Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus remains after re-install of Win7 64bit


  • This topic is locked This topic is locked
7 replies to this topic

#1 Azrak

Azrak

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:58 PM

Posted 13 March 2012 - 10:05 AM

Please help me get rid of this/these.
1st thing I noticed was browser redirects. Used Malwarebytes, Avg and a couple of others to try to fix it. No luck there. So there was nothing there I needed to keep so I decided to restore the computer to factory using the dvds I created right after I bought it. Hours later... Much to my disappointment there is still something nasty there (rootkit?).
Here is the log created by DDS (didn't do the gmer as I have 64bit OS)
-----------
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by ED at 10:41:03 on 2012-03-13
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2812.927 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Program Files (x86)\Secunia\PSI\PSIA.exe
C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe
C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Secunia\PSI\sua.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
-netsvcs
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5532&r=27360312d555l0404z175t44k2x270
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5532&r=27360312d555l0404z175t44k2x270
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Partner BHO Class: {83ff80f4-8c74-4b80-b5ba-c8ddd434e5c4} - C:\ProgramData\Partner\Partner.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
BHO: FlashGetBHO: {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\ED\AppData\Roaming\FlashGetBHO\FlashGetBHO.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [FlashGet 3] "C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe" -minimize
uRunOnce: [SpybotDeletingB1659] command.com /c del "C:\Windows\svchost.exe_old"
uRunOnce: [SpybotDeletingD1734] cmd.exe /c del "C:\Windows\svchost.exe_old"
mRun: [EgisTecLiveUpdate] "C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe"
mRun: [ArcadeDeluxeAgent] "C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
mRun: [PlayMovie] "C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Acer Assist Launcher] C:\Program Files (x86)\Acer\Acer Assist\launcher.exe
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRunOnce: [SpybotDeletingA6608] command.com /c del "C:\Windows\svchost.exe_old"
mRunOnce: [SpybotDeletingC8247] cmd.exe /c del "C:\Windows\svchost.exe_old"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Download all links by FlashGet3 - C:\Program Files (x86)\FlashGet Network\FlashGet 3\BHO\fdgetallurl.htm
IE: Download by FlashGet3 - C:\Program Files (x86)\FlashGet Network\FlashGet 3\BHO\fdgeturl.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{1EE07418-81EA-4896-8322-4011CE3A2663} : DhcpNameServer = 192.168.1.254
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Partner BHO Class: {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner.dll
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
BHO-X64: FlashGetBHO: {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\ED\AppData\Roaming\FlashGetBHO\FlashGetBHO.dll
BHO-X64: FlashGetBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun-x64: [EgisTecLiveUpdate] "C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe"
mRun-x64: [ArcadeDeluxeAgent] "C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
mRun-x64: [PlayMovie] "C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
mRun-x64: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
mRun-x64: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [Acer Assist Launcher] C:\Program Files (x86)\Acer\Acer Assist\launcher.exe
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRunOnce-x64: [SpybotDeletingA6608] command.com /c del "C:\Windows\svchost.exe_old"
mRunOnce-x64: [SpybotDeletingC8247] cmd.exe /c del "C:\Windows\svchost.exe_old"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\ED\AppData\Roaming\Mozilla\Firefox\Profiles\7aedcjwd.default\
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B968944d4-82a3-4c4e-acb8-a7de4ea22808%7D&mid=41bacfa95dd347d19d00a113f0cf5ad5-9e26b6f2ece84924f4bad64d44006d092f1fadaa&ds=AVG&v=10.0.0.7&lang=en&pr=fr&d=2012-03-11%2019%3A22%3A42&sap=ku&q=
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\system32\DRIVERS\mwlPSDFilter.sys --> C:\Windows\system32\DRIVERS\mwlPSDFilter.sys [?]
R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\system32\DRIVERS\mwlPSDNServ.sys --> C:\Windows\system32\DRIVERS\mwlPSDNServ.sys [?]
R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys --> C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]
R3 PSI;PSI;C:\Windows\system32\DRIVERS\psi_mf.sys --> C:\Windows\system32\DRIVERS\psi_mf.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
.
=============== Created Last 30 ================
.
2012-03-13 06:37:52 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-03-13 06:37:52 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-03-13 02:07:53 1657216 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2012-03-13 02:07:52 2566144 ----a-w- C:\Windows\System32\esent.dll
2012-03-13 02:07:51 187264 ----a-w- C:\Windows\System32\drivers\storport.sys
2012-03-13 02:07:51 1686016 ----a-w- C:\Windows\SysWow64\esent.dll
2012-03-13 02:07:51 166272 ----a-w- C:\Windows\System32\drivers\nvstor.sys
2012-03-13 02:07:51 148352 ----a-w- C:\Windows\System32\drivers\nvraid.sys
2012-03-13 02:07:51 107904 ----a-w- C:\Windows\System32\drivers\amdsata.sys
2012-03-13 02:07:50 96768 ----a-w- C:\Windows\System32\fsutil.exe
2012-03-13 02:07:50 410496 ----a-w- C:\Windows\System32\drivers\iaStorV.sys
2012-03-13 02:07:50 27008 ----a-w- C:\Windows\System32\drivers\amdxata.sys
2012-03-13 02:07:49 74240 ----a-w- C:\Windows\SysWow64\fsutil.exe
2012-03-13 01:43:56 52224 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2012-03-13 01:43:56 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2012-03-13 01:43:56 324608 ----a-w- C:\Windows\System32\drivers\usbport.sys
2012-03-13 01:43:55 98816 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2012-03-13 01:43:55 7936 ----a-w- C:\Windows\System32\drivers\usbd.sys
2012-03-13 01:43:55 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2012-03-13 01:43:55 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2012-03-12 22:07:36 1320960 ----a-w- C:\Windows\SysWow64\CertEnroll.dll
2012-03-12 22:07:35 1975296 ----a-w- C:\Windows\System32\CertEnroll.dll
2012-03-12 22:07:00 2080256 ----a-w- C:\Program Files\Windows Mail\msoe.dll
2012-03-12 22:06:59 1619968 ----a-w- C:\Program Files (x86)\Windows Mail\msoe.dll
2012-03-12 22:05:45 552960 ----a-w- C:\Windows\System32\msdri.dll
2012-03-12 22:03:28 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
2012-03-12 21:45:08 -------- d-----w- C:\Windows\SysWow64\Wat
2012-03-12 21:45:08 -------- d-----w- C:\Windows\System32\Wat
2012-03-12 16:53:17 94208 ----a-w- C:\Program Files (x86)\Common Files\System\Ole DB\msdaosp.dll
2012-03-12 16:53:16 86016 ----a-w- C:\Windows\SysWow64\odbccu32.dll
2012-03-12 16:53:16 81920 ----a-w- C:\Windows\SysWow64\odbccr32.dll
2012-03-12 16:53:16 319488 ----a-w- C:\Windows\SysWow64\odbcjt32.dll
2012-03-12 16:53:16 163840 ----a-w- C:\Windows\SysWow64\odbctrac.dll
2012-03-12 16:53:16 163840 ----a-w- C:\Windows\System32\odbccp32.dll
2012-03-12 16:53:16 126976 ----a-w- C:\Program Files\Common Files\System\Ole DB\msdaosp.dll
2012-03-12 16:53:16 122880 ----a-w- C:\Windows\SysWow64\odbccp32.dll
2012-03-12 16:53:16 106496 ----a-w- C:\Windows\System32\odbccu32.dll
2012-03-12 16:53:16 106496 ----a-w- C:\Windows\System32\odbccr32.dll
2012-03-12 16:53:15 212992 ----a-w- C:\Windows\System32\odbctrac.dll
2012-03-12 16:51:28 84992 ----a-w- C:\Windows\System32\asycfilt.dll
2012-03-12 16:51:28 67584 ----a-w- C:\Windows\SysWow64\asycfilt.dll
2012-03-12 16:49:47 102400 ----a-w- C:\Windows\System32\drivers\dfsc.sys
2012-03-12 16:48:14 367104 ----a-w- C:\Windows\System32\wcncsvc.dll
2012-03-12 16:48:14 276992 ----a-w- C:\Windows\SysWow64\wcncsvc.dll
2012-03-12 16:38:25 2870272 ----a-w- C:\Windows\explorer.exe
2012-03-12 16:38:24 2614784 ----a-w- C:\Windows\SysWow64\explorer.exe
2012-03-12 16:33:48 148992 ----a-w- C:\Windows\System32\t2embed.dll
2012-03-12 16:33:48 109056 ----a-w- C:\Windows\SysWow64\t2embed.dll
2012-03-12 16:31:41 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2012-03-12 16:31:41 366592 ----a-w- C:\Windows\System32\qdvd.dll
2012-03-12 16:31:40 1572864 ----a-w- C:\Windows\System32\quartz.dll
2012-03-12 16:31:40 1328640 ----a-w- C:\Windows\SysWow64\quartz.dll
2012-03-12 16:28:50 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
2012-03-12 16:28:49 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2012-03-12 16:21:15 287744 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2012-03-12 16:21:15 157696 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2012-03-12 16:21:15 126464 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2012-03-12 15:35:52 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2012-03-12 15:17:33 476160 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2012-03-12 15:17:33 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2012-03-12 15:13:57 1897328 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-03-12 15:01:58 442880 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2012-03-12 15:01:57 662528 ----a-w- C:\Windows\System32\XpsPrint.dll
2012-03-12 15:00:23 1395712 ----a-w- C:\Windows\System32\mfc42.dll
2012-03-12 15:00:22 1359872 ----a-w- C:\Windows\System32\mfc42u.dll
2012-03-12 15:00:22 1164288 ----a-w- C:\Windows\SysWow64\mfc42u.dll
2012-03-12 15:00:22 1137664 ----a-w- C:\Windows\SysWow64\mfc42.dll
2012-03-12 14:58:41 52224 ----a-w- C:\Windows\System32\rtutils.dll
2012-03-12 14:58:41 37376 ----a-w- C:\Windows\SysWow64\rtutils.dll
2012-03-12 14:55:46 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll
2012-03-12 14:55:46 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll
2012-03-12 14:55:46 48960 ----a-w- C:\Windows\System32\netfxperf.dll
2012-03-12 14:55:46 444752 ----a-w- C:\Windows\System32\mscoree.dll
2012-03-12 14:55:46 320352 ----a-w- C:\Windows\System32\PresentationHost.exe
2012-03-12 14:55:46 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll
2012-03-12 14:55:46 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe
2012-03-12 14:55:46 1942856 ----a-w- C:\Windows\System32\dfshim.dll
2012-03-12 14:55:46 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll
2012-03-12 14:55:46 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll
2012-03-12 14:53:59 558592 ----a-w- C:\Windows\System32\spoolsv.exe
2012-03-12 14:52:50 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll
2012-03-12 14:52:50 46080 ----a-w- C:\Windows\System32\atmlib.dll
2012-03-12 14:52:50 367104 ----a-w- C:\Windows\System32\atmfd.dll
2012-03-12 14:52:50 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2012-03-12 14:52:50 294912 ----a-w- C:\Windows\SysWow64\atmfd.dll
2012-03-12 14:52:50 100864 ----a-w- C:\Windows\System32\fontsub.dll
2012-03-12 14:51:01 82944 ----a-w- C:\Windows\SysWow64\iccvid.dll
2012-03-12 14:50:20 223448 ----a-w- C:\Windows\System32\drivers\fvevol.sys
2012-03-12 14:46:19 738816 ----a-w- C:\Windows\SysWow64\wmpmde.dll
2012-03-12 14:46:19 1024512 ----a-w- C:\Windows\System32\wmpmde.dll
2012-03-12 14:44:47 91648 ----a-w- C:\Windows\SysWow64\avifil32.dll
2012-03-12 14:44:47 84480 ----a-w- C:\Windows\SysWow64\mciavi32.dll
2012-03-12 14:44:47 54272 ----a-w- C:\Windows\System32\iyuv_32.dll
2012-03-12 14:44:47 50176 ----a-w- C:\Windows\SysWow64\iyuv_32.dll
2012-03-12 14:44:47 38912 ----a-w- C:\Windows\System32\msvidc32.dll
2012-03-12 14:44:47 31744 ----a-w- C:\Windows\SysWow64\msvidc32.dll
2012-03-12 14:44:47 16384 ----a-w- C:\Windows\System32\msrle32.dll
2012-03-12 14:44:47 14848 ----a-w- C:\Windows\System32\tsbyuv.dll
2012-03-12 14:44:47 13312 ----a-w- C:\Windows\SysWow64\msrle32.dll
2012-03-12 14:44:46 25088 ----a-w- C:\Windows\System32\msyuv.dll
2012-03-12 14:44:46 22016 ----a-w- C:\Windows\SysWow64\msyuv.dll
2012-03-12 14:44:46 12288 ----a-w- C:\Windows\SysWow64\tsbyuv.dll
2012-03-12 14:43:53 -------- d-----w- C:\Users\ED\AppData\Local\Microsoft Help
2012-03-12 14:42:42 197120 ----a-w- C:\Windows\System32\d3d10_1.dll
2012-03-12 14:42:42 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2012-03-12 14:41:18 3143168 ----a-w- C:\Windows\System32\win32k.sys
2012-03-12 14:40:25 72704 ----a-w- C:\Windows\SysWow64\Mpeg2Data.ax
2012-03-12 14:40:24 75776 ----a-w- C:\Windows\System32\MSDvbNP.ax
2012-03-12 14:40:24 59904 ----a-w- C:\Windows\SysWow64\MSDvbNP.ax
2012-03-12 14:40:24 288256 ----a-w- C:\Windows\System32\MSNP.ax
2012-03-12 14:40:24 204288 ----a-w- C:\Windows\SysWow64\MSNP.ax
2012-03-12 14:40:23 613888 ----a-w- C:\Windows\System32\psisdecd.dll
2012-03-12 14:40:23 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll
2012-03-12 14:40:22 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax
2012-03-12 14:40:22 108032 ----a-w- C:\Windows\System32\psisrndr.ax
2012-03-12 14:40:22 104960 ----a-w- C:\Windows\System32\Mpeg2Data.ax
2012-03-12 14:38:40 35328 ----a-w- C:\Program Files\Windows Mail\wabfind.dll
2012-03-12 14:38:39 516096 ----a-w- C:\Program Files\Windows Mail\wab.exe
2012-03-12 14:38:39 516096 ----a-w- C:\Program Files (x86)\Windows Mail\wab.exe
2012-03-12 14:38:04 499200 ----a-w- C:\Windows\System32\drivers\afd.sys
2012-03-12 14:34:24 17792 ----a-w- C:\Windows\System32\kdcom.dll
2012-03-12 14:34:23 640896 ----a-w- C:\Windows\System32\winload.efi
2012-03-12 14:34:23 20352 ----a-w- C:\Windows\System32\kdusb.dll
2012-03-12 14:34:23 19328 ----a-w- C:\Windows\System32\kd1394.dll
2012-03-12 14:34:22 603976 ----a-w- C:\Windows\System32\winload.exe
2012-03-12 14:34:21 556928 ----a-w- C:\Windows\System32\winresume.efi
2012-03-12 14:34:20 518160 ----a-w- C:\Windows\System32\winresume.exe
2012-03-12 14:34:03 954752 ----a-w- C:\Windows\SysWow64\mfc40.dll
2012-03-12 14:34:03 954288 ----a-w- C:\Windows\SysWow64\mfc40u.dll
2012-03-12 14:31:31 64512 ----a-w- C:\Windows\SysWow64\devobj.dll
2012-03-12 14:31:31 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll
2012-03-12 14:31:31 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe
2012-03-12 14:31:31 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll
2012-03-12 14:31:30 404992 ----a-w- C:\Windows\System32\umpnpmgr.dll
2012-03-12 14:31:08 1034240 ----a-w- C:\Windows\SysWow64\mstsc.exe
2012-03-12 14:31:07 3138048 ----a-w- C:\Windows\System32\mstscax.dll
2012-03-12 14:31:07 2690560 ----a-w- C:\Windows\SysWow64\mstscax.dll
2012-03-12 14:31:07 1097216 ----a-w- C:\Windows\System32\mstsc.exe
2012-03-12 14:30:16 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe
2012-03-12 14:30:16 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
2012-03-12 14:30:11 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
2012-03-12 14:30:11 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2012-03-12 14:29:47 31232 ----a-w- C:\Windows\SysWow64\prevhost.exe
2012-03-12 14:29:47 31232 ----a-w- C:\Windows\System32\prevhost.exe
2012-03-12 14:29:29 267776 ----a-w- C:\Windows\System32\FXSCOVER.exe
2012-03-12 14:28:58 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll
2012-03-12 14:28:58 634368 ----a-w- C:\Windows\System32\msvcrt.dll
2012-03-12 14:25:52 861184 ----a-w- C:\Windows\System32\oleaut32.dll
2012-03-12 14:25:52 331776 ----a-w- C:\Windows\System32\oleacc.dll
2012-03-12 14:25:52 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
2012-03-12 14:25:51 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2012-03-12 14:20:49 9728 ----a-w- C:\Windows\SysWow64\sscore.dll
2012-03-12 14:20:49 236032 ----a-w- C:\Windows\System32\srvsvc.dll
2012-03-12 14:20:26 5507968 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-12 14:20:24 3957120 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-12 14:20:23 3902336 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-03-12 14:19:55 243712 ----a-w- C:\Windows\System32\drivers\ks.sys
2012-03-12 14:19:55 184832 ----a-w- C:\Windows\System32\drivers\usbvideo.sys
2012-03-12 14:16:35 714752 ----a-w- C:\Windows\System32\kerberos.dll
2012-03-12 14:16:35 541184 ----a-w- C:\Windows\SysWow64\kerberos.dll
2012-03-12 14:14:59 524288 ----a-w- C:\Windows\System32\wmicmiplugin.dll
2012-03-12 14:13:56 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll
2012-03-12 14:13:53 112000 ----a-w- C:\Windows\System32\consent.exe
2012-03-12 13:59:34 77312 ----a-w- C:\Windows\System32\packager.dll
2012-03-12 13:59:34 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2012-03-12 07:06:58 1888256 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2012-03-12 04:40:49 -------- d-----w- C:\Program Files (x86)\Combined Community Codec Pack
2012-03-12 04:38:59 4991496 ----a-w- C:\Windows\System32\D3DX9_38.dll
2012-03-12 04:32:55 -------- d--h--w- C:\Windows\msdownld.tmp
2012-03-12 04:32:39 -------- d-----w- C:\Windows\SysWow64\directx
2012-03-12 01:54:28 -------- d-----w- C:\Users\ED\AppData\Local\Secunia PSI
2012-03-12 01:54:10 -------- d-----w- C:\Program Files (x86)\Secunia
2012-03-12 01:41:44 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-12 01:38:56 -------- d-----w- C:\Downloads
2012-03-12 01:16:22 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-03-12 01:06:33 -------- d-sh--w- C:\$RECYCLE.BIN
2012-03-12 00:18:33 -------- d-----w- C:\Users\ED\AppData\Roaming\BITS
2012-03-12 00:18:32 -------- d-----w- C:\Users\ED\AppData\Roaming\FlashgetSetup
2012-03-12 00:18:25 -------- d-----w- C:\Users\ED\AppData\Roaming\FlashGetBHO
2012-03-12 00:18:21 -------- d-----w- C:\Users\ED\AppData\Roaming\FlashGet
2012-03-12 00:18:21 -------- d-----w- C:\Program Files (x86)\FlashGet Network
2012-03-11 23:38:23 -------- d-----w- C:\Windows\NAPP_Dism_Log
2012-03-11 23:24:07 -------- d-----w- C:\Users\ED\AppData\Roaming\AVG2012
2012-03-11 23:22:40 -------- d-----w- C:\ProgramData\AVG Secure Search
2012-03-11 23:22:38 -------- d-----w- C:\Program Files (x86)\Common Files\AVG Secure Search
2012-03-11 23:22:37 -------- d-----w- C:\Program Files (x86)\AVG Secure Search
2012-03-11 23:22:31 -------- d--h--w- C:\ProgramData\Common Files
2012-03-11 23:21:46 -------- d-----w- C:\Windows\SysWow64\drivers\AVG
2012-03-11 23:21:22 -------- d-----w- C:\Windows\System32\drivers\AVG
2012-03-11 23:21:22 -------- d-----w- C:\ProgramData\AVG2012
2012-03-11 23:20:34 -------- d-----w- C:\Program Files (x86)\AVG
2012-03-11 23:14:55 -------- d-----w- C:\ProgramData\MFAData
2012-03-11 23:10:10 -------- d-----w- C:\Users\ED\AppData\Local\Adobe
2012-03-11 23:04:14 8643640 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5EEE51F7-A346-44DE-A219-7495F82F03FF}\mpengine.dll
2012-03-11 22:48:49 34872 ----a-w- C:\Windows\System32\drivers\usbfilter.sys
2012-03-11 22:48:49 -------- d-----w- C:\Program Files (x86)\AMD
2012-03-11 22:47:21 -------- d-----w- C:\Program Files\ATI
2012-03-11 22:47:19 -------- d-----w- C:\Program Files (x86)\ATI Technologies
2012-03-11 22:44:13 -------- d-----w- C:\Program Files (x86)\Launch Manager
2012-03-11 22:43:30 358432 ----a-w- C:\Windows\System32\RtsUStor.dll
2012-03-11 22:43:25 20480 ------w- C:\Windows\svchost.exe_old
2012-03-11 21:38:49 -------- d-----w- C:\Program Files\Media Player Classic - Home Cinema
2012-03-11 21:07:46 -------- d-----w- C:\Users\ED\AppData\Local\Mozilla
2012-03-11 21:07:07 162664 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10140.bin
2012-03-11 20:29:26 -------- d-----w- C:\Users\ED\AppData\Local\Google
2012-03-11 20:27:33 4398360 ----a-w- C:\Windows\System32\d3dx9_32.dll
2012-03-11 20:27:33 3426072 ----a-w- C:\Windows\SysWow64\d3dx9_32.dll
2012-03-11 20:26:59 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2012-03-11 20:25:44 -------- d-----w- C:\Program Files (x86)\Microsoft
2012-03-11 20:25:04 -------- d-----w- C:\Program Files (x86)\Windows Live SkyDrive
2012-03-11 20:23:38 74520 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\d7b24b5a1ccffc4\DSETUP.dll
2012-03-11 20:23:38 484632 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\d7b24b5a1ccffc4\DXSETUP.exe
2012-03-11 20:23:38 1670936 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\d7b24b5a1ccffc4\dsetup32.dll
2012-03-11 20:22:26 141402440 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\wlc12E6.tmp
2012-03-11 20:22:07 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live
2012-03-11 20:20:29 -------- d-----w- C:\Windows\SysWow64\Atheros_L1e
2012-03-11 20:18:51 -------- d-----w- C:\Program Files\Apoint2K
2012-03-11 20:11:26 311808 ----a-w- C:\Windows\System32\msv1_0.dll
2012-03-11 20:11:26 257024 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2012-03-11 20:09:44 46592 ----a-w- C:\Windows\System32\msasn1.dll
2012-03-11 20:09:44 34816 ----a-w- C:\Windows\SysWow64\msasn1.dll
2012-03-11 20:04:32 -------- d-----w- C:\6ba9a100b335ba79d7a9bb48
2012-03-11 20:03:04 -------- d-----w- C:\Users\ED\AppData\Local\ATI
2012-03-11 20:02:21 -------- d-----w- C:\Users\ED\AppData\Roaming\Acer
2012-03-11 20:01:41 -------- d-----w- C:\Users\ED\AppData\Local\EgisTec
2012-03-11 20:01:40 -------- d---a-w- C:\book
2012-03-11 20:01:35 -------- d-----w- C:\ProgramData\McQcModifier-5c47-a7b0
2012-03-11 20:00:27 -------- d-----w- C:\Users\ED\AppData\Local\VirtualStore
2012-03-11 19:59:16 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-03-11 19:59:16 172032 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-03-11 19:59:15 139264 ----a-w- C:\Windows\System32\cabview.dll
2012-03-11 19:59:15 132608 ----a-w- C:\Windows\SysWow64\cabview.dll
2012-03-11 19:55:01 -------- d-----w- C:\Program Files (x86)\OEM
2012-03-11 19:53:47 -------- d-----w- C:\Recovery
.
==================== Find3M ====================
.
2012-03-12 07:10:57 85504 ----a-w- C:\Windows\System32\iesetup.dll
2012-03-12 07:10:56 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-03-12 07:10:55 30720 ----a-w- C:\Windows\System32\licmgr10.dll
2012-03-12 07:10:52 160256 ----a-w- C:\Windows\System32\wextract.exe
2012-03-12 07:10:51 165888 ----a-w- C:\Windows\System32\iexpress.exe
2012-03-12 07:10:50 603648 ----a-w- C:\Windows\System32\vbscript.dll
2012-03-11 22:49:02 6 ----a-w- C:\Windows\System32\PLD_Framework.cmd
2012-01-03 06:24:52 515584 ----a-w- C:\Windows\System32\timedate.cpl
2012-01-03 05:44:24 478208 ----a-w- C:\Windows\SysWow64\timedate.cpl
.
============= FINISH: 10:43:19.07 ===============


Thanks in advance, hope you can help me.

BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:58 AM

Posted 15 March 2012 - 08:59 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

----------------------------------------------

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Posted Image
m0le is a proud member of UNITE

#3 Azrak

Azrak
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:58 PM

Posted 19 March 2012 - 09:32 PM

Hello and thank you for the reply.
I think I may have gotten rid of the nasties, but you never know.
Since I have done quite a bit of stuff since I first posted I am adding a new DDS log as well as the aswMBR log.
I really appreciate you time and help.

New DDS log
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by ED at 22:02:47 on 2012-03-19
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2812.1866 [GMT -4:00]
.
AV: Emsisoft Anti-Malware *Enabled/Updated* {0ADC9F7D-20C1-240F-01E2-43466EBA893A}
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Emsisoft Anti-Malware *Enabled/Updated* {B1BD7E99-06FB-2B81-3B52-7834153DC387}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Program Files (x86)\Secunia\PSI\sua.exe
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://home.speedbit.com/?aff=115
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5532&r=27360312d555l0404z175t44k2x270
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: IeCatch5 Class: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - C:\PROGRA~2\FlashGet\jccatch.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: gFlash Class: {f156768e-81ef-470c-9057-481ba8380dba} - C:\PROGRA~2\FlashGet\getflash.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
TB: FlashGet Bar: {e0e899ab-f487-11d5-8d29-0050ba6940e3} - C:\PROGRA~2\FlashGet\fgiebar.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
mRun: [EgisTecLiveUpdate] "C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe"
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Acer Assist Launcher] C:\Program Files (x86)\Acer\Acer Assist\launcher.exe
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [emsisoft anti-malware] "c:\program files (x86)\emsisoft anti-malware\a2guard.exe" /d=60
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Download All by FlashGet - C:\PROGRA~2\FlashGet\jc_all.htm
IE: Download using FlashGet - C:\PROGRA~2\FlashGet\jc_link.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3}
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{1EE07418-81EA-4896-8322-4011CE3A2663} : DhcpNameServer = 192.168.1.254
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: IeCatch5 Class: {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~2\FlashGet\jccatch.dll
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: gFlash Class: {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~2\FlashGet\getflash.dll
TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
TB-X64: FlashGet Bar: {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~2\FlashGet\fgiebar.dll
TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
mRun-x64: [EgisTecLiveUpdate] "C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe"
mRun-x64: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [Acer Assist Launcher] C:\Program Files (x86)\Acer\Acer Assist\launcher.exe
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [emsisoft anti-malware] "c:\program files (x86)\emsisoft anti-malware\a2guard.exe" /d=60
IE-X64: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3}
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\ED\AppData\Roaming\Mozilla\Firefox\Profiles\wiawfx2x.default\
FF - prefs.js: browser.search.defaulturl - hxxp://home.speedbit.com/search.aspx?aff=115&q=
FF - prefs.js: browser.search.selectedEngine - SpeedBit Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://home.speedbit.com/search.aspx?aff=115&q=
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\npjpi160_31.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: FlashGot: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34} - %profile%\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R1 A2DDA;A2 Direct Disk Access Support Driver;C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [2012-3-13 23208]
R1 a2injectiondriver;a2injectiondriver;C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys [2012-3-13 41728]
R1 a2util;a-squared Malware-IDS utility driver;C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys [2012-3-13 14720]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\system32\DRIVERS\mwlPSDFilter.sys --> C:\Windows\system32\DRIVERS\mwlPSDFilter.sys [?]
R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\system32\DRIVERS\mwlPSDNServ.sys --> C:\Windows\system32\DRIVERS\mwlPSDNServ.sys [?]
R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys --> C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 a2AntiMalware;Emsisoft Anti-Malware 6.0 - Service;C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [2012-3-13 3025112]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 192776]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2009-11-5 844320]
R2 Greg_Service;GRegService;C:\Program Files (x86)\Acer\Registration\GregHSRW.exe [2009-8-28 1150496]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-6-17 144640]
R2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2011-10-14 399416]
R2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2009-11-5 240160]
R2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe [2012-3-13 918880]
R3 a2acc;a2acc;C:\Program Files (x86)\Emsisoft Anti-Malware\a2accx64.sys [2012-3-13 63880]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 MWLService;MyWinLocker Service;C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe [2009-9-10 305448]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-6-17 50432]
S3 PSI;PSI;C:\Windows\system32\DRIVERS\psi_mf.sys --> C:\Windows\system32\DRIVERS\psi_mf.sys [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2011-10-14 994360]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-03-19 23:17:47 2560 ----a-w- C:\Windows\_MSRSTRT.EXE
2012-03-19 17:24:57 -------- d-----w- C:\Users\ED\AppData\Roaming\SuperAdBlocker.com
2012-03-19 17:24:30 -------- d-----w- C:\Windows\SysWow64\URTTemp
2012-03-19 17:24:28 -------- d-----w- C:\Program Files (x86)\SuperAdBlocker.com
2012-03-19 17:09:25 -------- d-----w- C:\Program Files (x86)\FlashGet
2012-03-19 16:19:09 552136 ----a-w- C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe
2012-03-19 14:03:08 109216 ----a-w- C:\Windows\SysWow64\EasyHook64.dll
2012-03-19 14:03:07 84480 ----a-w- C:\Windows\SysWow64\EasyHook32.dll
2012-03-19 14:03:07 -------- d-----w- C:\Program Files (x86)\Common Files\SpeedBit
2012-03-14 18:19:34 -------- d-----w- C:\New folder
2012-03-14 17:57:33 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-03-14 17:57:33 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-03-14 17:57:33 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-03-14 14:48:54 -------- d-----w- C:\Program Files (x86)\ESET
2012-03-14 13:28:30 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-14 13:28:25 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-14 13:28:19 3913584 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-03-14 02:54:22 -------- d-----w- C:\Program Files (x86)\Emsisoft Anti-Malware
2012-03-14 02:18:00 -------- d-----w- C:\Windows\System32\SPReview
2012-03-14 02:16:43 -------- d-----w- C:\Windows\System32\EventProviders
2012-03-14 00:18:51 -------- d-----w- C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE
2012-03-13 23:41:19 -------- d-sh--w- C:\$RECYCLE.BIN
2012-03-13 20:11:15 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-03-13 20:11:10 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-03-13 20:11:10 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-03-13 20:07:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-03-13 20:07:20 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-03-13 20:07:20 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-03-13 20:07:19 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-03-13 15:30:20 -------- d-----w- C:\Users\ED\AppData\Roaming\Malwarebytes
2012-03-13 15:30:00 -------- d-----w- C:\ProgramData\Malwarebytes
2012-03-13 15:29:59 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-03-13 15:29:59 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-03-13 06:37:52 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-03-13 06:37:52 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-03-13 06:25:03 48976 ----a-w- C:\Windows\System32\netfxperf.dll
2012-03-13 06:25:03 1942856 ----a-w- C:\Windows\System32\dfshim.dll
2012-03-13 06:24:38 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll
2012-03-13 06:24:25 59392 ----a-w- C:\Windows\System32\drivers\TsUsbFlt.sys
2012-03-13 06:24:25 3715584 ----a-w- C:\Windows\System32\mstscax.dll
2012-03-13 06:24:25 12288 ----a-w- C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
2012-03-13 06:24:24 1838080 ----a-w- C:\Windows\System32\d3d10warp.dll
2012-03-13 06:24:24 14967808 ----a-w- C:\Program Files\DVD Maker\OmdBase.dll
2012-03-13 06:24:15 3215872 ----a-w- C:\Windows\SysWow64\mstscax.dll
2012-03-13 06:24:09 1171456 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2012-03-13 06:24:08 954752 ----a-w- C:\Windows\SysWow64\mfc40.dll
2012-03-13 06:24:08 954288 ----a-w- C:\Windows\SysWow64\mfc40u.dll
2012-03-13 06:24:07 1743360 ----a-w- C:\Windows\System32\sysmain.dll
2012-03-13 06:24:01 3650560 ----a-w- C:\Windows\System32\MSVidCtl.dll
2012-03-13 06:22:59 853504 ----a-w- C:\Windows\System32\IKEEXT.DLL
2012-03-13 06:21:59 897536 ----a-w- C:\Windows\System32\azroles.dll
2012-03-13 06:19:59 78848 ----a-w- C:\Windows\System32\hbaapi.dll
2012-03-13 06:18:59 84480 ----a-w- C:\Windows\SysWow64\mciavi32.dll
2012-03-13 06:17:58 79872 ----a-w- C:\Windows\System32\manage-bde.exe
2012-03-13 06:16:19 606208 ----a-w- C:\Windows\SysWow64\wbem\fastprox.dll
2012-03-13 06:16:19 363008 ----a-w- C:\Windows\SysWow64\wbemcomn.dll
2012-03-13 06:11:37 529408 ----a-w- C:\Windows\System32\wbemcomn.dll
2012-03-13 02:07:54 2565632 ----a-w- C:\Windows\System32\esent.dll
2012-03-13 02:07:54 1659776 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2012-03-13 02:07:53 1699328 ----a-w- C:\Windows\SysWow64\esent.dll
2012-03-13 02:07:51 189824 ----a-w- C:\Windows\System32\drivers\storport.sys
2012-03-13 02:07:51 166272 ----a-w- C:\Windows\System32\drivers\nvstor.sys
2012-03-13 02:07:51 148352 ----a-w- C:\Windows\System32\drivers\nvraid.sys
2012-03-13 02:07:51 107904 ----a-w- C:\Windows\System32\drivers\amdsata.sys
2012-03-13 02:07:50 96768 ----a-w- C:\Windows\System32\fsutil.exe
2012-03-13 02:07:50 74240 ----a-w- C:\Windows\SysWow64\fsutil.exe
2012-03-13 02:07:50 410496 ----a-w- C:\Windows\System32\drivers\iaStorV.sys
2012-03-13 02:07:50 27008 ----a-w- C:\Windows\System32\drivers\amdxata.sys
2012-03-13 01:43:56 52736 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2012-03-13 01:43:56 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2012-03-13 01:43:56 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2012-03-13 01:43:55 98816 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2012-03-13 01:43:55 7936 ----a-w- C:\Windows\System32\drivers\usbd.sys
2012-03-13 01:43:55 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2012-03-13 01:43:55 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2012-03-12 22:03:28 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
2012-03-12 21:45:08 -------- d-----w- C:\Windows\SysWow64\Wat
2012-03-12 21:45:08 -------- d-----w- C:\Windows\System32\Wat
2012-03-12 16:53:17 94208 ----a-w- C:\Program Files (x86)\Common Files\System\Ole DB\msdaosp.dll
2012-03-12 16:53:16 86016 ----a-w- C:\Windows\SysWow64\odbccu32.dll
2012-03-12 16:53:16 81920 ----a-w- C:\Windows\SysWow64\odbccr32.dll
2012-03-12 16:53:16 319488 ----a-w- C:\Windows\SysWow64\odbcjt32.dll
2012-03-12 16:53:16 163840 ----a-w- C:\Windows\SysWow64\odbctrac.dll
2012-03-12 16:53:16 163840 ----a-w- C:\Windows\System32\odbccp32.dll
2012-03-12 16:53:16 126976 ----a-w- C:\Program Files\Common Files\System\Ole DB\msdaosp.dll
2012-03-12 16:53:16 122880 ----a-w- C:\Windows\SysWow64\odbccp32.dll
2012-03-12 16:53:16 106496 ----a-w- C:\Windows\System32\odbccu32.dll
2012-03-12 16:53:16 106496 ----a-w- C:\Windows\System32\odbccr32.dll
2012-03-12 16:53:15 212992 ----a-w- C:\Windows\System32\odbctrac.dll
2012-03-12 16:38:25 2871808 ----a-w- C:\Windows\explorer.exe
2012-03-12 16:38:25 2616320 ----a-w- C:\Windows\SysWow64\explorer.exe
2012-03-12 16:31:41 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2012-03-12 16:31:41 366592 ----a-w- C:\Windows\System32\qdvd.dll
2012-03-12 16:31:41 1572864 ----a-w- C:\Windows\System32\quartz.dll
2012-03-12 16:31:40 1328128 ----a-w- C:\Windows\SysWow64\quartz.dll
2012-03-12 16:28:50 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
2012-03-12 16:28:49 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2012-03-12 16:21:15 288768 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2012-03-12 16:21:15 158208 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2012-03-12 16:21:15 128000 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2012-03-12 15:35:52 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2012-03-12 15:17:33 476160 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2012-03-12 15:17:33 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2012-03-12 15:13:59 288640 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-03-12 15:13:58 1923952 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-03-12 15:01:58 870912 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2012-03-12 15:01:57 1465344 ----a-w- C:\Windows\System32\XpsPrint.dll
2012-03-12 15:00:23 1395712 ----a-w- C:\Windows\System32\mfc42.dll
2012-03-12 15:00:22 1359872 ----a-w- C:\Windows\System32\mfc42u.dll
2012-03-12 15:00:22 1164288 ----a-w- C:\Windows\SysWow64\mfc42u.dll
2012-03-12 15:00:22 1137664 ----a-w- C:\Windows\SysWow64\mfc42.dll
2012-03-12 14:52:50 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll
2012-03-12 14:52:50 46080 ----a-w- C:\Windows\System32\atmlib.dll
2012-03-12 14:52:50 367616 ----a-w- C:\Windows\System32\atmfd.dll
2012-03-12 14:52:50 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2012-03-12 14:52:50 100864 ----a-w- C:\Windows\System32\fontsub.dll
2012-03-12 14:52:49 294912 ----a-w- C:\Windows\SysWow64\atmfd.dll
2012-03-12 14:43:53 -------- d-----w- C:\Users\ED\AppData\Local\Microsoft Help
2012-03-12 14:42:43 321024 ----a-w- C:\Windows\System32\d3d10_1core.dll
2012-03-12 14:42:42 219136 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2012-03-12 14:42:42 197120 ----a-w- C:\Windows\System32\d3d10_1.dll
2012-03-12 14:42:42 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2012-03-12 14:40:25 75776 ----a-w- C:\Windows\System32\MSDvbNP.ax
2012-03-12 14:40:25 72704 ----a-w- C:\Windows\SysWow64\Mpeg2Data.ax
2012-03-12 14:40:24 59904 ----a-w- C:\Windows\SysWow64\MSDvbNP.ax
2012-03-12 14:40:24 288256 ----a-w- C:\Windows\System32\MSNP.ax
2012-03-12 14:40:24 204288 ----a-w- C:\Windows\SysWow64\MSNP.ax
2012-03-12 14:40:23 613888 ----a-w- C:\Windows\System32\psisdecd.dll
2012-03-12 14:40:23 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll
2012-03-12 14:40:23 104960 ----a-w- C:\Windows\System32\Mpeg2Data.ax
2012-03-12 14:40:22 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax
2012-03-12 14:40:22 108032 ----a-w- C:\Windows\System32\psisrndr.ax
2012-03-12 14:38:04 498688 ----a-w- C:\Windows\System32\drivers\afd.sys
2012-03-12 14:34:24 17792 ----a-w- C:\Windows\System32\kdcom.dll
2012-03-12 14:34:23 63488 ----a-w- C:\Windows\System32\setbcdlocale.dll
2012-03-12 14:34:23 20352 ----a-w- C:\Windows\System32\kdusb.dll
2012-03-12 14:34:23 19328 ----a-w- C:\Windows\System32\kd1394.dll
2012-03-12 14:34:22 642944 ----a-w- C:\Windows\System32\winload.efi
2012-03-12 14:34:22 605552 ----a-w- C:\Windows\System32\winload.exe
2012-03-12 14:34:21 566208 ----a-w- C:\Windows\System32\winresume.efi
2012-03-12 14:34:21 518672 ----a-w- C:\Windows\System32\winresume.exe
2012-03-12 14:31:31 64512 ----a-w- C:\Windows\SysWow64\devobj.dll
2012-03-12 14:31:31 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll
2012-03-12 14:31:31 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe
2012-03-12 14:31:31 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll
2012-03-12 14:31:30 404480 ----a-w- C:\Windows\System32\umpnpmgr.dll
2012-03-12 14:31:30 207872 ----a-w- C:\Windows\System32\cfgmgr32.dll
2012-03-12 14:29:47 31232 ----a-w- C:\Windows\SysWow64\prevhost.exe
2012-03-12 14:29:47 31232 ----a-w- C:\Windows\System32\prevhost.exe
2012-03-12 14:29:29 974336 ----a-w- C:\Windows\System32\WFS.exe
2012-03-12 14:29:29 267776 ----a-w- C:\Windows\System32\FXSCOVER.exe
2012-03-12 14:28:58 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll
2012-03-12 14:28:58 634880 ----a-w- C:\Windows\System32\msvcrt.dll
2012-03-12 14:25:52 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2012-03-12 14:25:52 331776 ----a-w- C:\Windows\System32\oleacc.dll
2012-03-12 14:25:52 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
2012-03-12 14:25:51 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2012-03-12 14:21:10 1731920 ----a-w- C:\Windows\System32\ntdll.dll
2012-03-12 14:21:09 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll
2012-03-12 14:17:54 515584 ----a-w- C:\Windows\System32\timedate.cpl
2012-03-12 14:17:54 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl
2012-03-12 14:17:27 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-03-12 14:17:27 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-03-12 14:16:37 715776 ----a-w- C:\Windows\System32\kerberos.dll
2012-03-12 14:16:37 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll
2012-03-12 14:14:55 467456 ----a-w- C:\Windows\System32\drivers\srv.sys
2012-03-12 14:13:56 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll
2012-03-12 13:59:34 77312 ----a-w- C:\Windows\System32\packager.dll
2012-03-12 13:59:34 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2012-03-12 04:40:49 -------- d-----w- C:\Program Files (x86)\Combined Community Codec Pack
2012-03-12 04:38:59 4991496 ----a-w- C:\Windows\System32\D3DX9_38.dll
2012-03-12 04:32:55 -------- d--h--w- C:\Windows\msdownld.tmp
2012-03-12 04:32:39 -------- d-----w- C:\Windows\SysWow64\directx
2012-03-12 01:54:28 -------- d-----w- C:\Users\ED\AppData\Local\Secunia PSI
2012-03-12 01:54:10 -------- d-----w- C:\Program Files (x86)\Secunia
2012-03-12 01:41:44 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-12 01:38:56 -------- d-----w- C:\Downloads
2012-03-12 01:16:22 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-03-12 00:18:33 -------- d-----w- C:\Users\ED\AppData\Roaming\BITS
2012-03-12 00:18:21 -------- d-----w- C:\Program Files (x86)\FlashGet Network
2012-03-11 23:38:23 -------- d-----w- C:\Windows\NAPP_Dism_Log
2012-03-11 23:24:07 -------- d-----w- C:\Users\ED\AppData\Roaming\AVG2012
2012-03-11 23:22:40 -------- d-----w- C:\ProgramData\AVG Secure Search
2012-03-11 23:22:38 -------- d-----w- C:\Program Files (x86)\Common Files\AVG Secure Search
2012-03-11 23:22:37 -------- d-----w- C:\Program Files (x86)\AVG Secure Search
2012-03-11 23:22:31 -------- d--h--w- C:\ProgramData\Common Files
2012-03-11 23:21:46 -------- d-----w- C:\Windows\SysWow64\drivers\AVG
2012-03-11 23:21:22 -------- d-----w- C:\Windows\System32\drivers\AVG
2012-03-11 23:21:22 -------- d-----w- C:\ProgramData\AVG2012
2012-03-11 23:20:34 -------- d-----w- C:\Program Files (x86)\AVG
2012-03-11 23:14:55 -------- d-----w- C:\ProgramData\MFAData
2012-03-11 23:10:10 -------- d-----w- C:\Users\ED\AppData\Local\Adobe
2012-03-11 23:04:14 8643640 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5EEE51F7-A346-44DE-A219-7495F82F03FF}\mpengine.dll
2012-03-11 22:48:49 34872 ----a-w- C:\Windows\System32\drivers\usbfilter.sys
2012-03-11 22:48:49 -------- d-----w- C:\Program Files (x86)\AMD
2012-03-11 22:47:21 -------- d-----w- C:\Program Files\ATI
2012-03-11 22:47:19 -------- d-----w- C:\Program Files (x86)\ATI Technologies
2012-03-11 22:44:13 -------- d-----w- C:\Program Files (x86)\Launch Manager
2012-03-11 22:43:30 358432 ----a-w- C:\Windows\System32\RtsUStor.dll
2012-03-11 21:38:49 -------- d-----w- C:\Program Files\Media Player Classic - Home Cinema
2012-03-11 21:07:46 -------- d-----w- C:\Users\ED\AppData\Local\Mozilla
2012-03-11 21:07:07 162664 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10140.bin
2012-03-11 20:29:26 -------- d-----w- C:\Users\ED\AppData\Local\Google
2012-03-11 20:27:33 4398360 ----a-w- C:\Windows\System32\d3dx9_32.dll
2012-03-11 20:27:33 3426072 ----a-w- C:\Windows\SysWow64\d3dx9_32.dll
2012-03-11 20:26:59 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2012-03-11 20:25:44 -------- d-----w- C:\Program Files (x86)\Microsoft
2012-03-11 20:25:04 -------- d-----w- C:\Program Files (x86)\Windows Live SkyDrive
2012-03-11 20:23:38 74520 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\d7b24b5a1ccffc4\DSETUP.dll
2012-03-11 20:23:38 484632 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\d7b24b5a1ccffc4\DXSETUP.exe
2012-03-11 20:23:38 1670936 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\d7b24b5a1ccffc4\dsetup32.dll
2012-03-11 20:22:26 141402440 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\wlc12E6.tmp
2012-03-11 20:22:07 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live
2012-03-11 20:20:29 -------- d-----w- C:\Windows\SysWow64\Atheros_L1e
2012-03-11 20:18:51 -------- d-----w- C:\Program Files\Apoint2K
2012-03-11 20:04:32 -------- d-----w- C:\6ba9a100b335ba79d7a9bb48
2012-03-11 20:03:04 -------- d-----w- C:\Users\ED\AppData\Local\ATI
2012-03-11 20:02:21 -------- d-----w- C:\Users\ED\AppData\Roaming\Acer
2012-03-11 20:01:41 -------- d-----w- C:\Users\ED\AppData\Local\EgisTec
2012-03-11 20:01:40 -------- d---a-w- C:\book
2012-03-11 20:01:35 -------- d-----w- C:\ProgramData\McQcModifier-5c47-a7b0
2012-03-11 20:00:27 -------- d-----w- C:\Users\ED\AppData\Local\VirtualStore
2012-03-11 19:55:01 -------- d-----w- C:\Program Files (x86)\OEM
2012-03-11 19:53:47 -------- d-----w- C:\Recovery
.
==================== Find3M ====================
.
2012-03-14 02:35:06 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2012-03-14 02:35:04 175616 ----a-w- C:\Windows\System32\msclmd.dll
2012-03-12 07:10:57 85504 ----a-w- C:\Windows\System32\iesetup.dll
2012-03-12 07:10:56 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-03-12 07:10:55 30720 ----a-w- C:\Windows\System32\licmgr10.dll
2012-03-12 07:10:52 160256 ----a-w- C:\Windows\System32\wextract.exe
2012-03-12 07:10:51 165888 ----a-w- C:\Windows\System32\iexpress.exe
2012-03-12 07:10:50 603648 ----a-w- C:\Windows\System32\vbscript.dll
2012-03-11 22:49:02 6 ----a-w- C:\Windows\System32\PLD_Framework.cmd
.
============= FINISH: 22:04:19.13 ===============


aswMBR log

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-19 22:12:02
-----------------------------
22:12:02.785 OS Version: Windows x64 6.1.7601 Service Pack 1
22:12:02.785 Number of processors: 1 586 0x7C02
22:12:02.785 ComputerName: ED-PC UserName: ED
22:12:39.913 Initialize success
22:13:21.238 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
22:13:21.254 Disk 0 Vendor: WDC_WD1600BEVT-22ZCT0 11.01A11 Size: 152627MB BusType: 11
22:13:21.285 Disk 0 MBR read successfully
22:13:21.285 Disk 0 MBR scan
22:13:21.285 Disk 0 Windows 7 default MBR code
22:13:21.285 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 12291 MB offset 63
22:13:21.316 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 101 MB offset 25173855
22:13:21.332 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 140232 MB offset 25382700
22:13:21.347 Disk 0 scanning C:\Windows\system32\drivers
22:13:27.806 Service scanning
22:13:44.794 Modules scanning
22:13:44.810 Disk 0 trace - called modules:
22:13:44.872 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
22:13:44.872 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80030b3060]
22:13:45.387 3 CLASSPNP.SYS[fffff8800161743f] -> nt!IofCallDriver -> [0xfffffa80030c7bf0]
22:13:45.403 5 ACPI.sys[fffff88000f527a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8003083060]
22:13:45.418 Scan finished successfully
22:14:25.666 Disk 0 MBR has been saved successfully to "C:\Users\ED\Downloads\MBR.dat"
22:14:25.666 The log file has been saved successfully to "C:\Users\ED\Downloads\aswMBR.txt"


Again thanks. :)

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:58 AM

Posted 20 March 2012 - 04:35 PM

After a reinstall only one malware type remains and that is the rewriting of the Master Boot Record. aswMBR shows that there is nothing there. The only other possibility would be that you did not reformat and reinstall so a long but deep scan online with ESET should be a good tester

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • Copy and paste the resulting log in your next reply
If no log is generated that means nothing was found. Please let me know if this happens.

If you think a log should have been generated then go to C:\Program Files\ESET\ESET Online Scanner\log.txt to find it.
Posted Image
m0le is a proud member of UNITE

#5 Azrak

Azrak
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:58 PM

Posted 20 March 2012 - 09:12 PM

I did find a rootkit before you replied the first time it was Bagel something. I used tdsskiller to remove it. I just wanted to make sure there was nothing else I might have missed.
I ran the eset online scan and it found another trojan (no more rootkits for me, I hope). It appears to be a newish Android virus it found in a custom rom I had downloaded for my new Skypad Alpha 2 tablet. Here's the log. Anything else I should do?
Thanks again for you help, I'm off now to inform the creator of the rom that this was found in his files.

eset online scan log---


ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
esets_scanner_update returned -1 esets_gle=12
esets_scanner_update returned -1 esets_gle=12
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=52abebf126ce004b8e65fdc7e361ca87
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-03-21 01:49:43
# local_time=2012-03-20 09:49:43 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1024 16777215 100 0 689353 689353 0 0
# compatibility_mode=5893 16776574 100 94 0 83827237 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=153557
# found=1
# cleaned=1
# scan_time=10797
C:\Users\ED\Desktop\STZ-ROM-BullDog-Blue-Skpad-A50.exe Android/Bgserv.C trojan (deleted - quarantined) 00000000000000000000000000000000 C

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:58 AM

Posted 21 March 2012 - 06:00 PM

One more thing you should do.

I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove either Emsisoft or AVG.


Apart from that we've reached the part where I tell you you're clean. :thumbup2:

Do you have any questions?
Posted Image
m0le is a proud member of UNITE

#7 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:58 AM

Posted 27 March 2012 - 08:21 PM

Are you still there?
Posted Image
m0le is a proud member of UNITE

#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:58 AM

Posted 28 March 2012 - 06:28 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users