Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My MBR is Infected,i need help


  • This topic is locked This topic is locked
31 replies to this topic

#1 Satoru PC Newbie

Satoru PC Newbie

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Malaysia
  • Local time:03:27 PM

Posted 22 November 2011 - 07:43 AM

this is my DDS requested from http://www.bleepingcomputer.com/forums/topic428521.html/page__st__15




.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Dell Inspiron N4010 at 20:10:46 on 2011-11-22
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3957.2394 [GMT 8:00]
.
AV: Kaspersky Anti-Virus *Enabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
SP: Kaspersky Anti-Virus *Enabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe
c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\Roxio Burn.exe
C:\Windows\system32\taskhost.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\REGSVR32.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uDefault_Page_URL = hxxp://www1.ap.dell.com/content/default.aspx?c=my&l=en&s=gen
mStart Page = about:blank
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: SSOIEAddonBHO Class: {da5bce70-d057-4d63-943d-5f3927ec59f1} - C:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [FATrayAlert] C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [FAStartup]
StartupFolder: C:\Users\DELLIN~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{4030AFE0-4D65-4191-9296-C28BAB28AE32} : DhcpNameServer = 18.0.0.1 18.0.0.2
TCP: Interfaces\{EAE6336C-5BFD-429C-89D5-6E835635BE28} : DhcpNameServer = 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Notify: FastAccess - C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll
LSA: Notification Packages = scecli FAPassSync
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll
BHO-X64: IEVkbdBHO - No File
BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: SSOIEAddonBHO Class: {DA5BCE70-D057-4D63-943D-5F3927EC59F1} - C:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll
BHO-X64: SSOIEAddonBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll
BHO-X64: link filter bho - No File
mRun-x64: [(Default)]
mRun-x64: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [FATrayAlert] C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
mRun-x64: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun-x64: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [FAStartup]
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Dell Inspiron N4010\AppData\Roaming\Mozilla\Firefox\Profiles\4bbkyunl.default\
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-connections-per-server - 6
FF - user.js: network.http.max-persistent-connections-per-server - 3
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 kl2;kl2;C:\Windows\system32\DRIVERS\kl2.sys --> C:\Windows\system32\DRIVERS\kl2.sys [?]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys --> C:\Windows\system32\DRIVERS\klim6.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-12-15 98208]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe [2011-4-24 202296]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 FAService;FAService;C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe [2010-8-18 2423936]
R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-26 2823000]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-12-15 1692480]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2011-6-7 2026304]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-15 2533400]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atipmdag.sys --> C:\Windows\system32\DRIVERS\atipmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\system32\DRIVERS\klmouflt.sys --> C:\Windows\system32\DRIVERS\klmouflt.sys [?]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [2010-8-19 11856]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-11-20 366152]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-9-4 219632]
S3 btusbflt;Bluetooth USB Filter;C:\Windows\system32\drivers\btusbflt.sys --> C:\Windows\system32\drivers\btusbflt.sys [?]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
S3 FACAP;facap, FastAccess Video Capture;C:\Windows\system32\DRIVERS\facap.sys --> C:\Windows\system32\DRIVERS\facap.sys [?]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-3-6 340240]
S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\Dell Support Center\pcdsrvc_x64.pkms [2010-7-31 25072]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-9-4 1116656]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-11-3 126352]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2011-11-22 10:39:52 -------- d-----w- C:\game
2011-11-22 08:35:00 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3007BA0A-AD49-429C-80BD-717A58C6E7BE}\offreg.dll
2011-11-20 08:34:36 -------- d-----w- C:\Users\Dell Inspiron N4010\AppData\Roaming\Malwarebytes
2011-11-20 08:34:28 -------- d-----w- C:\ProgramData\Malwarebytes
2011-11-20 08:34:24 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-11-19 15:42:06 -------- d-----w- C:\Users\Dell Inspiron N4010\AppData\Roaming\X-men Origins - Wolverine
2011-11-19 15:08:44 -------- d-----w- C:\Program Files (x86)\R.G. Mechanics
2011-11-18 19:16:59 -------- d-----w- C:\Users\Dell Inspiron N4010\AppData\Local\Broadcom
2011-11-18 06:22:32 8570192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3007BA0A-AD49-429C-80BD-717A58C6E7BE}\mpengine.dll
2011-11-17 03:52:58 -------- d-----w- C:\ProgramData\Electronic Arts
2011-11-17 03:52:58 -------- d-----w- C:\ProgramData\EA Core
2011-11-16 11:53:54 -------- d-----w- C:\Users\Dell Inspiron N4010\AppData\Local\Activision
2011-11-16 07:36:30 -------- d-----w- C:\Users\Dell Inspiron N4010\AppData\Local\Diagnostics
2011-11-11 16:21:29 540688 ----a-w- C:\Windows\System32\d3dx10_39.dll
2011-11-11 16:21:29 467984 ----a-w- C:\Windows\SysWow64\d3dx10_39.dll
2011-11-11 16:21:29 1942552 ----a-w- C:\Windows\System32\D3DCompiler_39.dll
2011-11-11 16:21:29 1493528 ----a-w- C:\Windows\SysWow64\D3DCompiler_39.dll
2011-11-11 16:21:27 4992520 ----a-w- C:\Windows\System32\D3DX9_39.dll
2011-11-11 16:21:27 3851784 ----a-w- C:\Windows\SysWow64\D3DX9_39.dll
2011-11-11 16:07:52 -------- d-----w- C:\Users\Dell Inspiron N4010\AppData\Roaming\THQ
2011-11-11 15:24:40 -------- d-----w- C:\Users\Dell Inspiron N4010\AppData\Local\CAPCOM
2011-11-11 14:43:58 -------- d-----w- C:\Users\Dell Inspiron N4010\AppData\Roaming\Microsoft Games
2011-11-11 11:49:44 8570192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2011-11-11 11:18:58 238088 ----a-w- C:\Windows\SysWow64\xactengine3_2.dll
2011-11-11 11:16:27 -------- d-----w- C:\ProgramData\Solidshield
2011-11-11 11:11:07 489480 ----a-w- C:\Windows\System32\XAudio2_0.dll
2011-11-11 11:11:07 479752 ----a-w- C:\Windows\SysWow64\XAudio2_0.dll
2011-11-11 11:11:03 238088 ----a-w- C:\Windows\SysWow64\xactengine3_0.dll
2011-11-11 11:11:03 177672 ----a-w- C:\Windows\System32\xactengine3_0.dll
2011-11-11 11:11:02 28168 ----a-w- C:\Windows\System32\X3DAudio1_3.dll
2011-11-11 11:11:02 25608 ----a-w- C:\Windows\SysWow64\X3DAudio1_3.dll
2011-11-11 11:11:00 529424 ----a-w- C:\Windows\System32\d3dx10_37.dll
2011-11-11 11:11:00 1860120 ----a-w- C:\Windows\System32\D3DCompiler_37.dll
2011-11-11 11:10:57 4910088 ----a-w- C:\Windows\System32\D3DX9_37.dll
2011-11-11 10:36:23 -------- d-----w- C:\Program Files (x86)\RESIDENT EVIL 5
2011-11-11 10:27:30 -------- d-----w- C:\Program Files (x86)\Activision
2011-11-11 10:25:50 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation
2011-11-11 10:25:37 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2011-11-11 10:23:29 -------- d-----w- C:\Windows\SysWow64\directx
2011-11-11 09:24:38 -------- d-----w- C:\Program Files (x86)\R.G. Catalyst
2011-11-11 08:50:10 -------- d-----w- C:\Program Files (x86)\Prototype
2011-11-11 08:26:28 -------- d-----w- C:\Program Files (x86)\Capcom
2011-11-11 08:19:56 73728 ----a-w- C:\Windows\SysWow64\ISUSPM.cpl
2011-11-11 08:19:56 213936 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe
2011-11-11 08:19:56 -------- d-----w- C:\Program Files (x86)\THQ
2011-11-11 08:19:54 86960 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
2011-11-11 08:19:54 865200 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\UpdateService\agent.exe
2011-11-11 08:19:54 393216 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\UpdateService\_isusres.dll
2011-11-11 08:19:54 368640 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\UpdateService\_ispmres.dll
2011-11-11 08:19:54 283568 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISDM.exe
2011-11-11 08:02:57 453456 ----a-w- C:\Windows\SysWow64\d3dx10_42.dll
2011-11-11 08:01:40 74072 ----a-w- C:\Windows\SysWow64\XAPOFX1_4.dll
2011-11-11 08:01:40 528216 ----a-w- C:\Windows\SysWow64\XAudio2_6.dll
2011-11-11 08:01:40 1974616 ----a-w- C:\Windows\SysWow64\D3DCompiler_42.dll
2011-11-11 08:01:39 1892184 ----a-w- C:\Windows\SysWow64\D3DX9_42.dll
2011-11-11 06:25:04 -------- d-----w- C:\Program Files (x86)\Lost Planet 2
2011-11-11 06:23:02 462864 ----a-w- C:\Windows\SysWow64\d3dx10_37.dll
2011-11-11 06:23:02 3786760 ----a-w- C:\Windows\SysWow64\D3DX9_37.dll
2011-11-11 06:23:02 1420824 ----a-w- C:\Windows\SysWow64\D3DCompiler_37.dll
2011-11-11 06:22:33 -------- d-----w- C:\Windows\SysWow64\xlive
2011-11-11 06:22:33 -------- d-----w- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2011-11-11 06:03:40 -------- d-----w- C:\Program Files (x86)\VALVe
2011-11-11 05:38:47 -------- d-----w- C:\Program Files (x86)\Common Files\Datalode
2011-11-11 05:38:29 -------- d-----w- C:\Program Files (x86)\Runic Games
2011-11-11 05:23:25 175616 ----a-w- C:\Windows\SysWow64\unrar.dll
2011-11-11 05:23:24 839680 ----a-w- C:\Windows\SysWow64\lameACM.acm
2011-11-11 05:23:24 74752 ----a-w- C:\Windows\SysWow64\ff_vfw.dll
2011-11-11 05:23:24 650752 ----a-w- C:\Windows\SysWow64\xvidcore.dll
2011-11-11 05:23:24 243200 ----a-w- C:\Windows\SysWow64\xvidvfw.dll
2011-11-11 05:23:24 151552 ----a-w- C:\Windows\SysWow64\ac3acm.acm
2011-11-11 05:23:22 -------- d-----w- C:\Program Files (x86)\K-Lite Codec Pack
2011-11-11 05:01:14 -------- d-----w- C:\Users\Dell Inspiron N4010\AppData\Roaming\PCDr
2011-11-11 05:00:13 -------- d-----w- C:\ProgramData\PCDr
2011-11-10 15:31:40 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-10 11:04:17 -------- d-----w- C:\Windows\SysWow64\Adobe
2011-11-10 10:21:52 -------- d-----w- C:\Users\Dell Inspiron N4010\AppData\Local\ElevatedDiagnostics
2011-11-10 01:02:12 -------- d-----w- C:\Windows\SMINST
2011-11-09 22:10:47 34624 ----a-w- C:\Windows\System32\TURegOpt.exe
2011-11-09 22:10:42 36160 ----a-w- C:\Windows\System32\uxtuneup.dll
2011-11-09 22:10:42 29504 ----a-w- C:\Windows\SysWow64\uxtuneup.dll
2011-11-09 22:10:41 25920 ----a-w- C:\Windows\System32\authuitu.dll
2011-11-09 22:10:41 21312 ----a-w- C:\Windows\SysWow64\authuitu.dll
2011-11-09 22:10:35 -------- d-----w- C:\Users\Dell Inspiron N4010\AppData\Roaming\TuneUp Software
2011-11-09 22:06:02 -------- d-----w- C:\Program Files (x86)\TuneUp Utilities 2011
2011-11-09 22:03:39 -------- d-----w- C:\ProgramData\TuneUp Software
2011-11-09 21:11:29 -------- d-----w- C:\f3e69fc8c2d9f3bb31fbe689
2011-11-09 21:04:42 -------- d-----w- C:\Windows\System32\SPReview
2011-11-09 21:04:17 -------- d-----w- C:\Windows\System32\EventProviders
2011-11-09 20:43:56 3650560 ----a-w- C:\Windows\System32\MSVidCtl.dll
2011-11-09 20:40:59 76800 ----a-w- C:\Windows\System32\drivers\hidclass.sys
2011-11-09 20:39:59 91648 ----a-w- C:\Windows\System32\mapistub.dll
2011-11-09 20:38:37 189952 ----a-w- C:\Windows\SysWow64\sqmapi.dll
2011-11-09 20:36:48 606208 ----a-w- C:\Windows\SysWow64\wbem\fastprox.dll
2011-11-09 20:36:48 363008 ----a-w- C:\Windows\SysWow64\wbemcomn.dll
2011-11-09 20:36:48 189952 ----a-w- C:\Program Files (x86)\Windows Portable Devices\sqmapi.dll
2011-11-09 20:31:22 529408 ----a-w- C:\Windows\System32\wbemcomn.dll
2011-11-09 20:31:22 244736 ----a-w- C:\Program Files\Windows Portable Devices\sqmapi.dll
2011-11-09 20:31:15 244736 ----a-w- C:\Windows\System32\sqmapi.dll
2011-11-09 19:37:23 -------- d-----w- C:\Users\Dell Inspiron N4010\AppData\Local\Sonic_Solutions
2011-11-09 19:33:36 1659776 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2011-11-09 19:33:35 96768 ----a-w- C:\Windows\System32\fsutil.exe
2011-11-09 19:33:35 74240 ----a-w- C:\Windows\SysWow64\fsutil.exe
2011-11-09 19:33:35 410496 ----a-w- C:\Windows\System32\drivers\iaStorV.sys
2011-11-09 19:33:35 27008 ----a-w- C:\Windows\System32\drivers\amdxata.sys
2011-11-09 19:33:35 2565632 ----a-w- C:\Windows\System32\esent.dll
2011-11-09 19:33:35 189824 ----a-w- C:\Windows\System32\drivers\storport.sys
2011-11-09 19:33:35 1699328 ----a-w- C:\Windows\SysWow64\esent.dll
2011-11-09 19:33:35 166272 ----a-w- C:\Windows\System32\drivers\nvstor.sys
2011-11-09 19:33:35 148352 ----a-w- C:\Windows\System32\drivers\nvraid.sys
2011-11-09 19:33:35 107904 ----a-w- C:\Windows\System32\drivers\amdsata.sys
2011-11-09 19:31:59 80384 ----a-w- C:\Windows\System32\drivers\BTHUSB.SYS
2011-11-09 19:31:59 552960 ----a-w- C:\Windows\System32\drivers\bthport.sys
2011-11-09 19:31:59 229376 ----a-w- C:\Windows\System32\fsquirt.exe
2011-11-09 19:31:58 98816 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2011-11-09 19:31:58 7936 ----a-w- C:\Windows\System32\drivers\usbd.sys
2011-11-09 19:31:58 52736 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2011-11-09 19:31:58 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2011-11-09 19:31:58 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2011-11-09 19:31:58 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2011-11-09 19:31:58 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2011-11-09 17:30:47 -------- d-----w- C:\Windows\SysWow64\Wat
2011-11-09 17:30:47 -------- d-----w- C:\Windows\System32\Wat
2011-11-09 17:04:33 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
2011-11-09 15:52:46 499200 ----a-w- C:\Windows\System32\drivers\afd.sys
2011-11-09 15:51:52 321024 ----a-w- C:\Windows\System32\d3d10_1core.dll
2011-11-09 15:51:52 219136 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2011-11-09 15:51:52 197120 ----a-w- C:\Windows\System32\d3d10_1.dll
2011-11-09 15:51:52 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2011-11-09 15:51:13 2871808 ----a-w- C:\Windows\explorer.exe
2011-11-09 15:51:13 2616320 ----a-w- C:\Windows\SysWow64\explorer.exe
2011-11-09 15:49:42 27520 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2011-11-09 15:49:23 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2011-11-09 15:49:23 331776 ----a-w- C:\Windows\System32\oleacc.dll
2011-11-09 15:49:23 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
2011-11-09 15:49:22 974336 ----a-w- C:\Windows\System32\WFS.exe
2011-11-09 15:49:22 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2011-11-09 15:49:22 267776 ----a-w- C:\Windows\System32\FXSCOVER.exe
2011-11-09 15:49:21 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys
2011-11-09 15:48:58 64512 ----a-w- C:\Windows\SysWow64\devobj.dll
2011-11-09 15:48:58 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll
2011-11-09 15:48:58 404480 ----a-w- C:\Windows\System32\umpnpmgr.dll
2011-11-09 15:48:58 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe
2011-11-09 15:48:58 207872 ----a-w- C:\Windows\System32\cfgmgr32.dll
2011-11-09 15:48:58 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll
2011-11-09 15:48:45 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2011-11-09 15:48:45 741376 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2011-11-09 15:48:44 31232 ----a-w- C:\Windows\SysWow64\prevhost.exe
2011-11-09 15:48:44 31232 ----a-w- C:\Windows\System32\prevhost.exe
2011-11-09 13:26:15 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-11-09 00:18:36 -------- d-----w- C:\ProgramData\Kaspersky Lab
2011-11-09 00:18:36 -------- d-----w- C:\Program Files (x86)\Kaspersky Lab
2011-11-09 00:18:22 -------- d-----w- C:\Users\Dell Inspiron N4010\AppData\Roaming\Macrovision
2011-11-09 00:15:58 -------- d-----w- C:\Users\Dell Inspiron N4010\AppData\Roaming\Roxio Burn
2011-11-08 23:43:08 -------- d-----w- C:\Users\Dell Inspiron N4010\AppData\Roaming\Dell
2011-11-08 23:43:03 -------- d-----w- C:\Users\Dell Inspiron N4010\AppData\Roaming\Intel
2011-11-08 23:42:59 -------- d-----w- C:\Users\Dell Inspiron N4010\AppData\Local\Stardock_Corporation
2011-11-08 23:42:56 -------- d-----w- C:\Users\Dell Inspiron N4010\AppData\Local\ATI
2011-11-08 23:42:08 -------- d-sh--w- C:\$RECYCLE.BIN
2011-11-08 23:42:07 -------- d-----w- C:\Users\Dell Inspiron N4010\AppData\Local\VirtualStore
.
==================== Find3M ====================
.
2011-11-09 21:25:46 175616 ----a-w- C:\Windows\System32\msclmd.dll
2011-11-09 21:25:46 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2011-10-02 21:06:03 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-09-29 16:29:28 1923952 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-09-29 04:03:32 3144704 ----a-w- C:\Windows\System32\win32k.sys
.
============= FINISH: 20:18:48.29 ===============

Please help me doing this.If i need to do back to the beginning,I will follow it.
All help are highly appreciated thanks :thumbup2:

EDIT: Please be patient. There are over 60 unanswered topics in this forum at present and the current average wait time to receive help is 4 days. ~Budapest

Edited by Budapest, 23 November 2011 - 04:55 PM.


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,669 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:27 PM

Posted 27 November 2011 - 07:45 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/428875 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Satoru PC Newbie

Satoru PC Newbie
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Malaysia
  • Local time:03:27 PM

Posted 28 November 2011 - 08:17 AM

Hi,I'm Using Windows 7 Home Premium 64-Bit so I'll Skip the GMER

Here is my DDS Log:


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Dell Inspiron N4010 at 21:01:14 on 2011-11-28
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3957.2551 [GMT 8:00]
.
AV: Kaspersky Anti-Virus *Disabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
SP: Kaspersky Anti-Virus *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe
c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\taskhost.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Program Files (x86)\WinRAR\RarExtLoader.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\REGSVR32.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uDefault_Page_URL = hxxp://www1.ap.dell.com/content/default.aspx?c=my&l=en&s=gen
mStart Page = about:blank
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: SSOIEAddonBHO Class: {da5bce70-d057-4d63-943d-5f3927ec59f1} - C:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [FATrayAlert] C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\Users\DELLIN~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{4030AFE0-4D65-4191-9296-C28BAB28AE32} : DhcpNameServer = 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Notify: FastAccess - C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll
LSA: Notification Packages = scecli FAPassSync
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll
BHO-X64: IEVkbdBHO - No File
BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: SSOIEAddonBHO Class: {DA5BCE70-D057-4D63-943D-5F3927EC59F1} - C:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll
BHO-X64: SSOIEAddonBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll
BHO-X64: link filter bho - No File
mRun-x64: [(Default)]
mRun-x64: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [FATrayAlert] C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
mRun-x64: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun-x64: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Dell Inspiron N4010\AppData\Roaming\Mozilla\Firefox\Profiles\4bbkyunl.default\
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-connections-per-server - 6
FF - user.js: network.http.max-persistent-connections-per-server - 3
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 kl2;kl2;C:\Windows\system32\DRIVERS\kl2.sys --> C:\Windows\system32\DRIVERS\kl2.sys [?]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys --> C:\Windows\system32\DRIVERS\klim6.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-12-15 98208]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe [2011-4-24 202296]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 FAService;FAService;C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe [2010-8-18 2423936]
R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-26 2823000]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-12-15 1692480]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2011-6-7 2026304]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-15 2533400]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atipmdag.sys --> C:\Windows\system32\DRIVERS\atipmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\system32\DRIVERS\klmouflt.sys --> C:\Windows\system32\DRIVERS\klmouflt.sys [?]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [2010-8-19 11856]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-11-20 366152]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-9-4 219632]
S3 btusbflt;Bluetooth USB Filter;C:\Windows\system32\drivers\btusbflt.sys --> C:\Windows\system32\drivers\btusbflt.sys [?]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
S3 FACAP;facap, FastAccess Video Capture;C:\Windows\system32\DRIVERS\facap.sys --> C:\Windows\system32\DRIVERS\facap.sys [?]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-3-6 340240]
S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\Dell Support Center\pcdsrvc_x64.pkms [2010-7-31 25072]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-9-4 1116656]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-11-3 126352]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2011-11-28 10:20:42 -------- d-----w- C:\Program Files (x86)\Xplosiv
2011-11-28 10:20:21 692224 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll
2011-11-28 10:20:21 57344 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll
2011-11-28 10:20:21 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe
2011-11-28 10:20:21 237568 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll
2011-11-28 10:20:21 155648 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll
2011-11-28 10:20:19 282756 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll
2011-11-28 10:20:19 163972 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll
2011-11-26 18:46:41 8570192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{BC1B64A1-2945-40A9-8F9F-09C4CE33C6BA}\mpengine.dll
2011-11-22 10:39:52 -------- d-----w- C:\game
2011-11-20 08:34:36 -------- d-----w- C:\Users\Dell Inspiron N4010\AppData\Roaming\Malwarebytes
2011-11-20 08:34:28 -------- d-----w- C:\ProgramData\Malwarebytes
2011-11-20 08:34:24 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-11-19 15:42:06 -------- d-----w- C:\Users\Dell Inspiron N4010\AppData\Roaming\X-men Origins - Wolverine
2011-11-19 15:08:44 -------- d-----w- C:\Program Files (x86)\R.G. Mechanics
2011-11-18 19:16:59 -------- d-----w- C:\Users\Dell Inspiron N4010\AppData\Local\Broadcom
2011-11-17 03:52:58 -------- d-----w- C:\ProgramData\Electronic Arts
2011-11-17 03:52:58 -------- d-----w- C:\ProgramData\EA Core
2011-11-16 11:53:54 -------- d-----w- C:\Users\Dell Inspiron N4010\AppData\Local\Activision
2011-11-16 07:36:30 -------- d-----w- C:\Users\Dell Inspiron N4010\AppData\Local\Diagnostics
2011-11-11 16:21:29 540688 ----a-w- C:\Windows\System32\d3dx10_39.dll
2011-11-11 16:21:29 467984 ----a-w- C:\Windows\SysWow64\d3dx10_39.dll
2011-11-11 16:21:29 1942552 ----a-w- C:\Windows\System32\D3DCompiler_39.dll
2011-11-11 16:21:29 1493528 ----a-w- C:\Windows\SysWow64\D3DCompiler_39.dll
2011-11-11 16:21:27 4992520 ----a-w- C:\Windows\System32\D3DX9_39.dll
2011-11-11 16:21:27 3851784 ----a-w- C:\Windows\SysWow64\D3DX9_39.dll
2011-11-11 16:07:52 -------- d-----w- C:\Users\Dell Inspiron N4010\AppData\Roaming\THQ
2011-11-11 15:24:40 -------- d-----w- C:\Users\Dell Inspiron N4010\AppData\Local\CAPCOM
2011-11-11 14:43:58 -------- d-----w- C:\Users\Dell Inspiron N4010\AppData\Roaming\Microsoft Games
2011-11-11 11:49:44 8570192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2011-11-11 11:18:58 238088 ----a-w- C:\Windows\SysWow64\xactengine3_2.dll
2011-11-11 11:16:27 -------- d-----w- C:\ProgramData\Solidshield
2011-11-11 11:11:07 489480 ----a-w- C:\Windows\System32\XAudio2_0.dll
2011-11-11 11:11:07 479752 ----a-w- C:\Windows\SysWow64\XAudio2_0.dll
2011-11-11 11:11:03 238088 ----a-w- C:\Windows\SysWow64\xactengine3_0.dll
2011-11-11 11:11:03 177672 ----a-w- C:\Windows\System32\xactengine3_0.dll
2011-11-11 11:11:02 28168 ----a-w- C:\Windows\System32\X3DAudio1_3.dll
2011-11-11 11:11:02 25608 ----a-w- C:\Windows\SysWow64\X3DAudio1_3.dll
2011-11-11 11:11:00 529424 ----a-w- C:\Windows\System32\d3dx10_37.dll
2011-11-11 11:11:00 1860120 ----a-w- C:\Windows\System32\D3DCompiler_37.dll
2011-11-11 11:10:57 4910088 ----a-w- C:\Windows\System32\D3DX9_37.dll
2011-11-11 10:36:23 -------- d-----w- C:\Program Files (x86)\RESIDENT EVIL 5
2011-11-11 10:27:30 -------- d-----w- C:\Program Files (x86)\Activision
2011-11-11 10:25:50 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation
2011-11-11 10:25:37 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2011-11-11 10:23:29 -------- d-----w- C:\Windows\SysWow64\directx
2011-11-11 09:24:38 -------- d-----w- C:\Program Files (x86)\R.G. Catalyst
2011-11-11 08:50:10 -------- d-----w- C:\Program Files (x86)\Prototype
2011-11-11 08:26:28 -------- d-----w- C:\Program Files (x86)\Capcom
2011-11-11 08:19:56 73728 ----a-w- C:\Windows\SysWow64\ISUSPM.cpl
2011-11-11 08:19:56 213936 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe
2011-11-11 08:19:56 -------- d-----w- C:\Program Files (x86)\THQ
2011-11-11 08:19:54 86960 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
2011-11-11 08:19:54 865200 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\UpdateService\agent.exe
2011-11-11 08:19:54 393216 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\UpdateService\_isusres.dll
2011-11-11 08:19:54 368640 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\UpdateService\_ispmres.dll
2011-11-11 08:19:54 283568 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISDM.exe
2011-11-11 08:02:57 453456 ----a-w- C:\Windows\SysWow64\d3dx10_42.dll
2011-11-11 08:01:40 74072 ----a-w- C:\Windows\SysWow64\XAPOFX1_4.dll
2011-11-11 08:01:40 528216 ----a-w- C:\Windows\SysWow64\XAudio2_6.dll
2011-11-11 08:01:40 1974616 ----a-w- C:\Windows\SysWow64\D3DCompiler_42.dll
2011-11-11 08:01:39 1892184 ----a-w- C:\Windows\SysWow64\D3DX9_42.dll
2011-11-11 06:25:04 -------- d-----w- C:\Program Files (x86)\Lost Planet 2
2011-11-11 06:23:02 462864 ----a-w- C:\Windows\SysWow64\d3dx10_37.dll
2011-11-11 06:23:02 3786760 ----a-w- C:\Windows\SysWow64\D3DX9_37.dll
2011-11-11 06:23:02 1420824 ----a-w- C:\Windows\SysWow64\D3DCompiler_37.dll
2011-11-11 06:22:33 -------- d-----w- C:\Windows\SysWow64\xlive
2011-11-11 06:22:33 -------- d-----w- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2011-11-11 06:03:40 -------- d-----w- C:\Program Files (x86)\VALVe
2011-11-11 05:38:47 -------- d-----w- C:\Program Files (x86)\Common Files\Datalode
2011-11-11 05:38:29 -------- d-----w- C:\Program Files (x86)\Runic Games
2011-11-11 05:23:25 175616 ----a-w- C:\Windows\SysWow64\unrar.dll
2011-11-11 05:23:24 839680 ----a-w- C:\Windows\SysWow64\lameACM.acm
2011-11-11 05:23:24 74752 ----a-w- C:\Windows\SysWow64\ff_vfw.dll
2011-11-11 05:23:24 650752 ----a-w- C:\Windows\SysWow64\xvidcore.dll
2011-11-11 05:23:24 243200 ----a-w- C:\Windows\SysWow64\xvidvfw.dll
2011-11-11 05:23:24 151552 ----a-w- C:\Windows\SysWow64\ac3acm.acm
2011-11-11 05:23:22 -------- d-----w- C:\Program Files (x86)\K-Lite Codec Pack
2011-11-11 05:01:14 -------- d-----w- C:\Users\Dell Inspiron N4010\AppData\Roaming\PCDr
2011-11-11 05:00:13 -------- d-----w- C:\ProgramData\PCDr
2011-11-10 15:31:40 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-10 11:04:17 -------- d-----w- C:\Windows\SysWow64\Adobe
2011-11-10 10:21:52 -------- d-----w- C:\Users\Dell Inspiron N4010\AppData\Local\ElevatedDiagnostics
2011-11-10 01:02:12 -------- d-----w- C:\Windows\SMINST
2011-11-09 22:10:47 34624 ----a-w- C:\Windows\System32\TURegOpt.exe
2011-11-09 22:10:42 36160 ----a-w- C:\Windows\System32\uxtuneup.dll
2011-11-09 22:10:42 29504 ----a-w- C:\Windows\SysWow64\uxtuneup.dll
2011-11-09 22:10:41 25920 ----a-w- C:\Windows\System32\authuitu.dll
2011-11-09 22:10:41 21312 ----a-w- C:\Windows\SysWow64\authuitu.dll
2011-11-09 22:10:35 -------- d-----w- C:\Users\Dell Inspiron N4010\AppData\Roaming\TuneUp Software
2011-11-09 22:06:02 -------- d-----w- C:\Program Files (x86)\TuneUp Utilities 2011
2011-11-09 22:03:39 -------- d-----w- C:\ProgramData\TuneUp Software
2011-11-09 21:11:29 -------- d-----w- C:\f3e69fc8c2d9f3bb31fbe689
2011-11-09 21:04:42 -------- d-----w- C:\Windows\System32\SPReview
2011-11-09 21:04:17 -------- d-----w- C:\Windows\System32\EventProviders
2011-11-09 20:43:56 3650560 ----a-w- C:\Windows\System32\MSVidCtl.dll
2011-11-09 20:40:59 76800 ----a-w- C:\Windows\System32\drivers\hidclass.sys
2011-11-09 20:39:59 91648 ----a-w- C:\Windows\System32\mapistub.dll
2011-11-09 20:38:37 189952 ----a-w- C:\Windows\SysWow64\sqmapi.dll
2011-11-09 20:36:48 606208 ----a-w- C:\Windows\SysWow64\wbem\fastprox.dll
2011-11-09 20:36:48 363008 ----a-w- C:\Windows\SysWow64\wbemcomn.dll
2011-11-09 20:36:48 189952 ----a-w- C:\Program Files (x86)\Windows Portable Devices\sqmapi.dll
2011-11-09 20:31:22 529408 ----a-w- C:\Windows\System32\wbemcomn.dll
2011-11-09 20:31:22 244736 ----a-w- C:\Program Files\Windows Portable Devices\sqmapi.dll
2011-11-09 20:31:15 244736 ----a-w- C:\Windows\System32\sqmapi.dll
2011-11-09 19:37:23 -------- d-----w- C:\Users\Dell Inspiron N4010\AppData\Local\Sonic_Solutions
2011-11-09 19:33:36 1659776 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2011-11-09 19:33:35 96768 ----a-w- C:\Windows\System32\fsutil.exe
2011-11-09 19:33:35 74240 ----a-w- C:\Windows\SysWow64\fsutil.exe
2011-11-09 19:33:35 410496 ----a-w- C:\Windows\System32\drivers\iaStorV.sys
2011-11-09 19:33:35 27008 ----a-w- C:\Windows\System32\drivers\amdxata.sys
2011-11-09 19:33:35 2565632 ----a-w- C:\Windows\System32\esent.dll
2011-11-09 19:33:35 189824 ----a-w- C:\Windows\System32\drivers\storport.sys
2011-11-09 19:33:35 1699328 ----a-w- C:\Windows\SysWow64\esent.dll
2011-11-09 19:33:35 166272 ----a-w- C:\Windows\System32\drivers\nvstor.sys
2011-11-09 19:33:35 148352 ----a-w- C:\Windows\System32\drivers\nvraid.sys
2011-11-09 19:33:35 107904 ----a-w- C:\Windows\System32\drivers\amdsata.sys
2011-11-09 19:31:59 80384 ----a-w- C:\Windows\System32\drivers\BTHUSB.SYS
2011-11-09 19:31:59 552960 ----a-w- C:\Windows\System32\drivers\bthport.sys
2011-11-09 19:31:59 229376 ----a-w- C:\Windows\System32\fsquirt.exe
2011-11-09 19:31:58 98816 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2011-11-09 19:31:58 7936 ----a-w- C:\Windows\System32\drivers\usbd.sys
2011-11-09 19:31:58 52736 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2011-11-09 19:31:58 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2011-11-09 19:31:58 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2011-11-09 19:31:58 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2011-11-09 19:31:58 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2011-11-09 17:30:47 -------- d-----w- C:\Windows\SysWow64\Wat
2011-11-09 17:30:47 -------- d-----w- C:\Windows\System32\Wat
2011-11-09 17:04:33 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
2011-11-09 15:52:46 499200 ----a-w- C:\Windows\System32\drivers\afd.sys
2011-11-09 15:51:52 321024 ----a-w- C:\Windows\System32\d3d10_1core.dll
2011-11-09 15:51:52 219136 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2011-11-09 15:51:52 197120 ----a-w- C:\Windows\System32\d3d10_1.dll
2011-11-09 15:51:52 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2011-11-09 15:51:13 2871808 ----a-w- C:\Windows\explorer.exe
2011-11-09 15:51:13 2616320 ----a-w- C:\Windows\SysWow64\explorer.exe
2011-11-09 15:49:42 27520 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2011-11-09 15:49:23 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2011-11-09 15:49:23 331776 ----a-w- C:\Windows\System32\oleacc.dll
2011-11-09 15:49:23 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
2011-11-09 15:49:22 974336 ----a-w- C:\Windows\System32\WFS.exe
2011-11-09 15:49:22 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2011-11-09 15:49:22 267776 ----a-w- C:\Windows\System32\FXSCOVER.exe
2011-11-09 15:49:21 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys
2011-11-09 15:48:58 64512 ----a-w- C:\Windows\SysWow64\devobj.dll
2011-11-09 15:48:58 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll
2011-11-09 15:48:58 404480 ----a-w- C:\Windows\System32\umpnpmgr.dll
2011-11-09 15:48:58 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe
2011-11-09 15:48:58 207872 ----a-w- C:\Windows\System32\cfgmgr32.dll
2011-11-09 15:48:58 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll
2011-11-09 15:48:45 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2011-11-09 15:48:45 741376 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2011-11-09 15:48:44 31232 ----a-w- C:\Windows\SysWow64\prevhost.exe
2011-11-09 15:48:44 31232 ----a-w- C:\Windows\System32\prevhost.exe
2011-11-09 13:26:15 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-11-09 00:18:36 -------- d-----w- C:\ProgramData\Kaspersky Lab
2011-11-09 00:18:36 -------- d-----w- C:\Program Files (x86)\Kaspersky Lab
2011-11-09 00:18:22 -------- d-----w- C:\Users\Dell Inspiron N4010\AppData\Roaming\Macrovision
2011-11-09 00:15:58 -------- d-----w- C:\Users\Dell Inspiron N4010\AppData\Roaming\Roxio Burn
2011-11-08 23:43:08 -------- d-----w- C:\Users\Dell Inspiron N4010\AppData\Roaming\Dell
2011-11-08 23:43:03 -------- d-----w- C:\Users\Dell Inspiron N4010\AppData\Roaming\Intel
2011-11-08 23:42:59 -------- d-----w- C:\Users\Dell Inspiron N4010\AppData\Local\Stardock_Corporation
2011-11-08 23:42:56 -------- d-----w- C:\Users\Dell Inspiron N4010\AppData\Local\ATI
2011-11-08 23:42:08 -------- d-sh--w- C:\$RECYCLE.BIN
2011-11-08 23:42:07 -------- d-----w- C:\Users\Dell Inspiron N4010\AppData\Local\VirtualStore
.
==================== Find3M ====================
.
2011-11-09 21:25:46 175616 ----a-w- C:\Windows\System32\msclmd.dll
2011-11-09 21:25:46 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2011-10-02 21:06:03 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-09-29 16:29:28 1923952 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-09-29 04:03:32 3144704 ----a-w- C:\Windows\System32\win32k.sys
.
============= FINISH: 21:08:54.87 ===============

#4 ratman

ratman

    Bleepin' gnawing at it!


  • Malware Response Team
  • 1,799 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:09:27 PM

Posted 29 November 2011 - 07:50 AM

Hi Satoru PC Newbie,

Thanks for posting your log. Logs take a while to process due to intensive research that must be done. Please give me some time to look over your logs and I will post back soon.
regards, ratman

a proud member of:
Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM

If I have helped and you would like to show your appreciation you may Posted Image to the cause.



#5 ratman

ratman

    Bleepin' gnawing at it!


  • Malware Response Team
  • 1,799 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:09:27 PM

Posted 30 November 2011 - 07:00 AM

Hello Satoru PC Newbie,

My name is ratman and and I will be helping you with your computer problems.

Please take note:
  • If you have since resolved the original problem you were having, I would appreciate you letting me know.
  • If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
  • If you are unsure about any of these characteristics just post what you can and I will guide you.
Please tell me if you have your original Windows CD/DVD available.
If you are unable to perform the steps I have recommended please try one more time and if unsuccessful alert us of such and I will design an alternate means of obtaining the necessary information.
If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
Upon completing the steps below I will review your topic an do my best to resolve your issues.
Use the 'Add Reply' and add the new log to this thread.
========================================================================

Backdoor Warning

One or more of the identified infections (ZeroAccess) is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you do decide to proceed, please continue with the fix below.

===================================================================================


Re-Run aswMBR

  • Click Scan
  • On completion of the scan, click the FIX button,
  • There is a slight pause after clicking the 'Fix' button.
  • Wait for the tool to report 'Infection fixed successfully', now reboot the machine.
  • Rebooting the machine prematurely, before seeing this line will result in an incomplete fix.

    Note:After the 'Infection fixed successfully' message appears, the machine may became unresponsive. You may have to do a hard boot of your machine. That may be a side effect from the fix. All will be well after the reboot.
====================================================================================

I'd like you to run another scan with aswMBR to check we got he rootkit.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

====================================================================================

In your next reply, please copy/paste the contents of the following:
  • aswMBR Log

regards, ratman

a proud member of:
Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM

If I have helped and you would like to show your appreciation you may Posted Image to the cause.



#6 Satoru PC Newbie

Satoru PC Newbie
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Malaysia
  • Local time:03:27 PM

Posted 30 November 2011 - 11:08 AM

Hello Ratman,thanks for replying :thumbsup: .There's 2 FIX button here,One is FixMBR and the other one is just Fix.Which one should i really click? :mellow:

#7 ratman

ratman

    Bleepin' gnawing at it!


  • Malware Response Team
  • 1,799 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:09:27 PM

Posted 30 November 2011 - 11:34 AM

Hi,

Please click the Fix button.
regards, ratman

a proud member of:
Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM

If I have helped and you would like to show your appreciation you may Posted Image to the cause.



#8 Satoru PC Newbie

Satoru PC Newbie
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Malaysia
  • Local time:03:27 PM

Posted 30 November 2011 - 12:11 PM

:wink: Hello,I have click the Fix Button,Its keep on restarting.Is that Normal? this Box appear "Startup Repair"

If problems are found,Startup Repair will fix them automatically.Your Computer might restart Several times during this Process.

This was appear in the Box.

So,I just need to wait?

#9 ratman

ratman

    Bleepin' gnawing at it!


  • Malware Response Team
  • 1,799 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:09:27 PM

Posted 30 November 2011 - 12:36 PM

Hi,

Yes please.
regards, ratman

a proud member of:
Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM

If I have helped and you would like to show your appreciation you may Posted Image to the cause.



#10 Satoru PC Newbie

Satoru PC Newbie
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Malaysia
  • Local time:03:27 PM

Posted 30 November 2011 - 12:47 PM

:wink: okay,I'll wait.I starting to get worried though since its still haven't done until now.

#11 ratman

ratman

    Bleepin' gnawing at it!


  • Malware Response Team
  • 1,799 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:09:27 PM

Posted 30 November 2011 - 02:10 PM

Hello Satoru PC Newbie,

Is your machine still restarting with Startup Repair?

If so, can you try booting in Safe Mode?

Boot into safe mode.

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in safe Mode.
  • Login on your usual account.

====================================================================================
regards, ratman

a proud member of:
Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM

If I have helped and you would like to show your appreciation you may Posted Image to the cause.



#12 Satoru PC Newbie

Satoru PC Newbie
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Malaysia
  • Local time:03:27 PM

Posted 30 November 2011 - 02:28 PM

Hello,It is still restarting even now.So after i boot it to safe mode what should i do? :mellow:

#13 Satoru PC Newbie

Satoru PC Newbie
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Malaysia
  • Local time:03:27 PM

Posted 30 November 2011 - 02:48 PM

:wacko: Hi,I could not boot to safe mode its always return to startup repair box whenever I restart the Laptop.I try to press F8 to boot into the safe mode,But it still returned to this Start up repair.is there a problem?

#14 ratman

ratman

    Bleepin' gnawing at it!


  • Malware Response Team
  • 1,799 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:09:27 PM

Posted 30 November 2011 - 03:46 PM

Hi,

Sometimes this rootkit causes problems with boot manager. This can be corrected.

Can you you choose Repair Windows from the advanced boot options menu when you press F8.

Do you have your Windows DVD?
regards, ratman

a proud member of:
Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM

If I have helped and you would like to show your appreciation you may Posted Image to the cause.



#15 Satoru PC Newbie

Satoru PC Newbie
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Malaysia
  • Local time:03:27 PM

Posted 30 November 2011 - 11:29 PM

:mellow: Hi,I didn't have the windows installation.But I do have the Dell Datasafe inside the computer.Is that okay?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users