Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Very Bad evasive Trojan Infection


  • Please log in to reply
36 replies to this topic

#16 The Dark Knight

The Dark Knight

    Malware Vigilante


  • Members
  • 651 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:59 AM

Posted 13 June 2013 - 04:35 PM

Hello Slayer90,

 

Thank you for those logs.

 

Please download OTL.exe by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe.
  • In the "Custom Scans/Fixes" window (under the light green bar) paste the following in bold:

    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Click Run Scan and let the program run uninterrupted.
  • When the scan completes, it will open two Notepad windows. OTL.txt and Extras.txt. These are saved in the same location as OTL. Post both logs in this thread.
  • You may need to use two posts to get it all.


If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!


If I have helped you please consider donating to the Neuroscience Research Institute.


Posted Image
Posted Image


BC AdBot (Login to Remove)

 


#17 Slayer90

Slayer90
  • Topic Starter

  • Members
  • 209 posts
  • OFFLINE
  •  
  • Local time:06:59 AM

Posted 13 June 2013 - 08:50 PM

OTL logfile created on: 6/13/2013 6:33:55 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Alfred\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.87 Gb Total Physical Memory | 2.10 Gb Available Physical Memory | 73.37% Memory free
5.73 Gb Paging File | 4.90 Gb Available in Paging File | 85.44% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 203.49 Gb Total Space | 80.10 Gb Free Space | 39.36% Space Free | Partition Type: NTFS
Drive E: | 2.39 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
 
Computer Name: ALFRED-PC | User Name: Alfred | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/06/13 18:31:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Alfred\Desktop\OTL.exe
PRC - [2013/05/09 01:58:30 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/05/09 01:58:30 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/11/22 19:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2011/12/06 04:12:18 | 000,404,992 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2011/12/06 04:11:46 | 000,163,328 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2011/03/15 17:59:32 | 000,312,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
PRC - [2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012/02/17 20:55:35 | 000,166,912 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013/06/11 18:11:45 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/11 15:26:17 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/05/09 01:58:30 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/03/05 23:30:06 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/12/06 04:11:46 | 000,163,328 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/07/13 18:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 18:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Alfred\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2013/05/09 01:59:10 | 000,765,736 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2013/05/09 01:59:10 | 000,368,944 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2013/05/09 01:59:10 | 000,174,664 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013/05/09 01:59:10 | 000,061,680 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2013/05/09 01:59:10 | 000,056,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2013/05/09 01:59:10 | 000,049,376 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013/05/09 01:59:09 | 000,066,336 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2013/05/09 01:59:08 | 000,029,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/12/28 13:52:04 | 000,070,824 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\amd_sata.sys -- (amd_sata)
DRV - [2012/12/28 13:52:04 | 000,034,984 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\amd_xata.sys -- (amd_xata)
DRV - [2012/08/23 07:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012/08/23 07:41:34 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2012/08/23 07:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2012/02/08 23:06:40 | 000,112,096 | ---- | M] (Power Software Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2011/12/23 10:52:10 | 000,090,736 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C)
DRV - [2011/12/06 04:44:24 | 009,067,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2011/12/06 03:11:52 | 000,264,192 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2009/07/13 16:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8D 22 64 AC 29 1A CE 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: " http://www.google.ca/"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/06/10 17:08:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2013/03/05 22:38:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alfred\AppData\Roaming\Mozilla\Extensions
[2013/06/10 17:24:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alfred\AppData\Roaming\Mozilla\Firefox\Profiles\kmo4j686.default\extensions
[2013/06/10 17:24:01 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\Alfred\AppData\Roaming\Mozilla\Firefox\Profiles\kmo4j686.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/06/10 17:22:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/06/10 17:22:02 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
O1 HOSTS File: ([2013/06/10 17:31:16 | 000,001,495 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 adobe.activate.com
O1 - Hosts: 127.0.0.1 adobeereg.com
O1 - Hosts: 127.0.0.1 www.adobeereg.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 125.252.224.90
O1 - Hosts: 127.0.0.1 125.252.224.91
O1 - Hosts: 127.0.0.1 hl2rcv.adobe.com
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (Power Software Ltd)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [BitTorrent] C:\Users\Alfred\AppData\Roaming\BitTorrent\BitTorrent.exe (BitTorrent Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3E06D39C-22A2-47C8-8B09-3047A290ADEE}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 14:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011/04/11 20:47:03 | 000,000,043 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/06/13 18:31:25 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Alfred\Desktop\OTL.exe
[2013/06/12 18:52:52 | 000,000,000 | ---D | C] -- C:\Users\Alfred\AppData\Roaming\Publish Providers
[2013/06/12 18:39:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
[2013/06/12 18:38:36 | 000,000,000 | ---D | C] -- C:\Users\Alfred\AppData\Local\Sony
[2013/06/12 18:38:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony
[2013/06/12 18:38:35 | 000,000,000 | ---D | C] -- C:\Program Files\Sony
[2013/06/12 18:32:06 | 000,000,000 | ---D | C] -- C:\Users\Alfred\AppData\Roaming\Sony
[2013/06/12 10:39:44 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/06/12 10:39:42 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/06/12 10:36:12 | 002,877,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/06/12 10:36:11 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013/06/12 10:36:11 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/06/12 10:36:09 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/06/12 10:36:09 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013/06/12 10:36:09 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013/06/12 10:36:08 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013/06/12 10:36:08 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2013/06/12 10:34:55 | 000,903,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certutil.exe
[2013/06/12 10:34:53 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certenc.dll
[2013/06/12 10:34:43 | 003,913,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013/06/12 10:34:42 | 003,968,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013/06/10 18:43:41 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/06/10 17:22:03 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2013/06/10 17:21:59 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/06/10 17:15:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/06/10 17:15:50 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/06/10 17:08:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2013/06/10 17:08:50 | 000,368,944 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2013/06/10 17:08:50 | 000,029,816 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2013/06/10 17:08:49 | 000,061,680 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
[2013/06/10 17:08:49 | 000,056,080 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2013/06/10 17:08:48 | 000,765,736 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2013/06/10 17:08:46 | 000,066,336 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2013/06/10 17:08:14 | 000,041,664 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2013/06/10 12:29:29 | 000,000,000 | R--D | C] -- C:\Sandbox
[2013/06/10 12:28:25 | 000,000,000 | ---D | C] -- C:\Program Files\Sandboxie
[2013/06/10 09:51:09 | 000,000,000 | ---D | C] -- C:\Users\Alfred\AppData\Roaming\ImgBurn
[2013/06/10 09:50:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
[2013/06/10 09:50:41 | 000,000,000 | ---D | C] -- C:\Program Files\ImgBurn
[2013/06/10 03:13:59 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2013/06/08 15:43:06 | 000,000,000 | ---D | C] -- C:\Windows\System32\catroot2
[2013/06/08 15:43:05 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2013/06/08 14:11:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2013/06/07 22:03:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Paltiosoft
[2013/06/05 17:14:36 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2013/05/24 08:34:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2013/05/22 11:07:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013/05/22 11:07:40 | 000,263,584 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013/05/22 11:07:35 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013/05/22 11:07:35 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013/05/22 11:07:35 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013/05/21 22:50:59 | 000,000,000 | ---D | C] -- C:\Users\Alfred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\psx emulation cheater
[2013/05/21 22:50:58 | 000,000,000 | ---D | C] -- C:\Program Files\psx emulation cheater
[2013/05/21 13:59:54 | 000,000,000 | ---D | C] -- C:\Users\Public\Desktop\CC Support
[2013/05/18 10:58:14 | 000,000,000 | ---D | C] -- C:\Users\Alfred\Desktop\RK_Quarantine
[2013/05/17 20:12:46 | 000,000,000 | ---D | C] -- C:\Program Files\Uninstall Information
[2013/05/17 19:24:04 | 000,181,064 | ---- | C] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
[2013/05/17 19:23:21 | 000,000,000 | ---D | C] -- C:\Program Files\Tweaking.com
[2013/05/17 17:50:33 | 000,000,000 | ---D | C] -- C:\Users\Alfred\AppData\Local\temp
[2013/05/17 13:48:56 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/05/17 13:48:48 | 000,000,000 | ---D | C] -- C:\JRT
[2013/05/17 08:56:30 | 000,000,000 | ---D | C] -- C:\FRST
[2013/05/15 16:55:50 | 002,347,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013/05/15 16:55:49 | 000,218,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys
[2013/05/15 16:55:41 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
[2013/05/15 16:55:41 | 000,101,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/06/13 18:31:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Alfred\Desktop\OTL.exe
[2013/06/13 18:12:48 | 000,016,864 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/06/13 18:12:48 | 000,016,864 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/06/13 18:10:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/06/13 10:19:10 | 000,623,940 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/06/13 10:19:10 | 000,106,316 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/06/13 10:12:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/06/13 10:12:36 | 2307,821,568 | -HS- | M] () -- C:\hiberfil.sys
[2013/06/12 18:39:24 | 000,001,062 | ---- | M] () -- C:\Users\Alfred\Desktop\Vegas Pro 11.0.lnk
[2013/06/11 18:11:23 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/06/11 18:11:23 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/06/10 21:29:48 | 000,001,260 | ---- | M] () -- C:\Windows\Sandboxie.ini
[2013/06/10 17:31:16 | 000,001,495 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013/06/10 17:22:06 | 000,001,105 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/06/10 17:15:55 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/06/10 17:08:51 | 000,002,075 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/06/10 17:08:46 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2013/06/10 17:06:41 | 117,478,104 | ---- | M] () -- C:\Users\Alfred\Desktop\avast_free_antivirus_setup.exe
[2013/06/08 15:43:00 | 003,624,128 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/06/08 15:41:24 | 000,181,064 | ---- | M] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
[2013/06/08 04:40:02 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/06/08 04:13:19 | 002,706,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/05/22 20:05:06 | 000,001,497 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts_bak_271
[2013/05/22 11:07:26 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013/05/22 11:07:24 | 000,263,584 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013/05/22 11:07:24 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013/05/22 11:07:24 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013/05/22 11:07:23 | 000,866,720 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2013/05/22 11:07:23 | 000,788,896 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2013/05/21 22:50:59 | 000,001,907 | ---- | M] () -- C:\Users\Alfred\Desktop\psx emulation cheater.lnk
[2013/05/21 22:47:11 | 000,000,854 | ---- | M] () -- C:\Users\Public\Desktop\BitTorrent.lnk
[2013/05/20 16:33:30 | 000,031,636 | ---- | M] () -- C:\Users\Public\Documents\Backup Memory Cards.rar
[2013/05/18 13:38:23 | 000,001,485 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts_bak_860
[2013/05/17 17:48:09 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts_bak_496
[2013/05/16 18:26:04 | 000,042,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013/05/16 18:25:33 | 000,493,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/05/16 18:25:27 | 002,877,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/05/16 18:25:27 | 000,039,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/05/16 18:25:26 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013/05/16 18:25:26 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013/05/16 18:25:26 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/06/12 20:17:39 | 000,001,062 | ---- | C] () -- C:\Users\Alfred\Desktop\Vegas Pro 11.0.lnk
[2013/06/10 21:19:37 | 000,001,260 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2013/06/10 17:22:06 | 000,001,105 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/06/10 17:22:04 | 000,001,117 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013/06/10 17:15:55 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/06/10 17:08:51 | 000,002,075 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/06/10 17:08:47 | 000,174,664 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013/06/10 17:08:47 | 000,049,376 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2013/06/10 17:05:32 | 117,478,104 | ---- | C] () -- C:\Users\Alfred\Desktop\avast_free_antivirus_setup.exe
[2013/05/23 16:49:00 | 000,032,768 | ---- | C] () -- C:\Windows\System32\drivers\sp_rsdrv2.sys
[2013/05/21 22:50:59 | 000,001,907 | ---- | C] () -- C:\Users\Alfred\Desktop\psx emulation cheater.lnk
[2013/05/21 22:47:11 | 000,000,854 | ---- | C] () -- C:\Users\Public\Desktop\BitTorrent.lnk
[2013/05/20 16:33:30 | 000,031,636 | ---- | C] () -- C:\Users\Public\Documents\Backup Memory Cards.rar
[2013/03/16 14:55:42 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/03/16 14:55:42 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/03/16 14:55:42 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/03/16 14:55:42 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/03/16 14:55:42 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/03/05 23:17:28 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/12/19 08:18:48 | 000,202,904 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT
[2011/12/06 03:27:36 | 000,204,960 | ---- | C] () -- C:\Windows\System32\ativvsvl.dat
[2011/12/06 03:27:36 | 000,157,152 | ---- | C] () -- C:\Windows\System32\ativvsva.dat
[2011/11/14 20:47:24 | 000,608,507 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011/09/13 00:06:18 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat
 
========== ZeroAccess Check ==========
 
[2009/07/13 21:42:31 | 000,000,227 | ---- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 21:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 14:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 18:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*.* >
[2009/06/10 14:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/06/10 14:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2013/06/13 10:12:36 | 2307,821,568 | -HS- | M] () -- C:\hiberfil.sys
[2013/06/13 10:12:37 | 3077,095,424 | -HS- | M] () -- C:\pagefile.sys
 
< %systemroot%\*. /mp /s >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2013-06-12 17:40:40
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 157 bytes -> C:\ProgramData\TEMP:1CE11B51

< End of report >
 


OTL Extras logfile created on: 6/13/2013 6:33:55 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Alfred\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.87 Gb Total Physical Memory | 2.10 Gb Available Physical Memory | 73.37% Memory free
5.73 Gb Paging File | 4.90 Gb Available in Paging File | 85.44% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 203.49 Gb Total Space | 80.10 Gb Free Space | 39.36% Space Free | Partition Type: NTFS
Drive E: | 2.39 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
 
Computer Name: ALFRED-PC | User Name: Alfred | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{B99ADA06-7F1B-45E0-97CF-111F9757A78F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D35FCAD1-99C5-4214-8E47-A2D7ACB638EB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2805F0CC-1D0C-493B-89E8-FAAE94E0A2BE}" = protocol=17 | dir=in | app=c:\users\alfred\appdata\roaming\bittorrent\bittorrent.exe |
"{47853DDE-5EEE-4917-A987-DFF382E92167}" = protocol=6 | dir=in | app=c:\users\alfred\appdata\roaming\bittorrent\bittorrent.exe |
"{49099D39-B1A8-413F-9486-63E653A4217D}" = protocol=17 | dir=in | app=c:\program files\thq\gas powered games\gpgnet\gpg.multiplayer.client.exe |
"{75911E4C-56B7-4D15-AE7F-4E4A435B83DD}" = protocol=17 | dir=in | app=c:\program files\thq\gas powered games\supreme commander\bin\supremecommander.exe |
"{A15F5227-F9F1-42F0-BC2A-1F2A82C93A2C}" = protocol=6 | dir=in | app=c:\program files\thq\gas powered games\gpgnet\gpg.multiplayer.client.exe |
"{B25A8E43-A339-4400-A9B9-84E7A10ABD50}" = protocol=6 | dir=in | app=c:\program files\thq\gas powered games\supreme commander\bin\supremecommander.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{25A1E6A4-2DBD-4AC0-8650-8EA9A45B183D}" = Supreme Commander
"{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 21
"{32A3A4F4-B792-11D6-A78A-00B0D0170210}" = Java SE Development Kit 7 Update 21
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6AEFCA01-8DF1-11E1-A17B-F04DA23A5C58}" = Vegas Pro 11.0
"{9158FF30-78D7-40EF-B83E-451AC5334640}" = Adobe Photoshop CS5.1
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{C194D333-B84A-4BB7-B35E-060732D98DC4}" = GPGNet
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"avast" = avast! Free Antivirus
"BitTorrent" = BitTorrent
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"IsoBuster_is1" = IsoBuster 2.8.5
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 21.0 (x86 en-US)" = Mozilla Firefox 21.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)
"PowerISO" = PowerISO
"Speakonia_is1" = Speakonia
"tv_enua" = Lernout & Hauspie TruVoice American English TTS Engine
"VLC media player" = VLC media player 2.0.6
"WinRAR archiver" = WinRAR 4.11 (32-bit)
"YU2010_is1" = Your Uninstaller! 2010
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 6/10/2013 8:02:20 PM | Computer Name = Alfred-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
 in the System Writer Object.  Details: AddLegacyDriverFiles: Unable to back up image
 of binary aswFsBlk.  System Error: The system cannot find the file specified.  .
 
Error - 6/10/2013 8:02:20 PM | Computer Name = Alfred-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
 in the System Writer Object.  Details: AddLegacyDriverFiles: Unable to back up image
 of binary aswMonFlt.  System Error: The system cannot find the file specified.  .
 
Error - 6/10/2013 8:02:20 PM | Computer Name = Alfred-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
 in the System Writer Object.  Details: AddLegacyDriverFiles: Unable to back up image
 of binary aswRdr.  System Error: The system cannot find the file specified.  .
 
Error - 6/10/2013 8:02:20 PM | Computer Name = Alfred-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
 in the System Writer Object.  Details: AddLegacyDriverFiles: Unable to back up image
 of binary aswRvrt.  System Error: The system cannot find the file specified.  .
 
Error - 6/10/2013 8:02:20 PM | Computer Name = Alfred-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
 in the System Writer Object.  Details: AddLegacyDriverFiles: Unable to back up image
 of binary aswSnx.  System Error: The system cannot find the file specified.  .
 
Error - 6/10/2013 8:02:20 PM | Computer Name = Alfred-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
 in the System Writer Object.  Details: AddLegacyDriverFiles: Unable to back up image
 of binary aswSP.  System Error: The system cannot find the file specified.  .
 
Error - 6/10/2013 8:02:20 PM | Computer Name = Alfred-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
 in the System Writer Object.  Details: AddLegacyDriverFiles: Unable to back up image
 of binary avast! Network Shield Support.  System Error: The system cannot find the
 file specified.  .
 
Error - 6/10/2013 8:02:20 PM | Computer Name = Alfred-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
 in the System Writer Object.  Details: AddLegacyDriverFiles: Unable to back up image
 of binary aswVmm.  System Error: The system cannot find the file specified.  .
 
Error - 6/12/2013 1:29:25 AM | Computer Name = Alfred-PC | Source = Application Error | ID = 1000
Description = Faulting application name: firefox.exe, version: 21.0.0.4879, time
 stamp: 0x518ec3cc  Faulting module name: xul.dll, version: 21.0.0.4879, time stamp:
 0x518ec306  Exception code: 0xc0000005  Fault offset: 0x001c9789  Faulting process id:
 0xd38  Faulting application start time: 0x01ce672d7352b3f3  Faulting application path:
 C:\Program Files\Mozilla Firefox\firefox.exe  Faulting module path: C:\Program Files\Mozilla
 Firefox\xul.dll  Report Id: 0aa5698d-d321-11e2-a87d-386077835b4f
 
Error - 6/12/2013 9:38:28 PM | Computer Name = Alfred-PC | Source = MsiInstaller | ID = 11935
Description = Product: MSVCRT Redists -- Error 1935. An error occurred during the
 installation of assembly 'Microsoft.VC90.ATL,version="9.0.30729.4148",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="x86",type="win32"'.
 Please refer to Help and Support for more information. HRESULT: 0x80070003. assembly
 interface: IAssemblyCache, function: CreateAssemblyCacheItem, component: {A75F2217-AD54-3EA6-AE14-F255F8660531}
 
[ System Events ]
Error - 6/10/2013 7:42:51 PM | Computer Name = Alfred-PC | Source = WMPNetworkSvc | ID = 866300
Description = Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder)
 encountered error '0x80070420'. Verify that the UPnPHost service is running and
 that the UPnPHost component of Windows is installed properly.
 
Error - 6/10/2013 8:26:48 PM | Computer Name = Alfred-PC | Source = WMPNetworkSvc | ID = 866300
Description = Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder)
 encountered error '0x80004005'. Verify that the UPnPHost service is running and
 that the UPnPHost component of Windows is installed properly.
 
Error - 6/10/2013 9:31:42 PM | Computer Name = Alfred-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service.  However,
 the system is configured to not allow interactive services.  This service may not
 function properly.
 
Error - 6/10/2013 9:36:02 PM | Computer Name = Alfred-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service.  However,
 the system is configured to not allow interactive services.  This service may not
 function properly.
 
Error - 6/10/2013 9:41:13 PM | Computer Name = Alfred-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service.  However,
 the system is configured to not allow interactive services.  This service may not
 function properly.
 
Error - 6/11/2013 12:33:26 AM | Computer Name = Alfred-PC | Source = WMPNetworkSvc | ID = 866300
Description = Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder)
 encountered error '0x80070420'. Verify that the UPnPHost service is running and
 that the UPnPHost component of Windows is installed properly.
 
Error - 6/12/2013 1:20:36 PM | Computer Name = Alfred-PC | Source = WMPNetworkSvc | ID = 866300
Description = Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder)
 encountered error '0x80004005'. Verify that the UPnPHost service is running and
 that the UPnPHost component of Windows is installed properly.
 
Error - 6/12/2013 3:51:58 PM | Computer Name = Alfred-PC | Source = WMPNetworkSvc | ID = 866300
Description = Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder)
 encountered error '0x80004005'. Verify that the UPnPHost service is running and
 that the UPnPHost component of Windows is installed properly.
 
Error - 6/13/2013 1:12:56 PM | Computer Name = Alfred-PC | Source = WMPNetworkSvc | ID = 866300
Description = Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder)
 encountered error '0x80004005'. Verify that the UPnPHost service is running and
 that the UPnPHost component of Windows is installed properly.
 
Error - 6/13/2013 1:18:11 PM | Computer Name = Alfred-PC | Source = Service Control Manager | ID = 7022
Description = The Windows Update service hung on starting.
 
 
< End of report >
 



#18 The Dark Knight

The Dark Knight

    Malware Vigilante


  • Members
  • 651 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:59 AM

Posted 14 June 2013 - 03:59 AM

Good evening Slayer90,

 

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :OTL

    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

     

     

    :Commands
    [EmptyTemp]

  • Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

=====

 

OTL didn't show anything particularly suspicious. I do notice, however, that you appear to have emulators and BitTorrent. These programs (and the sites you get them from) aren't considered safe (this is true for most) and it is possible you acquired the infection from one of these places. In saying that, the logs so far are not showing signs of an infection.

 

Please download HitmanPro.

  • For 32-bit Operating System - dEMD6.gif.
  • This is the mirror - dEMD6.gif
  • For 64-bit Operating System - dEMD6.gif
  • This is the mirror - dEMD6.gif
  • Launch the program by double clicking on the 5vo5F.jpg icon. (Windows Vista/7 users right click on the HitmanPro icon and select Run as administrator).

  • Click on the next button. You must agree with the terms of EULA.
  • Check the box beside "No, I only want to perform a one-time scan to check this computer".
  • Click on the next button.
  • The program will start to scan the computer. The scan will typically take no more than 2-3 minutes.
  • When the scan is done click on drop-down menu of the found entries (if any) and choose - Apply to all => Ignore <= IMPORTANT!!!
  • on the next button.
  • Click on the "Export scan results to XML file".

 

=====

 

In your reply please provide the contents of the OTL fix log and the results from HitmanPro.


If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!


If I have helped you please consider donating to the Neuroscience Research Institute.


Posted Image
Posted Image


#19 Slayer90

Slayer90
  • Topic Starter

  • Members
  • 209 posts
  • OFFLINE
  •  
  • Local time:06:59 AM

Posted 14 June 2013 - 01:05 PM

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Alfred
->Temp folder emptied: 41870 bytes
->Temporary Internet Files folder emptied: 6837005 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 16025054 bytes
->Flash cache emptied: 506 bytes
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 18217088 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 39.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 06142013_105441

Files\Folders moved on Reboot...
File\Folder C:\Windows\temp\sigBEBC.tmp not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
 



#20 Slayer90

Slayer90
  • Topic Starter

  • Members
  • 209 posts
  • OFFLINE
  •  
  • Local time:06:59 AM

Posted 14 June 2013 - 01:18 PM

HitmanPro 3.7.6.201
www.hitmanpro.com

   Computer name . . . . : ALFRED-PC
   Windows . . . . . . . : 6.1.1.7601.X86/2
   User name . . . . . . : Alfred-PC\Alfred
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free

   Scan date . . . . . . : 2013-06-14 11:14:29
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 2m 51s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 0
   Traces  . . . . . . . : 0

   Objects scanned . . . : 796,522
   Files scanned . . . . : 15,317
   Remnants scanned  . . : 261,097 files / 520,108 keys
 

#21 Slayer90

Slayer90
  • Topic Starter

  • Members
  • 209 posts
  • OFFLINE
  •  
  • Local time:06:59 AM

Posted 14 June 2013 - 03:46 PM

My computer symptoms had not disappeared. Internet browsers such as firefox or internet explorer, but I only use firefox unless browsers fail to start. Both tend to slow down or freeze, I can still move my cursor but its stuck in loading cricle, the the Browsers exit on its own.


Edited by Slayer90, 14 June 2013 - 03:47 PM.


#22 The Dark Knight

The Dark Knight

    Malware Vigilante


  • Members
  • 651 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:59 AM

Posted 14 June 2013 - 05:59 PM

Hello Slayer90. :)

 

Please follow these instructions to run ComboFix.exe. Please visit this webpage for download links and instructions for running this tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix (CF).

Please go here to see a list of programs that need to be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall.**

**Note 2: If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.**

Please include the C:\ComboFix.txt in your next reply for further review.


If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!


If I have helped you please consider donating to the Neuroscience Research Institute.


Posted Image
Posted Image


#23 Slayer90

Slayer90
  • Topic Starter

  • Members
  • 209 posts
  • OFFLINE
  •  
  • Local time:06:59 AM

Posted 14 June 2013 - 11:01 PM

ComboFix 13-06-13.01 - Alfred 06/14/2013  20:35:15.47.2 - x86
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.2935.1891 [GMT -7:00]
Running from: c:\users\Alfred\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2013-05-15 to 2013-06-15  )))))))))))))))))))))))))))))))
.
.
2013-06-15 03:44 . 2013-06-15 03:44    --------    d-----w-    c:\users\Public\AppData\Local\temp
2013-06-15 03:44 . 2013-06-15 03:44    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-06-14 18:07 . 2013-06-14 18:17    --------    d-----w-    c:\programdata\HitmanPro
2013-06-14 17:54 . 2013-06-14 17:54    --------    d-----w-    C:\_OTL
2013-06-13 01:52 . 2013-06-13 01:52    --------    d-----w-    c:\users\Alfred\AppData\Roaming\Publish Providers
2013-06-13 01:38 . 2013-06-13 01:47    --------    d-----w-    c:\users\Alfred\AppData\Local\Sony
2013-06-13 01:38 . 2013-06-13 01:38    --------    d-----w-    c:\programdata\Sony
2013-06-13 01:38 . 2013-06-13 01:38    --------    d-----w-    c:\program files\Sony
2013-06-13 01:32 . 2013-06-13 03:22    --------    d-----w-    c:\users\Alfred\AppData\Roaming\Sony
2013-06-12 17:39 . 2013-06-08 11:13    2706432    ----a-w-    c:\windows\system32\mshtml.tlb
2013-06-12 17:39 . 2013-06-08 11:41    218112    ----a-w-    c:\program files\Internet Explorer\sqmapi.dll
2013-06-12 17:34 . 2013-05-13 03:08    903168    ----a-w-    c:\windows\system32\certutil.exe
2013-06-12 17:34 . 2013-05-13 04:45    140288    ----a-w-    c:\windows\system32\cryptsvc.dll
2013-06-12 17:34 . 2013-05-13 04:45    1160192    ----a-w-    c:\windows\system32\crypt32.dll
2013-06-12 17:34 . 2013-05-13 04:45    103936    ----a-w-    c:\windows\system32\cryptnet.dll
2013-06-12 17:34 . 2013-05-13 03:08    43008    ----a-w-    c:\windows\system32\certenc.dll
2013-06-12 17:34 . 2013-04-26 04:55    492544    ----a-w-    c:\windows\system32\win32spl.dll
2013-06-12 17:34 . 2013-05-06 05:06    3913576    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-06-12 17:34 . 2013-05-06 05:06    3968872    ----a-w-    c:\windows\system32\ntkrnlpa.exe
2013-06-12 17:34 . 2013-05-08 05:38    1293672    ----a-w-    c:\windows\system32\drivers\tcpip.sys
2013-06-11 00:22 . 2013-06-11 00:22    --------    d-----w-    c:\program files\Mozilla Maintenance Service
2013-06-11 00:15 . 2013-04-04 21:50    22856    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-06-11 00:08 . 2013-05-09 08:59    368944    ----a-w-    c:\windows\system32\drivers\aswSP.sys
2013-06-11 00:08 . 2013-05-09 08:59    29816    ----a-w-    c:\windows\system32\drivers\aswFsBlk.sys
2013-06-11 00:08 . 2013-05-09 08:59    61680    ----a-w-    c:\windows\system32\drivers\aswRdr2.sys
2013-06-11 00:08 . 2013-05-09 08:59    56080    ----a-w-    c:\windows\system32\drivers\aswTdi.sys
2013-06-11 00:08 . 2013-05-09 08:59    765736    ----a-w-    c:\windows\system32\drivers\aswSnx.sys
2013-06-11 00:08 . 2013-05-09 08:59    49376    ----a-w-    c:\windows\system32\drivers\aswRvrt.sys
2013-06-11 00:08 . 2013-05-09 08:59    174664    ----a-w-    c:\windows\system32\drivers\aswVmm.sys
2013-06-11 00:08 . 2013-05-09 08:59    66336    ----a-w-    c:\windows\system32\drivers\aswMonFlt.sys
2013-06-11 00:08 . 2013-05-09 08:58    41664    ----a-w-    c:\windows\avastSS.scr
2013-06-10 19:29 . 2013-06-11 00:24    --------    d-----r-    C:\Sandbox
2013-06-10 19:28 . 2013-06-11 04:31    --------    d-----w-    c:\program files\Sandboxie
2013-06-10 16:51 . 2013-06-10 16:55    --------    d-----w-    c:\users\Alfred\AppData\Roaming\ImgBurn
2013-06-10 16:50 . 2013-06-11 00:24    --------    d-----w-    c:\program files\ImgBurn
2013-06-10 10:13 . 2013-06-10 12:10    --------    d---a-w-    C:\Kaspersky Rescue Disk 10.0
2013-06-08 22:43 . 2013-06-12 17:39    --------    d-----w-    c:\windows\system32\catroot2
2013-06-08 21:11 . 2013-06-13 00:15    --------    d-----w-    c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-06-08 05:03 . 2013-06-08 05:24    --------    d-----w-    c:\programdata\Paltiosoft
2013-06-06 00:14 . 2013-06-11 00:24    --------    d-----w-    C:\TDSSKiller_Quarantine
2013-06-05 05:26 . 2013-05-14 08:49    7016152    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{1828B086-D7BC-40D9-BC97-A4E99AC6BA19}\mpengine.dll
2013-05-24 15:34 . 2013-05-24 15:34    --------    d-----w-    c:\programdata\Kaspersky Lab
2013-05-23 23:49 . 2011-06-21 18:24    32768    ----a-w-    c:\windows\system32\drivers\sp_rsdrv2.sys
2013-05-22 18:07 . 2013-05-22 18:07    --------    d-----w-    c:\program files\Common Files\Java
2013-05-22 18:07 . 2013-05-22 18:07    94112    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2013-05-22 05:50 . 2013-05-22 05:50    --------    d-----w-    c:\program files\psx emulation cheater
2013-05-18 02:24 . 2013-06-08 22:41    181064    ----a-w-    c:\windows\PSEXESVC.EXE
2013-05-18 02:23 . 2013-05-18 02:23    --------    d-----w-    c:\program files\Tweaking.com
2013-05-18 00:50 . 2013-06-15 03:44    --------    d-----w-    c:\users\Alfred\AppData\Local\temp
2013-05-17 20:48 . 2013-06-11 00:24    --------    d-----w-    c:\windows\ERUNT
2013-05-17 20:48 . 2013-06-11 00:24    --------    d-----w-    C:\JRT
2013-05-17 15:56 . 2013-06-11 00:24    --------    d-----w-    C:\FRST
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-12 01:11 . 2013-03-06 05:39    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-12 01:11 . 2013-03-06 05:39    692104    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-05-22 18:07 . 2013-03-08 22:24    866720    ----a-w-    c:\windows\system32\npDeployJava1.dll
2013-05-22 18:07 . 2013-03-08 22:24    788896    ----a-w-    c:\windows\system32\deployJava1.dll
2013-05-09 08:58 . 2013-03-06 06:51    229648    ----a-w-    c:\windows\system32\aswBoot.exe
2013-05-02 09:06 . 2013-03-06 05:19    238872    ----a-w-    c:\windows\system32\MpSigStub.exe
2013-04-12 13:45 . 2013-04-24 16:51    1211752    ----a-w-    c:\windows\system32\drivers\ntfs.sys
2013-04-10 05:18 . 2013-05-15 23:55    728424    ----a-w-    c:\windows\system32\drivers\dxgkrnl.sys
2013-04-10 05:18 . 2013-05-15 23:55    218984    ----a-w-    c:\windows\system32\drivers\dxgmms1.sys
2013-04-10 03:14 . 2013-05-15 23:55    2347520    ----a-w-    c:\windows\system32\win32k.sys
2013-03-19 04:48 . 2013-04-10 21:09    38912    ----a-w-    c:\windows\system32\csrsrv.dll
2013-03-19 02:49 . 2013-04-10 21:09    69632    ----a-w-    c:\windows\system32\smss.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58    121968    ----a-w-    c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent"="c:\users\Alfred\AppData\Roaming\BitTorrent\BitTorrent.exe" [2013-05-22 1125456]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-16 499608]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2012-02-09 312376]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 22856]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 49664]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 27136]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2013-03-06 1343400]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2012-12-28 70824]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2012-12-28 34984]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-12-06 163328]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-05-09 66336]
S3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [2011-12-23 90736]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-06-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-06 01:11]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Alfred\AppData\Roaming\Mozilla\Firefox\Profiles\kmo4j686.default\
FF - prefs.js: browser.startup.homepage -  hxxp://www.google.ca/
FF - ExtSQL: 2013-06-10 17:08; [email protected]; c:\program files\AVAST Software\Avast\WebRep\FF
FF - ExtSQL: 2013-06-10 17:24; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\Alfred\AppData\Roaming\Mozilla\Firefox\Profiles\kmo4j686.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
.
.
Completion time: 2013-06-14  20:47:00
ComboFix-quarantined-files.txt  2013-06-15 03:46
ComboFix2.txt  2013-05-21 06:22
.
Pre-Run: 92,962,791,424 bytes free
Post-Run: 92,937,334,784 bytes free
.
- - End Of File - - AD554464F82868CE022710ED8D763071
A36C5E4F47E84449FF07ED3517B43A31
 



#24 Slayer90

Slayer90
  • Topic Starter

  • Members
  • 209 posts
  • OFFLINE
  •  
  • Local time:06:59 AM

Posted 15 June 2013 - 12:15 PM

My computer still experience problems. It tends to happen randomly. Sometimes my computer is running just fine then hangs up or slows down. It is possible the bootkit of trojan wasn't successfully quarantined?



#25 The Dark Knight

The Dark Knight

    Malware Vigilante


  • Members
  • 651 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:59 AM

Posted 15 June 2013 - 05:22 PM

Hey Slayer90,

 

Well the tools I have had you run so far haven't found anything that could explain your symptoms.

 

Please download GMER from one of the following locations and save it to your Desktop:

  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your Desktop.

  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    gmer_zip.gif
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress).
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, firewall and any other security programs you had disabled.
-- If you encounter any problems, try running GMER in Safe Mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning
.


If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!


If I have helped you please consider donating to the Neuroscience Research Institute.


Posted Image
Posted Image


#26 Slayer90

Slayer90
  • Topic Starter

  • Members
  • 209 posts
  • OFFLINE
  •  
  • Local time:06:59 AM

Posted 15 June 2013 - 06:56 PM

GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-06-15 16:50:55
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\0000005f ST325082 rev.3.AA 232.89GB
Running: t3bqu019.exe; Driver: C:\Users\Alfred\AppData\Local\Temp\uwdiqpob.sys


---- System - GMER 2.1 ----

SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                    ZwAddBootEntry [0x8FC1E644]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                    ZwAllocateVirtualMemory [0x8F55B668]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                    ZwAssignProcessToJobObject [0x8FC1F0D6]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                    ZwCreateEvent [0x8FC2A89A]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                    ZwCreateEventPair [0x8FC2A8E6]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                    ZwCreateIoCompletion [0x8FC2AA80]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                    ZwCreateMutant [0x8FC2A808]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                    ZwCreateSection [0x8F55BA00]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                    ZwCreateSemaphore [0x8FC2A850]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                    ZwCreateThread [0x8FC1F5D4]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                    ZwCreateThreadEx [0x8FC1F7F0]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                    ZwCreateTimer [0x8FC2AA3A]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                    ZwDebugActiveProcess [0x8FC1FE8C]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                    ZwDeleteBootEntry [0x8FC1E6AA]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                    ZwDuplicateObject [0x8FC236AC]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                    ZwFreeVirtualMemory [0x8F55B730]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                    ZwLoadDriver [0x8F559C80]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                    ZwModifyBootEntry [0x8FC1E710]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                    ZwNotifyChangeKey [0x8FC23A76]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                    ZwNotifyChangeMultipleKeys [0x8FC2091C]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                    ZwOpenEvent [0x8FC2A8C4]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                    ZwOpenEventPair [0x8FC2A908]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                    ZwOpenIoCompletion [0x8FC2AAA4]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                    ZwOpenMutant [0x8FC2A82E]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                    ZwOpenProcess [0x8FC22F92]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                    ZwOpenSection [0x8FC2A9B8]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                    ZwOpenSemaphore [0x8FC2A878]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                    ZwOpenThread [0x8FC23384]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                    ZwOpenTimer [0x8FC2AA5E]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                    ZwProtectVirtualMemory [0x8F55B890]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                    ZwQueryObject [0x8FC207E8]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                    ZwQueueApcThreadEx [0x8FC204F6]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                    ZwSetBootEntryOrder [0x8FC1E776]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                    ZwSetBootOptions [0x8FC1E7DC]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                    ZwSetContextThread [0x8FC1FD06]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                    ZwSetSystemInformation [0x8FC1E32C]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                    ZwSetSystemPowerState [0x8FC1E502]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                    ZwShutdownSystem [0x8FC1E490]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                    ZwSuspendProcess [0x8FC20056]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                    ZwSuspendThread [0x8FC201B8]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                    ZwSystemDebugControl [0x8FC1E58A]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                    ZwTerminateProcess [0x8F55B958]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                    ZwTerminateThread [0x8FC1FCE6]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                    ZwUnloadDriver [0x8F559CB0]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                    ZwVdmControl [0x8FC1E842]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                    ZwWriteVirtualMemory [0x8F55B7DC]

Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                    ZwCreateProcessEx [0x8F574E80]
Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                    ObMakeTemporaryObject

---- Kernel code sections - GMER 2.1 ----

.text           ntkrnlpa.exe!ZwRollbackEnlistment + 140D                                                                                 82A8E9F5 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                                   82AC81F2 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 10CB                                                                                      82ACF410 4 Bytes  [44, E6, C1, 8F]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 10F3                                                                                      82ACF438 4 Bytes  [68, B6, 55, 8F]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1153                                                                                      82ACF498 4 Bytes  [D6, F0, C1, 8F]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 11A7                                                                                      82ACF4EC 8 Bytes  [9A, A8, C2, 8F, E6, A8, C2, ...]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 11B3                                                                                      82ACF4F8 4 Bytes  [80, AA, C2, 8F]
.text           ...                                                                                                                      
PAGE            ntkrnlpa.exe!ObMakeTemporaryObject                                                                                       82C5CD3D 5 Bytes  JMP 8F571D1A \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE            ntkrnlpa.exe!ObInsertObject + 27                                                                                         82C75380 5 Bytes  JMP 8F57384C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE            ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 108                                                                              82C8A4DF 4 Bytes  CALL 8FC20FDF \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE            ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 122                                                                             82CA4333 4 Bytes  CALL 8FC20FF5 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE            ntkrnlpa.exe!ZwCreateProcessEx                                                                                           82D2E21C 7 Bytes  JMP 8F574E84 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text           C:\Windows\system32\DRIVERS\atikmdag.sys                                                                                 section is writeable [0x90E0D000, 0x3C12C5, 0xE8000020]
.text           win32k.sys!EngFntCacheLookUp + 8B22                                                                                      92B60A2B 5 Bytes  JMP 8FC245C6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngCreateRectRgn + 3819                                                                                       92B74B04 5 Bytes  JMP 8FC24712 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngCreateRectRgn + 47FC                                                                                       92B75AE7 5 Bytes  JMP 8FC243DC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngCTGetGammaTable + 310                                                                                      92B9146D 5 Bytes  JMP 8FC2529C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngCTGetGammaTable + 4CE9                                                                                     92B95E46 5 Bytes  JMP 8FC23E3E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngCTGetGammaTable + 6136                                                                                     92B97293 5 Bytes  JMP 8FC254E4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngCTGetGammaTable + BE91                                                                                     92B9CFEE 5 Bytes  JMP 8FC247B8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngCTGetGammaTable + C0E0                                                                                     92B9D23D 5 Bytes  JMP 8FC248CC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngMapFontFileFD + 650                                                                                        92BB6D27 5 Bytes  JMP 8FC23AAC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngMapFontFileFD + 70E                                                                                        92BB6DE5 5 Bytes  JMP 8FC247D6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngMapFontFileFD + 38FE                                                                                       92BB9FD5 5 Bytes  JMP 8FC23BC2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngMapFontFileFD + 39BC                                                                                       92BBA093 5 Bytes  JMP 8FC23CDE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngIsSemaphoreOwnedByCurrentThread + 1EE8                                                                     92BBE715 5 Bytes  JMP 8FC245F2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngUnmapFontFileFD + 2B22                                                                                     92BC8165 5 Bytes  JMP 8FC24316 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngUnmapFontFileFD + ACE0                                                                                     92BD0323 5 Bytes  JMP 8FC23EDE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngUnmapFontFileFD + 14FA1                                                                                    92BDA5E4 5 Bytes  JMP 8FC2514A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngAlphaBlend + 5088                                                                                          92BF1DDE 5 Bytes  JMP 8FC25200 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngBitBlt + 42AE                                                                                              92BFF7B5 5 Bytes  JMP 8FC256FE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngUnlockSurface + B25C                                                                                       92C1507B 5 Bytes  JMP 8FC2524C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngUnlockSurface + CC1B                                                                                       92C16A3A 5 Bytes  JMP 8FC27050 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngDeleteClip + 480C                                                                                          92C278FA 5 Bytes  JMP 8FC23DC6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngEqualRgn + 41E2                                                                                            92C358F2 5 Bytes  JMP 8FC2423A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngEqualRgn + B479                                                                                            92C3CB89 5 Bytes  JMP 8FC255A8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngDeleteRgn + 2198                                                                                           92C53977 5 Bytes  JMP 8FC240F2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngFillPath + 861D                                                                                            92C74A78 5 Bytes  JMP 8FC25656 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!PATHOBJ_vGetBounds + 2EC7                                                                                     92C8C9F8 5 Bytes  JMP 8FC25426 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!PATHOBJ_vGetBounds + 3458                                                                                     92C8CF89 5 Bytes  JMP 8FC23FA6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!PATHOBJ_vGetBounds + 6547                                                                                     92C90078 5 Bytes  JMP 8FC247F4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!PATHOBJ_vGetBounds + 9687                                                                                     92C931B8 5 Bytes  JMP 8FC2400E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!PATHOBJ_vGetBounds + BF6E                                                                                     92C95A9F 5 Bytes  JMP 8FC248AE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           ...                                                                                                                      
.text           win32k.sys!EngCTGetCurrentGamma + 6414                                                                                   92CA1C74 5 Bytes  JMP 8FC24196 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE            spsys.sys!?SPRevision@@3PADA + 4F90                                                                                      9E713000 290 Bytes  [8B, FF, 55, 8B, EC, 33, C0, ...]
PAGE            spsys.sys!?SPRevision@@3PADA + 50B3                                                                                      9E713123 629 Bytes  [E5, 70, 9E, FE, 05, 34, E5, ...]
PAGE            spsys.sys!?SPRevision@@3PADA + 5329                                                                                      9E713399 101 Bytes  [6A, 28, 59, A5, 5E, C6, 03, ...]
PAGE            spsys.sys!?SPRevision@@3PADA + 538F                                                                                      9E7133FF 148 Bytes  [18, 5D, C2, 14, 00, 8B, FF, ...]
PAGE            spsys.sys!?SPRevision@@3PADA + 543B                                                                                      9E7134AB 2228 Bytes  [8B, FF, 55, 8B, EC, FF, 75, ...]
PAGE            ...                                                                                                                      

---- User code sections - GMER 2.1 ----

.text           C:\Windows\system32\csrss.exe[540] kernel32.dll!GetBinaryTypeW + 70                                                      761A69F4 1 Byte  [62]
.text           C:\Windows\system32\wininit.exe[608] kernel32.dll!GetBinaryTypeW + 70                                                    761A69F4 1 Byte  [62]
.text           C:\Windows\system32\csrss.exe[620] kernel32.dll!GetBinaryTypeW + 70                                                      761A69F4 1 Byte  [62]
.text           C:\Windows\system32\services.exe[660] kernel32.dll!GetBinaryTypeW + 70                                                   761A69F4 1 Byte  [62]
.text           C:\Windows\system32\lsass.exe[676] kernel32.dll!GetBinaryTypeW + 70                                                      761A69F4 1 Byte  [62]
.text           ...                                                                                                                      
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[1248] ntdll.dll!LdrUnloadDll                                  77CCC86E 5 Bytes  JMP 001F03FC
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[1248] ntdll.dll!LdrLoadDll                                    77CD223E 5 Bytes  JMP 001F01F8
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[1248] KERNEL32.dll!GetBinaryTypeW + 70                        761A69F4 1 Byte  [62]
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[1248] USER32.dll!UnhookWindowsHookEx                          764CADF9 5 Bytes  JMP 00210A08
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[1248] USER32.dll!UnhookWinEvent                               764CB750 5 Bytes  JMP 002103FC
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[1248] USER32.dll!SetWindowsHookExW                            764CE30C 5 Bytes  JMP 00210804
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[1248] USER32.dll!SetWinEventHook                              764D24DC 5 Bytes  JMP 002101F8
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[1248] USER32.dll!SetWindowsHookExA                            764F6D0C 5 Bytes  JMP 00210600
.text           C:\Windows\system32\svchost.exe[1300] kernel32.dll!GetBinaryTypeW + 70                                                   761A69F4 1 Byte  [62]
.text           C:\Windows\system32\atieclxx.exe[1396] kernel32.dll!GetBinaryTypeW + 70                                                  761A69F4 1 Byte  [62]
.text           C:\Windows\System32\svchost.exe[1420] kernel32.dll!GetBinaryTypeW + 70                                                   761A69F4 1 Byte  [62]
.text           C:\Windows\system32\svchost.exe[1432] kernel32.dll!GetBinaryTypeW + 70                                                   761A69F4 1 Byte  [62]
.text           C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1580] kernel32.dll!GetBinaryTypeW + 70                                761A69F4 1 Byte  [62]
.text           ...                                                                                                                      
.text           C:\Windows\system32\ctfmon.exe[2676] ntdll.dll!LdrUnloadDll                                                              77CCC86E 5 Bytes  JMP 000E03FC
.text           C:\Windows\system32\ctfmon.exe[2676] ntdll.dll!LdrLoadDll                                                                77CD223E 5 Bytes  JMP 000E01F8
.text           C:\Windows\system32\ctfmon.exe[2676] KERNEL32.dll!GetBinaryTypeW + 70                                                    761A69F4 1 Byte  [62]
.text           C:\Windows\system32\ctfmon.exe[2676] USER32.dll!UnhookWindowsHookEx                                                      764CADF9 5 Bytes  JMP 000F0A08
.text           C:\Windows\system32\ctfmon.exe[2676] USER32.dll!UnhookWinEvent                                                           764CB750 5 Bytes  JMP 000F03FC
.text           C:\Windows\system32\ctfmon.exe[2676] USER32.dll!SetWindowsHookExW                                                        764CE30C 5 Bytes  JMP 000F0804
.text           C:\Windows\system32\ctfmon.exe[2676] USER32.dll!SetWinEventHook                                                          764D24DC 5 Bytes  JMP 000F01F8
.text           C:\Windows\system32\ctfmon.exe[2676] USER32.dll!SetWindowsHookExA                                                        764F6D0C 5 Bytes  JMP 000F0600
.text           C:\Windows\system32\AUDIODG.EXE[2688] kernel32.dll!GetBinaryTypeW + 70                                                   761A69F4 1 Byte  [62]
.text           C:\Windows\system32\svchost.exe[2960] ntdll.dll!LdrUnloadDll                                                             77CCC86E 5 Bytes  JMP 000703FC
.text           C:\Windows\system32\svchost.exe[2960] ntdll.dll!LdrLoadDll                                                               77CD223E 5 Bytes  JMP 000701F8
.text           C:\Windows\system32\svchost.exe[2960] KERNEL32.dll!GetBinaryTypeW + 70                                                   761A69F4 1 Byte  [62]
.text           C:\Windows\system32\svchost.exe[2960] USER32.dll!UnhookWindowsHookEx                                                     764CADF9 5 Bytes  JMP 00090A08
.text           C:\Windows\system32\svchost.exe[2960] USER32.dll!UnhookWinEvent                                                          764CB750 5 Bytes  JMP 000903FC
.text           C:\Windows\system32\svchost.exe[2960] USER32.dll!SetWindowsHookExW                                                       764CE30C 5 Bytes  JMP 00090804
.text           C:\Windows\system32\svchost.exe[2960] USER32.dll!SetWinEventHook                                                         764D24DC 5 Bytes  JMP 000901F8
.text           C:\Windows\system32\svchost.exe[2960] USER32.dll!SetWindowsHookExA                                                       764F6D0C 5 Bytes  JMP 00090600
.text           C:\Users\Alfred\Desktop\t3bqu019.exe[3144] kernel32.dll!GetBinaryTypeW + 70                                              761A69F4 1 Byte  [62]
.text           C:\Windows\System32\WUDFHost.exe[3176] ntdll.dll!LdrUnloadDll                                                            77CCC86E 5 Bytes  JMP 001303FC
.text           C:\Windows\System32\WUDFHost.exe[3176] ntdll.dll!LdrLoadDll                                                              77CD223E 5 Bytes  JMP 001301F8
.text           C:\Windows\System32\WUDFHost.exe[3176] KERNEL32.dll!GetBinaryTypeW + 70                                                  761A69F4 1 Byte  [62]
.text           C:\Windows\System32\WUDFHost.exe[3176] USER32.dll!UnhookWindowsHookEx                                                    764CADF9 5 Bytes  JMP 00150A08
.text           C:\Windows\System32\WUDFHost.exe[3176] USER32.dll!UnhookWinEvent                                                         764CB750 5 Bytes  JMP 001503FC
.text           C:\Windows\System32\WUDFHost.exe[3176] USER32.dll!SetWindowsHookExW                                                      764CE30C 5 Bytes  JMP 00150804
.text           C:\Windows\System32\WUDFHost.exe[3176] USER32.dll!SetWinEventHook                                                        764D24DC 5 Bytes  JMP 001501F8
.text           C:\Windows\System32\WUDFHost.exe[3176] USER32.dll!SetWindowsHookExA                                                      764F6D0C 5 Bytes  JMP 00150600
.text           C:\Windows\system32\Dwm.exe[3544] ntdll.dll!LdrUnloadDll                                                                 77CCC86E 5 Bytes  JMP 001203FC
.text           C:\Windows\system32\Dwm.exe[3544] ntdll.dll!LdrLoadDll                                                                   77CD223E 5 Bytes  JMP 001201F8
.text           C:\Windows\system32\Dwm.exe[3544] KERNEL32.dll!GetBinaryTypeW + 70                                                       761A69F4 1 Byte  [62]
.text           C:\Windows\system32\Dwm.exe[3544] USER32.dll!UnhookWindowsHookEx                                                         764CADF9 5 Bytes  JMP 00130A08
.text           C:\Windows\system32\Dwm.exe[3544] USER32.dll!UnhookWinEvent                                                              764CB750 5 Bytes  JMP 001303FC
.text           C:\Windows\system32\Dwm.exe[3544] USER32.dll!SetWindowsHookExW                                                           764CE30C 5 Bytes  JMP 00130804
.text           C:\Windows\system32\Dwm.exe[3544] USER32.dll!SetWinEventHook                                                             764D24DC 5 Bytes  JMP 001301F8
.text           C:\Windows\system32\Dwm.exe[3544] USER32.dll!SetWindowsHookExA                                                           764F6D0C 5 Bytes  JMP 00130600
.text           C:\Windows\Explorer.EXE[3568] ntdll.dll!LdrUnloadDll                                                                     77CCC86E 5 Bytes  JMP 000E03FC
.text           C:\Windows\Explorer.EXE[3568] ntdll.dll!LdrLoadDll                                                                       77CD223E 5 Bytes  JMP 000E01F8
.text           C:\Windows\Explorer.EXE[3568] KERNEL32.dll!GetBinaryTypeW + 70                                                           761A69F4 1 Byte  [62]
.text           C:\Windows\Explorer.EXE[3568] USER32.dll!UnhookWindowsHookEx                                                             764CADF9 5 Bytes  JMP 00100A08
.text           C:\Windows\Explorer.EXE[3568] USER32.dll!UnhookWinEvent                                                                  764CB750 5 Bytes  JMP 001003FC
.text           C:\Windows\Explorer.EXE[3568] USER32.dll!SetWindowsHookExW                                                               764CE30C 5 Bytes  JMP 00100804
.text           C:\Windows\Explorer.EXE[3568] USER32.dll!SetWinEventHook                                                                 764D24DC 5 Bytes  JMP 001001F8
.text           C:\Windows\Explorer.EXE[3568] USER32.dll!SetWindowsHookExA                                                               764F6D0C 5 Bytes  JMP 00100600
.text           C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[3792] ntdll.dll!LdrUnloadDll                 77CCC86E 5 Bytes  JMP 000F03FC
.text           C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[3792] ntdll.dll!LdrLoadDll                   77CD223E 5 Bytes  JMP 000F01F8
.text           C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[3792] KERNEL32.dll!GetBinaryTypeW + 70       761A69F4 1 Byte  [62]
.text           C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[3792] USER32.dll!UnhookWindowsHookEx         764CADF9 5 Bytes  JMP 00100A08
.text           C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[3792] USER32.dll!UnhookWinEvent              764CB750 5 Bytes  JMP 001003FC
.text           C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[3792] USER32.dll!SetWindowsHookExW           764CE30C 5 Bytes  JMP 00100804
.text           C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[3792] USER32.dll!SetWinEventHook             764D24DC 5 Bytes  JMP 001001F8
.text           C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[3792] USER32.dll!SetWindowsHookExA           764F6D0C 5 Bytes  JMP 00100600
.text           C:\Program Files\Windows Media Player\wmpnetwk.exe[3872] ntdll.dll!LdrUnloadDll                                          77CCC86E 5 Bytes  JMP 000B03FC
.text           C:\Program Files\Windows Media Player\wmpnetwk.exe[3872] ntdll.dll!LdrLoadDll                                            77CD223E 5 Bytes  JMP 000B01F8
.text           C:\Program Files\Windows Media Player\wmpnetwk.exe[3872] KERNEL32.dll!GetBinaryTypeW + 70                                761A69F4 1 Byte  [62]
.text           C:\Program Files\Windows Media Player\wmpnetwk.exe[3872] USER32.dll!UnhookWindowsHookEx                                  764CADF9 5 Bytes  JMP 000D0A08
.text           C:\Program Files\Windows Media Player\wmpnetwk.exe[3872] USER32.dll!UnhookWinEvent                                       764CB750 5 Bytes  JMP 000D03FC
.text           C:\Program Files\Windows Media Player\wmpnetwk.exe[3872] USER32.dll!SetWindowsHookExW                                    764CE30C 5 Bytes  JMP 000D0804
.text           C:\Program Files\Windows Media Player\wmpnetwk.exe[3872] USER32.dll!SetWinEventHook                                      764D24DC 5 Bytes  JMP 000D01F8
.text           C:\Program Files\Windows Media Player\wmpnetwk.exe[3872] USER32.dll!SetWindowsHookExA                                    764F6D0C 5 Bytes  JMP 000D0600

---- User IAT/EAT - GMER 2.1 ----

IAT             C:\Program Files\AVAST Software\Avast\AvastUI.exe[1032] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]   [72560790] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software)
IAT             C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1580] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]  [72560790] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software)

---- Devices - GMER 2.1 ----

Device          \FileSystem\Ntfs \Ntfs                                                                                                   aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice  \Driver\tdx \Device\Tcp                                                                                                  aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice  \Driver\tdx \Device\Udp                                                                                                  aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

---- EOF - GMER 2.1 ----
 



#27 Slayer90

Slayer90
  • Topic Starter

  • Members
  • 209 posts
  • OFFLINE
  •  
  • Local time:06:59 AM

Posted 15 June 2013 - 11:31 PM

Is the rootkit gone? Because, it so I sill need clean my computer of possible multiple trojan infections. I change my Email password again but still I keep getting email spams send by my own Email address with malicious links to it.So it clearly means I still keep getting keytroke. What every I tried these backdoor trojans are quite sophisticated at hiding from even the most developed and updated anti malwares.



#28 The Dark Knight

The Dark Knight

    Malware Vigilante


  • Members
  • 651 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:59 AM

Posted 16 June 2013 - 04:37 PM

Hello Slayer90,

 

If it is indeed a trojan or rootkit it will still be present because none of the logs you have posted show signs of any removals.

 

Please download the Sophos Virus Removal Tool and save it to your desktop:

  • Be sure to view the 3 short How-to videos on that page.
  • Double-click Sophos Virus Removal Tool.exe. The installation files will extract and the installer will automatically run.
  • Follow the prompts to accept the license agreement, and accept the default location.
  • A message will appear "InstallShield Wizard Completed".
  • Click 'Finish' to start the program.
  • After it updates and a "Start Scanning" button appears in the lower right:
    • Disconnect from the Internet or physically unplug you Internet cable connection.
    • Close all open programs, scheduling/updating tasks and background processes that might activate during the scan including the screensaver.
    • Temporarily disable your anti-virus and real-time anti-spyware protection.
  • Click the "Start Scanning" button in the lower right to start the scan.
  • After starting the scan, do not use the computer until the scan has completed.
  • When finished, if it detected anything there will be a "Start Clean-up" button, click it and allow it to finish.
  • When finished, re-enable your anti-virus/anti-malware (or reboot) and then you can reconnect to the Internet.
  • A log will be in the following location:
    • Vista and above: C:\ProgramData\Sophos\Sophos Virus Removal Tool\Logs\SophosVirusRemovalTool.log
      --for 64-bit C:\Program Files (x86)\Sophos\Sophos Virus Removal Tool\Logs\SophosVirusRemovalTool.log
       
    • 2000/XP/Server 2003: C:\Documents and Settings\All Users\Application Data\Sophos\Sophos Virus Removal Tool\Logs\SophosVirusRemovalTool.log
  • Please post the log in your next reply.


If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!


If I have helped you please consider donating to the Neuroscience Research Institute.


Posted Image
Posted Image


#29 Slayer90

Slayer90
  • Topic Starter

  • Members
  • 209 posts
  • OFFLINE
  •  
  • Local time:06:59 AM

Posted 16 June 2013 - 06:33 PM

2013-06-16 14:49:37    Sophos Virus Removal Tool version 2.3
2013-06-16 14:49:37    Copyright © 2009-2012 Sophos Limited. All rights reserved.

2013-06-16 14:49:37    This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2013-06-16 14:49:37    Windows version 6.1 SP 1.0 Service Pack 1 build 7601 SM=0x300 PT=0x1 Win32
2013-06-16 14:49:37    Checking for updates...
2013-06-16 14:49:52    Option all = no
2013-06-16 14:49:52    Option recurse = yes
2013-06-16 14:49:52    Option archive = no
2013-06-16 14:49:52    Option service = yes
2013-06-16 14:49:52    Option confirm = yes
2013-06-16 14:49:52    Option sxl = yes
2013-06-16 14:49:52    Option max-data-age = 35
2013-06-16 14:49:52    Component SVRTcli.exe version 2.3
2013-06-16 14:49:52    Component control.dll version 2.3
2013-06-16 14:49:52    Component SVRTservice.exe version 2.3
2013-06-16 14:49:52    Component engine\osdp.dll version 1.44.0.2091
2013-06-16 14:49:52    Component engine\veex.dll version 3.44.1.2091
2013-06-16 14:49:52    Component engine\savi.dll version 7.5.12.2091
2013-06-16 14:49:52    Component rkdisk.dll version 1.5.30.0
2013-06-16 14:49:52    Version info:    Product version    2.3
2013-06-16 14:49:52    Version info:    Detection engine    3.44.1
2013-06-16 14:49:52    Version info:    Detection data    4.90
2013-06-16 14:49:52    Version info:    Build date    6/13/2013
2013-06-16 14:49:52    Version info:    Data files added    294
2013-06-16 14:49:52    Version info:    Last successful update    (not yet updated)
2013-06-16 14:49:59    Update progress: proxy server not available
2013-06-16 14:54:38    Sophos Virus Removal Tool version 2.3
2013-06-16 14:54:38    Copyright © 2009-2012 Sophos Limited. All rights reserved.

2013-06-16 14:54:38    This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2013-06-16 14:54:38    Windows version 6.1 SP 1.0 Service Pack 1 build 7601 SM=0x300 PT=0x1 Win32

2013-06-16 14:54:40    Scan completed.
2013-06-16 14:54:40    

------------------------------------------------------------

2013-06-16 15:00:17    Sophos Virus Removal Tool version 2.3
2013-06-16 15:00:17    Copyright © 2009-2012 Sophos Limited. All rights reserved.

2013-06-16 15:00:17    This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2013-06-16 15:00:17    Windows version 6.1 SP 1.0 Service Pack 1 build 7601 SM=0x300 PT=0x1 Win32
2013-06-16 15:00:17    Checking for updates...
2013-06-16 15:00:17    Update progress: proxy server not configured
2013-06-16 15:00:28    Option all = no
2013-06-16 15:00:28    Option recurse = yes
2013-06-16 15:00:28    Option archive = no
2013-06-16 15:00:28    Option service = yes
2013-06-16 15:00:28    Option confirm = yes
2013-06-16 15:00:28    Option sxl = yes
2013-06-16 15:00:28    Option max-data-age = 35
2013-06-16 15:00:28    Component SVRTcli.exe version 2.3
2013-06-16 15:00:28    Component control.dll version 2.3
2013-06-16 15:00:28    Component SVRTservice.exe version 2.3
2013-06-16 15:00:28    Component engine\osdp.dll version 1.44.0.2091
2013-06-16 15:00:28    Component engine\veex.dll version 3.44.1.2091
2013-06-16 15:00:29    Component engine\savi.dll version 7.5.12.2091
2013-06-16 15:00:29    Component rkdisk.dll version 1.5.30.0
2013-06-16 15:00:29    Version info:    Product version    2.3
2013-06-16 15:00:29    Version info:    Detection engine    3.44.1
2013-06-16 15:00:29    Version info:    Detection data    4.90
2013-06-16 15:00:29    Version info:    Build date    6/13/2013
2013-06-16 15:00:29    Version info:    Data files added    294
2013-06-16 15:00:29    Version info:    Last successful update    (not yet updated)
2013-06-16 15:02:03    Downloading updates...
2013-06-16 15:02:03    Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0
2013-06-16 15:02:03    Update progress: [I49502] Found supplement SAVIW32 LATEST 4
2013-06-16 15:02:03    Update progress: [I49502] Found supplement IDE491 LATEST
2013-06-16 15:02:03    Update progress: [I49502] Found supplement IDE492 LATEST
2013-06-16 15:02:03    Update progress: [I49502] Found supplement IDE493 LATEST
2013-06-16 15:02:03    Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1
2013-06-16 15:02:03    Update progress: [I19463] Syncing product SAVIW32 29
2013-06-16 15:02:12    Update progress: [I19463] Syncing product IDE491 181
2013-06-16 15:02:13    Update progress: [I19463] Syncing product IDE492 118
2013-06-16 15:02:14    Installing updates...
2013-06-16 15:02:15    Update progress: [I19463] Syncing product IDE493 1
2013-06-16 15:02:28    Update successful
2013-06-16 15:02:46    Option all = no
2013-06-16 15:02:46    Option recurse = yes
2013-06-16 15:02:46    Option archive = no
2013-06-16 15:02:46    Option service = yes
2013-06-16 15:02:46    Option confirm = yes
2013-06-16 15:02:46    Option sxl = yes
2013-06-16 15:02:46    Option max-data-age = 35
2013-06-16 15:02:46    Component SVRTcli.exe version 2.3
2013-06-16 15:02:46    Component control.dll version 2.3
2013-06-16 15:02:46    Component SVRTservice.exe version 2.3
2013-06-16 15:02:46    Component engine\osdp.dll version 1.44.0.2091
2013-06-16 15:02:46    Component engine\veex.dll version 3.44.1.2091
2013-06-16 15:02:46    Component engine\savi.dll version 7.5.12.2091
2013-06-16 15:02:46    Component rkdisk.dll version 1.5.30.0
2013-06-16 15:02:46    Version info:    Product version    2.3
2013-06-16 15:02:46    Version info:    Detection engine    3.44.1
2013-06-16 15:02:46    Version info:    Detection data    4.90G
2013-06-16 15:02:46    Version info:    Build date    6/13/2013
2013-06-16 15:02:46    Version info:    Data files added    295
2013-06-16 15:02:46    Version info:    Last successful update    6/16/2013 3:02:28 PM

2013-06-16 15:03:39    Scan completed.
2013-06-16 15:03:39    

------------------------------------------------------------

2013-06-16 15:03:57    Sophos Virus Removal Tool version 2.3
2013-06-16 15:03:57    Copyright © 2009-2012 Sophos Limited. All rights reserved.

2013-06-16 15:03:57    This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2013-06-16 15:03:57    Windows version 6.1 SP 1.0 Service Pack 1 build 7601 SM=0x300 PT=0x1 Win32
2013-06-16 15:03:57    Checking for updates...
2013-06-16 15:03:57    Update progress: proxy server not available
2013-06-16 15:03:58    Update error: failed to read remote metadata (error 4)
Cannot locate server for http://dci.sophosupd.com/update/4/c3/4c3dd7e45665ae0d045a6d5fdec844c8.xml
2013-06-16 15:04:09    Option all = no
2013-06-16 15:04:09    Option recurse = yes
2013-06-16 15:04:09    Option archive = no
2013-06-16 15:04:09    Option service = yes
2013-06-16 15:04:09    Option confirm = yes
2013-06-16 15:04:09    Option sxl = yes
2013-06-16 15:04:09    Option max-data-age = 35
2013-06-16 15:04:09    Component SVRTcli.exe version 2.3
2013-06-16 15:04:09    Component control.dll version 2.3
2013-06-16 15:04:09    Component SVRTservice.exe version 2.3
2013-06-16 15:04:09    Component engine\osdp.dll version 1.44.0.2091
2013-06-16 15:04:09    Component engine\veex.dll version 3.44.1.2091
2013-06-16 15:04:09    Component engine\savi.dll version 7.5.12.2091
2013-06-16 15:04:09    Component rkdisk.dll version 1.5.30.0
2013-06-16 15:04:09    Version info:    Product version    2.3
2013-06-16 15:04:09    Version info:    Detection engine    3.44.1
2013-06-16 15:04:09    Version info:    Detection data    4.90G
2013-06-16 15:04:09    Version info:    Build date    6/13/2013
2013-06-16 15:04:09    Version info:    Data files added    295
2013-06-16 15:04:09    Version info:    Last successful update    6/16/2013 3:02:28 PM

2013-06-16 15:04:16    Couldn't apply option 'SXLLiveProtection' to the detection engine.

2013-06-16 15:04:27    Scan completed.
2013-06-16 15:04:27    

------------------------------------------------------------

2013-06-16 15:05:13    Sophos Virus Removal Tool version 2.3
2013-06-16 15:05:13    Copyright © 2009-2012 Sophos Limited. All rights reserved.

2013-06-16 15:05:13    This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2013-06-16 15:05:13    Windows version 6.1 SP 1.0 Service Pack 1 build 7601 SM=0x300 PT=0x1 Win32
2013-06-16 15:05:13    Checking for updates...
2013-06-16 15:05:24    Option all = no
2013-06-16 15:05:24    Option recurse = yes
2013-06-16 15:05:24    Option archive = no
2013-06-16 15:05:24    Option service = yes
2013-06-16 15:05:24    Option confirm = yes
2013-06-16 15:05:24    Option sxl = yes
2013-06-16 15:05:24    Option max-data-age = 35
2013-06-16 15:05:24    Component SVRTcli.exe version 2.3
2013-06-16 15:05:24    Component control.dll version 2.3
2013-06-16 15:05:24    Component SVRTservice.exe version 2.3
2013-06-16 15:05:24    Component engine\osdp.dll version 1.44.0.2091
2013-06-16 15:05:24    Component engine\veex.dll version 3.44.1.2091
2013-06-16 15:05:24    Component engine\savi.dll version 7.5.12.2091
2013-06-16 15:05:24    Component rkdisk.dll version 1.5.30.0
2013-06-16 15:05:24    Version info:    Product version    2.3
2013-06-16 15:05:24    Version info:    Detection engine    3.44.1
2013-06-16 15:05:24    Version info:    Detection data    4.90G
2013-06-16 15:05:24    Version info:    Build date    6/13/2013
2013-06-16 15:05:24    Version info:    Data files added    295
2013-06-16 15:05:24    Version info:    Last successful update    6/16/2013 3:02:28 PM
2013-06-16 15:05:34    Update progress: proxy server not available
2013-06-16 15:05:39    Update not required

2013-06-16 15:05:54    Couldn't apply option 'SXLLiveProtection' to the detection engine.
2013-06-16 15:10:23    Warning: rootkit scan failed to open device "\\?\Volume{36b80146-8615-11e2-aa7a-806e6f6e6963}"
2013-06-16 15:10:31    Could not open C:\hiberfil.sys
2013-06-16 15:10:31    Could not open C:\pagefile.sys
2013-06-16 15:14:44    Could not open C:\System Volume Information\{02003078-d6a9-11e2-a792-386077835b4f}{3808876b-c176-4e48-b7ae-04046e6cc752}
2013-06-16 15:14:44    Could not open C:\System Volume Information\{0200307c-d6a9-11e2-a792-386077835b4f}{3808876b-c176-4e48-b7ae-04046e6cc752}
2013-06-16 15:14:44    Could not open C:\System Volume Information\{02ae1eb3-d6cf-11e2-b4d8-386077835b4f}{3808876b-c176-4e48-b7ae-04046e6cc752}
2013-06-16 15:14:44    Could not open C:\System Volume Information\{02ae1eb7-d6cf-11e2-b4d8-386077835b4f}{3808876b-c176-4e48-b7ae-04046e6cc752}
2013-06-16 15:14:44    Could not open C:\System Volume Information\{02ae1ecb-d6cf-11e2-b4d8-386077835b4f}{3808876b-c176-4e48-b7ae-04046e6cc752}
2013-06-16 15:14:44    Could not open C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
2013-06-16 15:14:44    Could not open C:\System Volume Information\{3b98c44e-d6cc-11e2-95ef-386077835b4f}{3808876b-c176-4e48-b7ae-04046e6cc752}
2013-06-16 15:14:44    Could not open C:\System Volume Information\{6b399962-d44c-11e2-ac99-386077835b4f}{3808876b-c176-4e48-b7ae-04046e6cc752}
2013-06-16 15:20:31    Could not open C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
2013-06-16 15:20:31    Could not open C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
2013-06-16 15:20:37    Could not open C:\Windows\System32\config\RegBack\DEFAULT
2013-06-16 15:20:37    Could not open C:\Windows\System32\config\RegBack\SAM
2013-06-16 15:20:37    Could not open C:\Windows\System32\config\RegBack\SECURITY
2013-06-16 15:20:37    Could not open C:\Windows\System32\config\RegBack\SOFTWARE
2013-06-16 15:20:37    Could not open C:\Windows\System32\config\RegBack\SYSTEM
2013-06-16 15:35:24    Could not open LOGICAL:0003:00000000
2013-06-16 15:35:24    Could not open D:\
2013-06-16 15:35:24    Could not open LOGICAL:0005:00000000
2013-06-16 15:35:24    Could not open F:\
2013-06-16 15:35:24    Could not open PHYSICAL:0081:0000:0000:0001

2013-06-16 15:41:21    Scan completed.
2013-06-16 15:41:21    

------------------------------------------------------------

2013-06-16 15:43:01    Sophos Virus Removal Tool version 2.3
2013-06-16 15:43:01    Copyright © 2009-2012 Sophos Limited. All rights reserved.

2013-06-16 15:43:01    This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2013-06-16 15:43:01    Windows version 6.1 SP 1.0 Service Pack 1 build 7601 SM=0x300 PT=0x1 Win32

2013-06-16 15:43:02    Scan completed.
2013-06-16 15:43:02    

------------------------------------------------------------

2013-06-16 15:53:21    Sophos Virus Removal Tool version 2.3
2013-06-16 15:53:21    Copyright © 2009-2012 Sophos Limited. All rights reserved.

2013-06-16 15:53:21    This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2013-06-16 15:53:21    Windows version 6.1 SP 1.0 Service Pack 1 build 7601 SM=0x300 PT=0x1 Win32
2013-06-16 15:53:21    Checking for updates...
2013-06-16 15:53:30    Update progress: proxy server not configured
2013-06-16 15:53:32    Option all = no
2013-06-16 15:53:32    Option recurse = yes
2013-06-16 15:53:32    Option archive = no
2013-06-16 15:53:32    Option service = yes
2013-06-16 15:53:32    Option confirm = yes
2013-06-16 15:53:32    Option sxl = yes
2013-06-16 15:53:32    Option max-data-age = 35
2013-06-16 15:53:32    Component SVRTcli.exe version 2.3
2013-06-16 15:53:32    Component control.dll version 2.3
2013-06-16 15:53:32    Component SVRTservice.exe version 2.3
2013-06-16 15:53:32    Component engine\osdp.dll version 1.44.0.2091
2013-06-16 15:53:32    Component engine\veex.dll version 3.44.1.2091
2013-06-16 15:53:32    Component engine\savi.dll version 7.5.12.2091
2013-06-16 15:53:32    Component rkdisk.dll version 1.5.30.0
2013-06-16 15:53:32    Version info:    Product version    2.3
2013-06-16 15:53:32    Version info:    Detection engine    3.44.1
2013-06-16 15:53:32    Version info:    Detection data    4.90
2013-06-16 15:53:32    Version info:    Build date    6/13/2013
2013-06-16 15:53:32    Version info:    Data files added    295
2013-06-16 15:53:32    Version info:    Last successful update    (not yet updated)
2013-06-16 15:56:12    Downloading updates...
2013-06-16 15:56:12    Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0
2013-06-16 15:56:12    Update progress: [I49502] Found supplement SAVIW32 LATEST 4
2013-06-16 15:56:12    Update progress: [I49502] Found supplement IDE491 LATEST
2013-06-16 15:56:12    Update progress: [I49502] Found supplement IDE492 LATEST
2013-06-16 15:56:12    Update progress: [I49502] Found supplement IDE493 LATEST
2013-06-16 15:56:12    Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1
2013-06-16 15:56:12    Update progress: [I19463] Syncing product SAVIW32 29
2013-06-16 15:56:18    Update progress: [I19463] Syncing product IDE491 181
2013-06-16 15:56:19    Installing updates...
2013-06-16 15:56:20    Update progress: [I19463] Syncing product IDE492 118
2013-06-16 15:56:20    Update progress: [I19463] Syncing product IDE493 1
2013-06-16 15:56:33    Update successful
2013-06-16 15:56:48    Option all = no
2013-06-16 15:56:48    Option recurse = yes
2013-06-16 15:56:48    Option archive = no
2013-06-16 15:56:48    Option service = yes
2013-06-16 15:56:48    Option confirm = yes
2013-06-16 15:56:48    Option sxl = yes
2013-06-16 15:56:48    Option max-data-age = 35
2013-06-16 15:56:48    Component SVRTcli.exe version 2.3
2013-06-16 15:56:48    Component control.dll version 2.3
2013-06-16 15:56:48    Component SVRTservice.exe version 2.3
2013-06-16 15:56:48    Component engine\osdp.dll version 1.44.0.2091
2013-06-16 15:56:48    Component engine\veex.dll version 3.44.1.2091
2013-06-16 15:56:48    Component engine\savi.dll version 7.5.12.2091
2013-06-16 15:56:48    Component rkdisk.dll version 1.5.30.0
2013-06-16 15:56:48    Version info:    Product version    2.3
2013-06-16 15:56:48    Version info:    Detection engine    3.44.1
2013-06-16 15:56:48    Version info:    Detection data    4.90G
2013-06-16 15:56:48    Version info:    Build date    6/13/2013
2013-06-16 15:56:48    Version info:    Data files added    295
2013-06-16 15:56:48    Version info:    Last successful update    6/16/2013 3:56:33 PM

2013-06-16 15:57:05    Couldn't apply option 'SXLLiveProtection' to the detection engine.
2013-06-16 16:01:36    Warning: rootkit scan failed to open device "\\?\Volume{36b80146-8615-11e2-aa7a-806e6f6e6963}"
2013-06-16 16:01:45    Could not open C:\hiberfil.sys
2013-06-16 16:01:45    Could not open C:\pagefile.sys
2013-06-16 16:06:04    Could not open C:\System Volume Information\{02003078-d6a9-11e2-a792-386077835b4f}{3808876b-c176-4e48-b7ae-04046e6cc752}
2013-06-16 16:06:04    Could not open C:\System Volume Information\{0200307c-d6a9-11e2-a792-386077835b4f}{3808876b-c176-4e48-b7ae-04046e6cc752}
2013-06-16 16:06:04    Could not open C:\System Volume Information\{02ae1eb3-d6cf-11e2-b4d8-386077835b4f}{3808876b-c176-4e48-b7ae-04046e6cc752}
2013-06-16 16:06:04    Could not open C:\System Volume Information\{02ae1eb7-d6cf-11e2-b4d8-386077835b4f}{3808876b-c176-4e48-b7ae-04046e6cc752}
2013-06-16 16:06:04    Could not open C:\System Volume Information\{02ae1ecb-d6cf-11e2-b4d8-386077835b4f}{3808876b-c176-4e48-b7ae-04046e6cc752}
2013-06-16 16:06:04    Could not open C:\System Volume Information\{02ae1ed7-d6cf-11e2-b4d8-386077835b4f}{3808876b-c176-4e48-b7ae-04046e6cc752}
2013-06-16 16:06:04    Could not open C:\System Volume Information\{02ae1edb-d6cf-11e2-b4d8-386077835b4f}{3808876b-c176-4e48-b7ae-04046e6cc752}
2013-06-16 16:06:04    Could not open C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
2013-06-16 16:06:04    Could not open C:\System Volume Information\{3b98c44e-d6cc-11e2-95ef-386077835b4f}{3808876b-c176-4e48-b7ae-04046e6cc752}
2013-06-16 16:06:04    Could not open C:\System Volume Information\{6b399962-d44c-11e2-ac99-386077835b4f}{3808876b-c176-4e48-b7ae-04046e6cc752}
2013-06-16 16:06:04    Could not open C:\System Volume Information\{77d12242-d6d6-11e2-aa9a-386077835b4f}{3808876b-c176-4e48-b7ae-04046e6cc752}
2013-06-16 16:11:55    Could not open C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
2013-06-16 16:11:55    Could not open C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
2013-06-16 16:12:01    Could not open C:\Windows\System32\config\RegBack\DEFAULT
2013-06-16 16:12:01    Could not open C:\Windows\System32\config\RegBack\SAM
2013-06-16 16:12:01    Could not open C:\Windows\System32\config\RegBack\SECURITY
2013-06-16 16:12:01    Could not open C:\Windows\System32\config\RegBack\SOFTWARE
2013-06-16 16:12:01    Could not open C:\Windows\System32\config\RegBack\SYSTEM
2013-06-16 16:26:43    Could not open LOGICAL:0003:00000000
2013-06-16 16:26:43    Could not open D:\
2013-06-16 16:26:43    Could not open LOGICAL:0005:00000000
2013-06-16 16:26:43    Could not open F:\
2013-06-16 16:26:43    Could not open PHYSICAL:0081:0000:0000:0001

2013-06-16 16:28:20    Scan completed.
2013-06-16 16:28:20    

------------------------------------------------------------
 



#30 The Dark Knight

The Dark Knight

    Malware Vigilante


  • Members
  • 651 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:59 AM

Posted 17 June 2013 - 07:26 PM

Hello Slayer90,

 

OK well none of your logs so far have shown any signs of a nasty infection.

 

This is time consuming for you, so would you like to reformat? I am happy to keep helping you if you wish to not reformat. :)


If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!


If I have helped you please consider donating to the Neuroscience Research Institute.


Posted Image
Posted Image





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users