settings] "C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" /r
mRun: [updReg] C:\Windows\UpdReg.EXE
mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
mRun: [GamingKeyboard] "C:\Program Files (x86)\SHARKOON Skiller\GameMon.exe"
mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:60
mPolicies-System: EnableLUA = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:0
mPolicies-System: EnableInstallerDetection = dword:0
mPolicies-Explorer: NoResolveTrack = dword:1
mPolicies-Explorer: NoThumbnailCache = dword:1
IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ie_banner_deny.htm
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{89DB8E41-4E61-4F89-8CCA-749A6CB12969} : DHCPNameServer = 192.168.2.1
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
AppInit_DLLs= c:\progra~2\zoomex\sprote~1.dll
SSODL: WebCheck - <orphaned>
x64-BHO: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\ievkbd.dll
x64-BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll
x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll
x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-BHO: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\klwtbbho.dll
x64-TB: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [THXCfg64] C:\Windows\System32\RunDLL32.exe C:\Windows\System32\THXCfg64.dll,RunDLLEntry THXCfg64
x64-Run: [MsmqIntCert] regsvr32 /s mqrt.dll
x64-IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\ievkbd.dll
x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\klwtbbho.dll
x64-Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: klogon - C:\Windows\System32\klogon.dll
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1 validation.sls.microsoft.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\sascha\AppData\Roaming\Mozilla\Firefox\Profiles\m6rtqjiu.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.de
FF - prefs.js: keyword.URL -
FF - prefs.js: network.proxy.type - 2
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll
FF - plugin: C:\Users\sascha\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Users\sascha\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_39.dll
FF - ExtSQL: 2013-11-10 16:24; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; C:\Users\sascha\AppData\Roaming\Mozilla\Firefox\Profiles\m6rtqjiu.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-11-15 21:34; jid1-QpHD8URtZWJC2A@jetpack; C:\Users\sascha\AppData\Roaming\Mozilla\Firefox\Profiles\m6rtqjiu.default\extensions\jid1-QpHD8URtZWJC2A@jetpack.xpi
FF - ExtSQL: 2013-11-29 17:11; google@hitachi.com; C:\Users\sascha\AppData\Roaming\Mozilla\Firefox\Profiles\m6rtqjiu.default\extensions\google@hitachi.com.xpi
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.Softonic.rvrtMsg - Click Yes to keep current home page and default search settings, Click No to restore original settings
FF - user.js: extensions.Softonic.autoRvrt - false
FF - user.js: extensions.Softonic_i.newTab - false

FF - user.js: extensions.Softonic.id - 0ed911c8000000000000bc5ff43550e5
FF - user.js: extensions.Softonic.instlDay - 15562
FF - user.js: extensions.Softonic.vrsn - 1.6.7.4
FF - user.js: extensions.Softonic.vrsni - 1.6.7.4
FF - user.js: extensions.Softonic_i.vrsnTs - 1.6.7.418:13:16
FF - user.js: extensions.Softonic.prtnrId - softonic
FF - user.js: extensions.Softonic.prdct - Softonic
FF - user.js: extensions.Softonic.aflt - SD
FF - user.js: extensions.Softonic_i.smplGrp - none
FF - user.js: extensions.Softonic.tlbrId - base
FF - user.js: extensions.Softonic.instlRef - INF1205T01
FF - user.js: extensions.Softonic.dfltLng - de
FF - user.js: extensions.Softonic.excTlbr - false
FF - user.js: extensions.Softonic.admin - false
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2012-5-16 82048]
R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2012-5-16 42624]
R0 asahci64;asahci64;C:\Windows\System32\drivers\asahci64.sys [2011-9-21 49760]
R0 AsrRamDisk;AsrRamDisk;C:\Windows\System32\drivers\AsrRamDisk.sys [2012-5-16 31016]
R1 AsrAppCharger;AsrAppCharger;C:\Windows\System32\drivers\AsrAppCharger.sys [2012-5-16 17192]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2012-5-29 283200]
R1 FNETURPX;FNETURPX;C:\Windows\System32\drivers\FNETURPX.SYS [2012-5-16 15936]
R1 kl2;kl2;C:\Windows\System32\drivers\kl2.sys [2011-3-4 11864]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2011-3-10 29488]
R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-5-14 759048]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-12-19 240640]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-12-19 361984]
R2 AODDriver4.2;AODDriver4.2;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-4-9 57472]
R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe [2011-4-24 206448]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2013-11-29 2210640]
R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [2013-10-11 377104]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-12-28 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-12-28 701512]
R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2012-5-16 46136]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2012-2-21 130536]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2012-2-21 396776]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-11-6 96256]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2009-11-2 22544]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-12-28 25928]
R3 MBfilt;MBfilt;C:\Windows\System32\drivers\MBfilt64.sys [2012-5-16 32344]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-5-16 565352]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2013-6-11 99384]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]
S3 FNETTBOH_305;FNETTBOH_305;C:\Windows\System32\drivers\FNETTBOH_305.SYS [2012-5-16 32320]
S3 GameKB;SHARKOON Skiller;C:\Windows\System32\drivers\GameKB.sys [2013-11-23 27648]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-12-12 111616]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-6-13 19456]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2013-6-11 203320]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\System32\drivers\Synth3dVsc.sys [2011-4-12 88960]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2013-6-13 29696]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-6-13 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-6-13 30208]
S3 tsusbhub;tsusbhub;C:\Windows\System32\drivers\tsusbhub.sys [2011-4-12 117248]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 xsherlock;xsherlock;C:\Windows\System32\xsherlock.xem --> C:\Windows\System32\xsherlock.xem [?]
.
=============== Created Last 30 ================
.
2013-12-28 14:02:01    --------    d-----w-    C:\Users\sascha\AppData\Roaming\Malwarebytes
2013-12-28 14:01:08    --------    d-----w-    C:\ProgramData\Malwarebytes
2013-12-28 14:01:07    25928    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2013-12-28 14:01:07    --------    d-----w-    C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-20 18:08:16    --------    d-----w-    C:\Program Files (x86)\Hearthstone
2013-12-20 18:02:06    --------    d-----w-    C:\Users\sascha\AppData\Local\Blizzard
2013-12-20 17:44:33    --------    d-----w-    C:\Users\sascha\AppData\Local\Blizzard Entertainment
2013-12-20 17:44:32    --------    d-----w-    C:\Users\sascha\AppData\Roaming\Battle.net
2013-12-20 17:44:32    --------    d-----w-    C:\Users\sascha\AppData\Local\Battle.net
2013-12-20 17:44:25    --------    d-----w-    C:\Program Files (x86)\Battle.net
2013-12-14 22:32:28    --------    d-----w-    C:\Users\sascha\AppData\Local\Apple Computer
2013-12-14 22:31:33    --------    d-----w-    C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-12-14 22:30:41    --------    d-----w-    C:\Users\sascha\AppData\Local\Apple
2013-12-14 22:30:17    --------    d-----w-    C:\Program Files\Bonjour
2013-12-14 22:30:17    --------    d-----w-    C:\Program Files (x86)\Bonjour
2013-12-12 15:59:22    167424    ----a-w-    C:\Program Files\Windows Media Player\wmplayer.exe
2013-12-12 15:59:22    164864    ----a-w-    C:\Program Files (x86)\Windows Media Player\wmplayer.exe
2013-12-12 15:59:21    12625920    ----a-w-    C:\Windows\System32\wmploc.DLL
2013-12-12 15:59:21    12625408    ----a-w-    C:\Windows\SysWow64\wmploc.DLL
2013-12-12 01:12:20    465920    ----a-w-    C:\Windows\System32\WMPhoto.dll
2013-12-09 19:49:59    --------    d-----w-    C:\Program Files (x86)\Rockstar Games
2013-12-07 04:00:44    --------    d-----w-    C:\ProgramData\Oracle
2013-12-07 04:00:24    96168    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-12-06 14:10:56    --------    d-----w-    C:\Program Files (x86)\LogMeIn Hamachi
2013-11-30 21:57:52    --------    d-----w-    C:\Users\sascha\AppData\Local\CSDSteamBuild
.
==================== Find3M  ====================
.
2013-12-18 08:19:58    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-18 08:19:58    692616    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-11-26 10:19:07    2724864    ----a-w-    C:\Windows\System32\mshtml.tlb
2013-11-26 10:18:23    4096    ----a-w-    C:\Windows\System32\ieetwcollectorres.dll
2013-11-26 09:48:07    66048    ----a-w-    C:\Windows\System32\iesetup.dll
2013-11-26 09:46:25    48640    ----a-w-    C:\Windows\System32\ieetwproxystub.dll
2013-11-26 09:23:02    2724864    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2013-11-26 09:18:39    139264    ----a-w-    C:\Windows\System32\ieUnatt.exe
2013-11-26 09:18:09    111616    ----a-w-    C:\Windows\System32\ieetwcollector.exe
2013-11-26 09:16:57    708608    ----a-w-    C:\Windows\System32\jscript9diag.dll
2013-11-26 08:35:02    5769216    ----a-w-    C:\Windows\System32\jscript9.dll
2013-11-26 08:28:16    553472    ----a-w-    C:\Windows\SysWow64\jscript9diag.dll
2013-11-26 08:16:12    4243968    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2013-11-26 08:02:16    1995264    ----a-w-    C:\Windows\System32\inetcpl.cpl
2013-11-26 07:32:06    1928192    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2013-11-26 07:07:57    2334208    ----a-w-    C:\Windows\System32\wininet.dll
2013-11-26 06:33:33    1820160    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-11-23 18:26:20    417792    ----a-w-    C:\Windows\SysWow64\WMPhoto.dll
2013-11-12 02:23:09    2048    ----a-w-    C:\Windows\System32\tzres.dll
2013-11-12 02:07:29    2048    ----a-w-    C:\Windows\SysWow64\tzres.dll
2013-10-30 02:32:01    335360    ----a-w-    C:\Windows\System32\msieftp.dll
2013-10-30 02:19:52    301568    ----a-w-    C:\Windows\SysWow64\msieftp.dll
2013-10-30 01:24:31    3155968    ----a-w-    C:\Windows\System32\win32k.sys
2013-10-19 02:18:57    81408    ----a-w-    C:\Windows\System32\imagehlp.dll
2013-10-19 01:36:59    159232    ----a-w-    C:\Windows\SysWow64\imagehlp.dll
2013-10-12 02:32:04    150016    ----a-w-    C:\Windows\System32\wshom.ocx
2013-10-12 02:31:04    202752    ----a-w-    C:\Windows\System32\scrrun.dll
2013-10-12 02:30:42    830464    ----a-w-    C:\Windows\System32\nshwfp.dll
2013-10-12 02:29:21    859648    ----a-w-    C:\Windows\System32\IKEEXT.DLL
2013-10-12 02:29:08    324096    ----a-w-    C:\Windows\System32\FWPUCLNT.DLL
2013-10-12 02:04:36    121856    ----a-w-    C:\Windows\SysWow64\wshom.ocx
2013-10-12 02:03:31    163840    ----a-w-    C:\Windows\SysWow64\scrrun.dll
2013-10-12 02:03:08    656896    ----a-w-    C:\Windows\SysWow64\nshwfp.dll
2013-10-12 02:01:25    216576    ----a-w-    C:\Windows\SysWow64\FWPUCLNT.DLL
2013-10-12 01:33:39    156160    ----a-w-    C:\Windows\System32\cscript.exe
2013-10-12 01:33:26    168960    ----a-w-    C:\Windows\System32\wscript.exe
2013-10-12 01:15:48    141824    ----a-w-    C:\Windows\SysWow64\wscript.exe
2013-10-12 01:15:48    126976    ----a-w-    C:\Windows\SysWow64\cscript.exe
2013-10-05 20:25:35    1474048    ----a-w-    C:\Windows\System32\crypt32.dll
2013-10-05 19:57:25    1168384    ----a-w-    C:\Windows\SysWow64\crypt32.dll
2013-10-04 02:28:31    190464    ----a-w-    C:\Windows\System32\SmartcardCredentialProvider.dll
2013-10-04 02:25:17    197120    ----a-w-    C:\Windows\System32\credui.dll
2013-10-04 02:24:49    1930752    ----a-w-    C:\Windows\System32\authui.dll
2013-10-04 02:16:30    116736    ----a-w-    C:\Windows\System32\drivers\drmk.sys
2013-10-04 01:58:50    152576    ----a-w-    C:\Windows\SysWow64\SmartcardCredentialProvider.dll
2013-10-04 01:56:25    168960    ----a-w-    C:\Windows\SysWow64\credui.dll
2013-10-04 01:56:00    1796096    ----a-w-    C:\Windows\SysWow64\authui.dll
2013-10-04 01:36:04    230400    ----a-w-    C:\Windows\System32\drivers\portcls.sys
2013-10-03 02:23:48    404480    ----a-w-    C:\Windows\System32\gdi32.dll
2013-10-03 02:00:44    311808    ----a-w-    C:\Windows\SysWow64\gdi32.dll
.
============= FINISH: 17:56:25,30 ===============

 

 

and attach:

 

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 eXtreme
Boot Device: \Device\HarddiskVolume1
Install Date: 16.05.2012 02:24:11
System Uptime: 28.12.2013 17:13:44 (0 hours ago)
.
Motherboard: ASRock |  | 970DE3/U3S3
Processor: AMD FX-4100 Quad-Core Processor             | CPUSocket | 3600/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 348 GiB total, 28,566 GiB free.
D: is FIXED (NTFS) - 117 GiB total, 40,039 GiB free.
E: is CDROM ()
G: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
ABBYY FineReader 9.0 Sprint
Acrobat.com
Adobe Flash Player 12 ActiveX
Adobe Flash Player 12 Plugin
Adobe Reader X (10.1.8) - Deutsch
AMD Accelerated Video Transcoding
AMD APP SDK Runtime
AMD Catalyst Install Manager
AMD Drag and Drop Transcoding
AMD Fuel
AMD Media Foundation Decoders
AMD Steady Video Plug-In
AMD VISION Engine Control Center
Any Video Converter 3.3.9
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Asmedia ASM104x USB 3.0 Host Controller Driver
Asmedia ASM106x SATA Host Controller Driver
ASRock App Charger v1.0.5
ASRock IES v2.1.40
ASRock InstantBoot v1.29
ASRock OC Tuner v2.4.73
ASRock XFast RAM v2.0.9
Awesomenauts
Bandisoft MPEG-1 Decoder
Bastion
Batman: Arkham Asylum GOTY Edition
Battle.net
BitTorrent
Bonjour
Bunny Must Die! Chelsea and the 7 Devils
Camtasia Studio 7
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
D3DX10
DAEMON Tools Lite
Dark Souls: Prepare to Die Edition
Defraggler
Devil May Cry 4
Diablo III
Dishonored
Dolphin 4.0
Dual-Core Optimizer
Dungeon Defenders
Dungeonland
Epson Easy Photo Print 2
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
Epson Event Manager
EPSON Scan
EPSON SX430 Series Printer Uninstall
EpsonNet Print
Facebook Video Calling 1.2.0.287
Fallout 3 - Game of the Year Edition
FINAL FANTASY VII
Fraps (remove only)
FTL: Faster Than Light
Futuremark SystemInfo
Garry's Mod
Half Minute Hero: Super Mega Neo Climax Ultimate Boy
HashCheck Shell Extension (x86-64)
Hearthstone
Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)
HydraVision
ImgBurn
Java 7 Update 45
Java Auto Updater
Java 7 Update 5 (64-bit)
JavaFX 2.1.0
JDownloader 0.9
Kaspersky Anti-Virus 2012
Kaspersky Internet Security 2012
L.A. Noire
League of Legends
Left 4 Dead 2
LogMeIn Hamachi
Malwarebytes Anti-Malware version 1.75.0.1300
Mark of the Ninja
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile DEU Language Pack
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Extended DEU Language Pack
Microsoft Application Error Reporting
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office Access database engine 2007 (German)
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610
Microsoft XNA Framework Redistributable 3.1
Microsoft XNA Framework Redistributable 4.0 Refresh
Mozilla Firefox 26.0 (x86 de)
Mozilla Maintenance Service
Mozilla Thunderbird 24.2.0 (x86 de)
MSVCRT
Natural Selection 2
Nexon Game Manager
NVIDIA PhysX
OpenOffice.org 3.4.1
Orcs Must Die! 2
Path of Exile
Plants vs. Zombies: Game of the Year
Prototype
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Recettear: An Item Shop's Tale
Risk of Rain
Rockstar Games Social Club
Rogue Legacy
Saints Row: The Third
SAMSUNG USB Driver for Mobile Phones
Scribblenauts Unlimited
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)
SHARKOON Skiller
Shutdown Timer
Sid Meier's Civilization V
Six Updater
Skullgirls
Skype™ 6.11
Snapshot
Sonic & All-Stars Racing Transformed
Sonic Adventure DX
Sonic Adventure™ 2
Sonic Generations
Source SDK Base 2007
Spelunky
Starbound
Steam
Super Meat Boy
System Requirements Lab CYRI
TeamSpeak 3 Client
TERA
Terraria
The Binding of Isaac
The Elder Scrolls V: Skyrim
THX TruStudio
TikiOne Steam Cleaner
Toolbar 4.7 by SweetPacks
Torchlight
Trine
Trine 2
Unity Web Player
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2836939)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3)
VLC media player 2.1.1
Warframe
WBFS Manager 3.0
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Messenger
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
WinPcap 4.1.2
WinRAR 4.11 (64-Bit)
XFastUSB
Ys Origin
Ys: The Oath in Felghana
.
==== End Of File ===========================

 

Link to post
Share on other sites

Hello and :welcome: , Raito:
 
It sounds as if you might be infected.
We cannot review scan logs or work on malware removal in this particular section of the forum.

 

I would suggest that you please follow the advice in this pinned topic: Available Assistance For Possibly Infected Computers.
A malware analyst will guide you through the cleanup process.

Thanks,

daledoc1
 
 
P.S. What is Microsoft Windows 7 eXtreme   6.1.7601.1.1252.49.1031.18.8175.5180 [GMT 1:00]???  You might want to read this pinned topic: Piracy.

Link to post
Share on other sites

  • Root Admin

I'm sorry but you'll need to contact Microsoft to get the system updated as a legal OS in order for us to assist you.

Regardless of who did it this is still a pirated version of Windows which prevents us from further assisting you with it.

Microsoft does offer a reduced price method to obtain a legal license for Windows.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.