Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Sirefef.y infection and reboot every 60 sec


  • This topic is locked This topic is locked
14 replies to this topic

#1 tutankhamon

tutankhamon

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:30 AM

Posted 18 June 2012 - 05:37 AM

Hi all, i'm new to the community here so that's my first post unfortunatelly. Well the problem started with windows firewall being disabled and i was getting and error. So i decided to install mse when the reboots started... Is there a "fast" solution? my system is w7 x64 and i have bitdefender security center..

Any help you could provide would be appreciated a great deal.

Thanks in advance.

Apostolis

BC AdBot (Login to Remove)

 


#2 tutankhamon

tutankhamon
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:30 AM

Posted 18 June 2012 - 05:55 AM

Doing a little research i found what has to be done with Farbar so i did that and i will post the log file.

Scan result of Farbar Recovery Scan Tool Version: 17-06-2012 04
Ran by SYSTEM at 18-06-2012 13:50:46
Running from G:\
Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [BDAgent] "C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe" [1067256 2012-04-01] (Bitdefender)
HKLM\...\Run: [ProfilerU] C:\Program Files\Saitek\SD6\Software\ProfilerU.exe [310272 2010-07-29] (Saitek)
HKLM\...\Run: [SaiMfd] C:\Program Files\Saitek\SD6\Software\SaiMfd.exe [158208 2010-07-29] (Saitek)
HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
HKLM-x32\...\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [WindowsLiveDeviceIntegrator] C:\Program Files (x86)\Windows Live\Device Integrator\wldi.exe [245544 2010-09-23] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide [205336 2011-11-11] (Logitech Inc.)
HKU\Vadim\...\Run: [Google Update] "C:\Users\Vadim\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-10-15] (Google Inc.)
HKU\Vadim\...\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED [880496 2012-05-21] (BitTorrent, Inc.)
HKU\Vadim\...\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [3671872 2012-04-17] (DT Soft Ltd)
HKU\Vadim\...\Run: [Facebook Update] "C:\Users\Vadim\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [137536 2012-05-16] (Facebook Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

==================== Services (Whitelisted) ======

2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75136 2011-10-22] ()
2 PnkBstrB; C:\Windows\SysWow64\PnkBstrB.exe [107832 2011-10-28] ()
2 RemoteAccess; C:\Windows\SysWOW64\mprdin.dll [1958912 2012-06-05] ()
3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [736104 2012-02-14] (Tunngle.net GmbH)
3 Update Server; C:\Program Files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe [466736 2011-10-27] (BitDefender)
2 UPDATESRV; "C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe" /service [66096 2012-04-01] (Bitdefender)
2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe /service [1956616 2012-04-01] (Bitdefender)
4 Mcx2Svc; C:\Windows\SysWOW64\Mcx2Svc.dll [x]
2 MSCamSvc; "C:\Program Files\Microsoft LifeCam\MSCamS64.exe" [x]

========================== Drivers (Whitelisted) =============

0 avc3; C:\Windows\System32\Drivers\avc3.sys [691896 2012-04-01] (BitDefender)
3 avchv; C:\Windows\System32\Drivers\avchv.sys [258736 2011-12-05] (BitDefender)
3 avckf; C:\Windows\System32\Drivers\avckf.sys [545064 2012-03-22] (BitDefender)
0 bdfsfltr; C:\Windows\System32\Drivers\bdfsfltr.sys [442088 2012-01-08] (BitDefender)
1 bdfwfpf; \??\C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [103504 2011-11-23] (BitDefender LLC)
3 bdsandbox; C:\Windows\System32\Drivers\bdsandbox.sys [79952 2012-03-22] (BitDefender SRL)
1 BDVEDISK; C:\Windows\System32\Drivers\BDVEDISK.sys [103944 2010-01-19] (BitDefender)
1 dtsoftbus01; C:\Windows\System32\Drivers\dtsoftbus01.sys [283200 2012-05-14] (DT Soft Ltd)
3 etdrv; \??\C:\Windows\etdrv.sys [25640 2011-11-08] (Windows ® Server 2003 DDK provider)
3 GVTDrv64; \??\C:\Windows\GVTDrv64.sys [30528 2011-11-08] ()
3 SaiH0461; C:\Windows\System32\Drivers\SaiH0461.sys [178432 2008-03-25] (Saitek)
3 SaiMini; C:\Windows\System32\Drivers\SaiMini.sys [22792 2010-08-09] (Saitek)
3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [50056 2010-08-09] (Saitek)
3 tap0901t; C:\Windows\System32\Drivers\tap0901t.sys [31232 2009-09-15] (Tunngle.net)
0 trufos; C:\Windows\System32\Drivers\trufos.sys [329800 2011-11-01] (BitDefender S.R.L.)
3 TS_AR5416; C:\Windows\System32\DRIVERS\ts_athwx.sys [2156872 2011-09-05] (TamoSoft)
3 TS_ARN5416; C:\Windows\System32\DRIVERS\ts_athrx.sys [2813544 2012-02-10] (TamoSoft)
3 ts_arnusb; C:\Windows\System32\DRIVERS\ts_arnusbx.sys [1982056 2012-02-01] (TamoSoft)
3 ts_arusb; C:\Windows\System32\DRIVERS\ts_arusbx.sys [1206504 2011-05-13] (TamoSoft)
3 gdrv; \??\C:\Windows\gdrv.sys [x]
3 netr28x; C:\Windows\System32\DRIVERS\netr28x.sys [x]
0 TfFsMon; C:\Windows\System32\drivers\TfFsMon.sys [x]
3 TfNetMon; \??\C:\Windows\system32\drivers\TfNetMon.sys [x]
0 TFSysMon; C:\Windows\System32\drivers\TfSysMon.sys [x]
3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]
3 X6va005; \??\C:\Users\Vadim\AppData\Local\Temp\00586AC.tmp [x]

========================== NetSvcs (Whitelisted) ===========

NETSVCx32: Mcx2Svc -> C:\Windows\SysWOW64\Mcx2Svc.dll ==> No File.

============ One Month Created Files and Folders ==============

2012-06-18 02:10 - 2012-06-18 02:10 - 00000000 ____A C:\Windows\System32\bdaDD20.tmp
2012-06-18 02:01 - 2012-06-18 02:02 - 00229446 ____A C:\Windows\ntbtlog.txt
2012-06-18 01:57 - 2012-06-18 01:57 - 00034080 ____A C:\Windows\System32\bdaDF33.tmp
2012-06-18 01:40 - 2012-06-18 01:40 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-06-18 01:39 - 2012-06-18 01:40 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-06-17 09:23 - 2012-05-17 18:47 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-17 09:23 - 2012-05-17 18:16 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-17 09:23 - 2012-05-17 18:06 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-17 09:23 - 2012-05-17 17:59 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-17 09:23 - 2012-05-17 17:59 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-17 09:23 - 2012-05-17 17:58 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-17 09:23 - 2012-05-17 17:58 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-17 09:23 - 2012-05-17 17:56 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-17 09:23 - 2012-05-17 17:55 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-17 09:23 - 2012-05-17 17:55 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-17 09:23 - 2012-05-17 17:54 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-17 09:23 - 2012-05-17 17:51 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-17 09:23 - 2012-05-17 17:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-17 09:23 - 2012-05-17 17:47 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-17 09:23 - 2012-05-17 15:11 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-17 09:23 - 2012-05-17 14:48 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-17 09:23 - 2012-05-17 14:45 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-17 09:23 - 2012-05-17 14:36 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-17 09:23 - 2012-05-17 14:35 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-17 09:23 - 2012-05-17 14:35 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-17 09:23 - 2012-05-17 14:33 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-17 09:23 - 2012-05-17 14:31 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-17 09:23 - 2012-05-17 14:29 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-17 09:23 - 2012-05-17 14:29 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-17 09:23 - 2012-05-17 14:27 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-17 09:23 - 2012-05-17 14:25 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-17 09:23 - 2012-05-17 14:24 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-17 09:23 - 2012-05-17 14:20 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-17 09:15 - 2012-05-14 17:32 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-17 09:15 - 2012-05-04 03:06 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-06-17 09:15 - 2012-05-04 02:03 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-06-17 09:15 - 2012-05-04 02:03 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-06-17 09:15 - 2012-04-30 21:40 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-06-17 09:15 - 2012-04-27 21:32 - 01112064 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll
2012-06-17 09:15 - 2012-04-27 19:55 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-06-17 09:15 - 2012-04-25 21:41 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-06-17 09:15 - 2012-04-25 21:41 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-06-17 09:15 - 2012-04-25 21:34 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-06-17 09:15 - 2012-04-23 21:37 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-06-17 09:15 - 2012-04-23 21:37 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-06-17 09:15 - 2012-04-23 21:37 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-06-17 09:15 - 2012-04-23 20:36 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-06-17 09:15 - 2012-04-23 20:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-06-17 09:15 - 2012-04-23 20:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-06-17 09:15 - 2012-04-07 04:31 - 03216384 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
2012-06-17 09:15 - 2012-04-07 03:26 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2012-06-17 09:08 - 2012-06-17 09:09 - 00000000 ____D C:\Users\Vadim\AppData\Local\{76BE1B44-7D7D-48D2-B391-882A0A37F1C1}
2012-06-17 09:08 - 2012-06-17 09:08 - 00000000 ____D C:\Users\Vadim\AppData\Local\{75CA5020-3202-470E-AE71-0F1D8A5BA166}
2012-06-13 05:49 - 2012-06-13 05:49 - 00002009 ____A C:\Users\Public\Desktop\REX Essential.lnk
2012-06-13 05:42 - 2012-06-13 05:49 - 00000000 ____D C:\Program Files (x86)\Real Environment Xtreme Essential
2012-06-13 04:34 - 2012-06-13 04:34 - 00000000 ____D C:\Users\Vadim\AppData\Local\{7D2CFCE1-9577-4174-A020-070E73CC9D07}
2012-06-13 04:34 - 2012-06-13 04:34 - 00000000 ____D C:\Users\Vadim\AppData\Local\{2BE13E66-7087-4567-821A-298E24459011}
2012-06-12 02:45 - 2012-06-12 02:45 - 00000000 ____D C:\Users\Vadim\AppData\Local\{7CAB69C6-32B8-4CFF-8158-FBC26A9B70E9}
2012-06-12 02:44 - 2012-06-12 02:44 - 00000000 ____D C:\Users\Vadim\AppData\Local\{F00B8C0B-E12C-436A-9303-144077128289}
2012-06-11 11:09 - 2012-06-11 11:12 - 00000000 ____D C:\Users\Vadim\Desktop\???? f??e???
2012-06-11 07:13 - 2012-06-11 07:13 - 00000000 ____D C:\Users\Vadim\Desktop\rain original
2012-06-09 05:06 - 2012-06-09 05:06 - 00000000 ____D C:\Users\Vadim\AppData\Local\{798658E1-16DE-472E-817E-0924A89C66D7}
2012-06-09 05:06 - 2012-06-09 05:06 - 00000000 ____D C:\Users\Vadim\AppData\Local\{6F12ABD8-540D-432A-ADED-5446ED5B78B2}
2012-06-08 06:31 - 2012-06-08 06:31 - 00000000 ____D C:\Users\Vadim\AppData\Local\{1F13DC3D-9800-4B54-8943-159B09A9BD5D}
2012-06-08 06:31 - 2012-06-08 06:31 - 00000000 ____D C:\Users\Vadim\AppData\Local\{172C4A03-D75B-494F-9F20-B2039AD818FF}
2012-06-07 02:59 - 2012-06-07 02:58 - 00059392 ____A C:\Users\Vadim\Downloads\20070314095845656_SM940NW.exe
2012-06-07 02:57 - 2012-06-07 02:57 - 00000000 ____D C:\Users\Vadim\AppData\Local\{004A1C55-D0A5-4D5E-BE9A-8E6129B928D2}
2012-06-07 02:56 - 2012-06-07 02:56 - 00000000 ____D C:\Users\Vadim\AppData\Local\{82238F54-2CAF-493F-83E3-94CAC44D209D}
2012-06-06 07:17 - 2012-06-06 07:17 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-06-06 06:33 - 2012-06-06 06:33 - 00000000 ____D C:\Users\Vadim\AppData\Local\{76562556-9009-4941-A91A-8A4B2B27827C}
2012-06-06 06:33 - 2012-06-06 06:33 - 00000000 ____D C:\Users\Vadim\AppData\Local\{584CE985-3DA3-432E-A026-AFE573F2C96B}
2012-06-05 23:04 - 2012-06-05 23:04 - 00000400 ____A C:\Windows\SysWOW64\mprdin.ocx
2012-06-05 23:03 - 2012-06-05 23:03 - 01958912 ____A C:\Windows\SysWOW64\mprdin.dll
2012-06-05 05:59 - 2012-06-05 05:59 - 00000000 ____D C:\Users\Vadim\AppData\Local\{44EE7664-D441-463F-A4AB-1E47A6D85B60}
2012-06-05 05:59 - 2012-06-05 05:59 - 00000000 ____D C:\Users\Vadim\AppData\Local\{08423048-A2EC-47C1-9366-87B42E7ACD0F}
2012-06-05 02:15 - 2012-06-05 02:15 - 00000000 ____D C:\Users\Vadim\AppData\Local\{59D0E47A-8049-496E-99CF-8941C6595945}
2012-06-04 01:19 - 2012-06-04 01:19 - 00000000 ____D C:\Users\Vadim\AppData\Local\{65033008-57D4-4952-9B41-9398EFD83873}
2012-06-04 01:18 - 2012-06-04 01:19 - 00000000 ____D C:\Users\Vadim\AppData\Local\{48E85986-CA41-4219-AE3A-E5A3FEF15703}
2012-06-03 02:26 - 2012-06-03 02:26 - 00000000 ____D C:\Users\Vadim\AppData\Local\{3C632132-18F6-49F7-8C2A-671395B6D3E0}
2012-06-03 02:25 - 2012-06-03 02:26 - 00000000 ____D C:\Users\Vadim\AppData\Local\{D7D3249C-52F4-4D92-8EFF-528479192480}
2012-06-02 06:53 - 2012-06-02 06:54 - 00000000 ____D C:\Users\Vadim\AppData\Local\{4ABE18D7-E608-4E4E-9CBC-AA5AEC07198F}
2012-06-02 06:53 - 2012-06-02 06:53 - 00000000 ____D C:\Users\Vadim\AppData\Local\{41DB8CA4-3027-4EC4-BC95-3A1285F30984}
2012-06-02 03:31 - 2012-06-02 03:31 - 00000000 ____D C:\Users\Vadim\AppData\Local\{B2AFE98F-C872-41A5-A3C2-D1B743E2BF6F}
2012-06-01 04:05 - 2012-06-01 04:10 - 00000000 ____D C:\GEXn-Backup
2012-06-01 03:13 - 2012-06-01 03:15 - 00000000 ____D C:\Users\Vadim\Desktop\GEX Europe 2.0
2012-06-01 03:13 - 2010-12-13 21:30 - 195917681 ____A () C:\Users\Vadim\Desktop\qw757_fs9_setup.exe
2012-06-01 03:09 - 2012-06-01 03:09 - 00000000 ____D C:\Users\Vadim\AppData\Local\{C6A650F6-B710-41F1-99AE-F7196C69E268}
2012-06-01 03:08 - 2012-06-01 03:09 - 00000000 ____D C:\Users\Vadim\AppData\Local\{747E07DD-0C9F-4FF8-9B08-2C15B6A87363}
2012-06-01 03:02 - 2012-06-01 03:03 - 00000000 ____D C:\Users\Vadim\Desktop\Fsx Add-ons
2012-05-31 01:38 - 2012-05-31 01:38 - 00000000 ____D C:\Users\Vadim\AppData\Local\{EF9B907D-6DD1-4BDC-A75A-1B20CFC9BFB3}
2012-05-31 01:37 - 2012-05-31 01:37 - 00000000 ____D C:\Users\Vadim\AppData\Local\{8AC6F831-545B-4015-BE26-399DD0FDA88B}
2012-05-30 06:29 - 2012-05-30 06:34 - 00000000 ____D C:\Users\Public\Documents\Saitek SD6 Profiles
2012-05-30 06:26 - 2012-05-30 06:26 - 00000000 ____D C:\Users\All Users\Saitek
2012-05-30 06:25 - 2012-05-30 06:25 - 00000000 ____D C:\Program Files\Saitek
2012-05-30 06:19 - 2012-05-30 06:19 - 00000000 ____D C:\Users\Vadim\AppData\Roaming\InstallShield
2012-05-30 05:42 - 2012-05-30 05:42 - 00000000 ____D C:\Users\Vadim\AppData\Local\{F5230B93-698E-427E-8438-E051B9919065}
2012-05-30 05:42 - 2012-05-30 05:42 - 00000000 ____D C:\Users\Vadim\AppData\Local\{1C147706-D119-4718-88BB-80881E16B2F4}
2012-05-29 03:36 - 2012-05-29 03:36 - 00000000 ____D C:\Users\Vadim\AppData\Local\{14C16B67-2B2D-4664-AECF-3F72116C89E6}
2012-05-29 03:35 - 2012-05-29 03:36 - 00000000 ____D C:\Users\Vadim\AppData\Local\{2B7671BF-4FD7-430E-A938-D585D5D20F13}
2012-05-28 01:16 - 2012-05-28 01:16 - 00000000 ____D C:\Users\Vadim\AppData\Local\{46CA8A63-C145-41AA-8D0C-D1A651DA58B4}
2012-05-28 01:16 - 2012-05-28 01:16 - 00000000 ____D C:\Users\Vadim\AppData\Local\{0A2257AB-3D60-4429-AB09-51BDAE7A3E75}
2012-05-28 01:15 - 2012-05-28 01:16 - 00000000 ____D C:\Users\Vadim\AppData\Local\{5D058763-272F-43B3-BFD1-75C2A85B9987}
2012-05-27 06:33 - 2012-05-27 06:33 - 00000000 ____D C:\Users\Vadim\AppData\Local\{3B4EB2A7-068A-44CB-B7F4-B9E0528C379F}
2012-05-27 06:33 - 2012-05-27 06:33 - 00000000 ____D C:\Users\Vadim\AppData\Local\{302E94BC-0379-4231-BDD0-B5C954971F5C}
2012-05-26 08:36 - 2012-05-26 08:36 - 00000000 ____D C:\Users\Vadim\AppData\Local\{9D4FA9BE-5408-4E7E-B578-B9A07FF9E5BA}
2012-05-26 08:36 - 2012-05-26 08:36 - 00000000 ____D C:\Users\Vadim\AppData\Local\{93C4AB5C-EF80-4994-B8C5-12C1AD8D242F}
2012-05-23 09:27 - 2012-05-23 09:27 - 00000000 ____D C:\Users\Vadim\AppData\Local\{50F86471-7630-49E5-A1DD-8D9875F97B5E}
2012-05-23 09:27 - 2012-05-23 09:27 - 00000000 ____D C:\Users\Vadim\AppData\Local\{480DF89F-442A-4C44-831D-FCB4C9E06C8B}
2012-05-21 08:13 - 2012-05-21 08:13 - 00000000 ____D C:\Users\Vadim\AppData\Local\{E22E8107-2310-4715-9083-311FE833C639}
2012-05-21 08:13 - 2012-05-21 08:13 - 00000000 ____D C:\Users\Vadim\AppData\Local\{384CFCAD-F354-49D5-9E72-6444905D2C51}


============ 3 Months Modified Files and Folders =============

2012-06-18 13:51 - 2012-06-18 13:50 - 00000000 ____D C:\FRST
2012-06-18 02:10 - 2012-06-18 02:10 - 00000000 ____A C:\Windows\System32\bdaDD20.tmp
2012-06-18 02:09 - 2011-10-15 11:50 - 00000000 ____D C:\Users\Vadim\AppData\Roaming\uTorrent
2012-06-18 02:07 - 2011-10-15 13:32 - 3207946240 __ASH C:\hiberfil.sys
2012-06-18 02:07 - 2011-10-15 11:25 - 00000000 ____D C:\Users\All Users\NVIDIA
2012-06-18 02:07 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-06-18 02:07 - 2009-07-13 20:51 - 00045498 ____A C:\Windows\setupact.log
2012-06-18 02:02 - 2012-06-18 02:01 - 00229446 ____A C:\Windows\ntbtlog.txt
2012-06-18 02:01 - 2009-07-13 19:20 - 00000000 ____D C:\Windows
2012-06-18 01:58 - 2011-10-16 01:31 - 00000376 ____A C:\Users\Vadim\AppData\Roamingprivacy.xml
2012-06-18 01:57 - 2012-06-18 01:57 - 00034080 ____A C:\Windows\System32\bdaDF33.tmp
2012-06-18 01:42 - 2011-10-15 23:37 - 01770293 ____A C:\Windows\WindowsUpdate.log
2012-06-18 01:40 - 2012-06-18 01:40 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-06-18 01:40 - 2012-06-18 01:39 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-06-18 01:40 - 2011-10-15 11:40 - 00561884 ____A C:\Windows\System32\perfh008.dat
2012-06-18 01:40 - 2011-10-15 11:40 - 00090446 ____A C:\Windows\System32\perfc008.dat
2012-06-18 01:40 - 2011-10-15 11:24 - 01389438 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-06-18 01:40 - 2011-10-15 11:24 - 00001945 ____A C:\Windows\epplauncher.mif
2012-06-18 01:40 - 2009-07-13 19:20 - 00000000 ___RD C:\Program Files (x86)
2012-06-18 01:39 - 2009-07-13 19:20 - 00000000 ___RD C:\Program Files
2012-06-18 01:32 - 2012-03-21 09:42 - 00000000 ____D C:\Users\Vadim\AppData\Local\ElevatedDiagnostics
2012-06-18 01:32 - 2009-07-13 20:45 - 00023904 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-06-18 01:32 - 2009-07-13 20:45 - 00023904 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-06-17 09:49 - 2011-10-15 14:11 - 00256297 ____A C:\bdlog.txt
2012-06-17 09:45 - 2009-07-13 20:45 - 00421704 ____A C:\Windows\System32\FNTCACHE.DAT
2012-06-17 09:25 - 2011-10-15 13:17 - 00000000 ____D C:\Users\All Users\Microsoft Help
2012-06-17 09:22 - 2011-10-15 13:32 - 00000000 __SHD C:\System Volume Information
2012-06-17 09:11 - 2011-10-15 10:17 - 00001194 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2005625594-2423597577-296749431-1000UA.job
2012-06-17 09:09 - 2012-06-17 09:08 - 00000000 ____D C:\Users\Vadim\AppData\Local\{76BE1B44-7D7D-48D2-B391-882A0A37F1C1}
2012-06-17 09:08 - 2012-06-17 09:08 - 00000000 ____D C:\Users\Vadim\AppData\Local\{75CA5020-3202-470E-AE71-0F1D8A5BA166}
2012-06-17 09:08 - 2011-10-15 11:03 - 00000000 ____D C:\Users\Vadim\Tracing
2012-06-17 09:08 - 2011-10-15 10:45 - 00000000 ____D C:\Users\Vadim\AppData\Local\Windows Live
2012-06-14 06:49 - 2009-07-13 21:13 - 01382490 ____A C:\Windows\System32\PerfStringBackup.INI
2012-06-14 06:47 - 2011-10-15 10:24 - 58957832 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-06-13 06:38 - 2011-10-15 12:45 - 00000000 ____D C:\Users\Vadim\Documents\Flight Simulator X Files
2012-06-13 05:49 - 2012-06-13 05:49 - 00002009 ____A C:\Users\Public\Desktop\REX Essential.lnk
2012-06-13 05:49 - 2012-06-13 05:42 - 00000000 ____D C:\Program Files (x86)\Real Environment Xtreme Essential
2012-06-13 05:27 - 2012-05-16 11:22 - 00000928 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2005625594-2423597577-296749431-1000UA.job
2012-06-13 04:34 - 2012-06-13 04:34 - 00000000 ____D C:\Users\Vadim\AppData\Local\{7D2CFCE1-9577-4174-A020-070E73CC9D07}
2012-06-13 04:34 - 2012-06-13 04:34 - 00000000 ____D C:\Users\Vadim\AppData\Local\{2BE13E66-7087-4567-821A-298E24459011}
2012-06-12 04:09 - 2011-10-15 13:51 - 00000000 ___RD C:\Users\Vadim\Desktop\Games
2012-06-12 02:45 - 2012-06-12 02:45 - 00000000 ____D C:\Users\Vadim\AppData\Local\{7CAB69C6-32B8-4CFF-8158-FBC26A9B70E9}
2012-06-12 02:44 - 2012-06-12 02:44 - 00000000 ____D C:\Users\Vadim\AppData\Local\{F00B8C0B-E12C-436A-9303-144077128289}
2012-06-11 11:27 - 2012-05-16 11:22 - 00000906 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2005625594-2423597577-296749431-1000Core.job
2012-06-11 11:12 - 2012-06-11 11:09 - 00000000 ____D C:\Users\Vadim\Desktop\???? f??e???
2012-06-11 11:08 - 2011-10-27 14:31 - 00000000 ____D C:\Users\Vadim\Documents\Rockstar Games
2012-06-11 10:55 - 2011-10-15 10:47 - 00630064 ____A C:\Windows\DirectX.log
2012-06-11 09:56 - 2011-11-29 04:00 - 00000000 ____D C:\Users\All Users\Rockstar Games
2012-06-11 09:56 - 2011-10-27 13:06 - 00000000 ____D C:\Program Files (x86)\Rockstar Games
2012-06-11 09:56 - 2011-10-16 00:03 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2012-06-11 07:13 - 2012-06-11 07:13 - 00000000 ____D C:\Users\Vadim\Desktop\rain original
2012-06-09 23:11 - 2011-10-15 10:17 - 00001142 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2005625594-2423597577-296749431-1000Core.job
2012-06-09 05:06 - 2012-06-09 05:06 - 00000000 ____D C:\Users\Vadim\AppData\Local\{798658E1-16DE-472E-817E-0924A89C66D7}
2012-06-09 05:06 - 2012-06-09 05:06 - 00000000 ____D C:\Users\Vadim\AppData\Local\{6F12ABD8-540D-432A-ADED-5446ED5B78B2}
2012-06-08 06:31 - 2012-06-08 06:31 - 00000000 ____D C:\Users\Vadim\AppData\Local\{1F13DC3D-9800-4B54-8943-159B09A9BD5D}
2012-06-08 06:31 - 2012-06-08 06:31 - 00000000 ____D C:\Users\Vadim\AppData\Local\{172C4A03-D75B-494F-9F20-B2039AD818FF}
2012-06-07 02:58 - 2012-06-07 02:59 - 00059392 ____A C:\Users\Vadim\Downloads\20070314095845656_SM940NW.exe
2012-06-07 02:57 - 2012-06-07 02:57 - 00000000 ____D C:\Users\Vadim\AppData\Local\{004A1C55-D0A5-4D5E-BE9A-8E6129B928D2}
2012-06-07 02:56 - 2012-06-07 02:56 - 00000000 ____D C:\Users\Vadim\AppData\Local\{82238F54-2CAF-493F-83E3-94CAC44D209D}
2012-06-06 14:06 - 2012-04-05 23:02 - 00000000 ____D C:\users\UpdatusUser
2012-06-06 07:17 - 2012-06-06 07:17 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-06-06 06:33 - 2012-06-06 06:33 - 00000000 ____D C:\Users\Vadim\AppData\Local\{76562556-9009-4941-A91A-8A4B2B27827C}
2012-06-06 06:33 - 2012-06-06 06:33 - 00000000 ____D C:\Users\Vadim\AppData\Local\{584CE985-3DA3-432E-A026-AFE573F2C96B}
2012-06-05 23:04 - 2012-06-05 23:04 - 00000400 ____A C:\Windows\SysWOW64\mprdin.ocx
2012-06-05 23:03 - 2012-06-05 23:03 - 01958912 ____A C:\Windows\SysWOW64\mprdin.dll
2012-06-05 05:59 - 2012-06-05 05:59 - 00000000 ____D C:\Users\Vadim\AppData\Local\{44EE7664-D441-463F-A4AB-1E47A6D85B60}
2012-06-05 05:59 - 2012-06-05 05:59 - 00000000 ____D C:\Users\Vadim\AppData\Local\{08423048-A2EC-47C1-9366-87B42E7ACD0F}
2012-06-05 02:15 - 2012-06-05 02:15 - 00000000 ____D C:\Users\Vadim\AppData\Local\{59D0E47A-8049-496E-99CF-8941C6595945}
2012-06-04 07:49 - 2011-10-15 23:50 - 00111224 ____A C:\Users\Vadim\AppData\Local\GDIPFONTCACHEV1.DAT
2012-06-04 07:49 - 2011-10-15 11:54 - 00000000 ____D C:\Users\Vadim\AppData\Local\Windows Live Writer
2012-06-04 01:19 - 2012-06-04 01:19 - 00000000 ____D C:\Users\Vadim\AppData\Local\{65033008-57D4-4952-9B41-9398EFD83873}
2012-06-04 01:19 - 2012-06-04 01:18 - 00000000 ____D C:\Users\Vadim\AppData\Local\{48E85986-CA41-4219-AE3A-E5A3FEF15703}
2012-06-03 02:26 - 2012-06-03 02:26 - 00000000 ____D C:\Users\Vadim\AppData\Local\{3C632132-18F6-49F7-8C2A-671395B6D3E0}
2012-06-03 02:26 - 2012-06-03 02:25 - 00000000 ____D C:\Users\Vadim\AppData\Local\{D7D3249C-52F4-4D92-8EFF-528479192480}
2012-06-02 13:12 - 2011-10-15 13:35 - 00000000 ____D C:\Users\Vadim\AppData\Roaming\Skype
2012-06-02 06:54 - 2012-06-02 06:53 - 00000000 ____D C:\Users\Vadim\AppData\Local\{4ABE18D7-E608-4E4E-9CBC-AA5AEC07198F}
2012-06-02 06:53 - 2012-06-02 06:53 - 00000000 ____D C:\Users\Vadim\AppData\Local\{41DB8CA4-3027-4EC4-BC95-3A1285F30984}
2012-06-02 03:31 - 2012-06-02 03:31 - 00000000 ____D C:\Users\Vadim\AppData\Local\{B2AFE98F-C872-41A5-A3C2-D1B743E2BF6F}
2012-06-01 04:10 - 2012-06-01 04:05 - 00000000 ____D C:\GEXn-Backup
2012-06-01 04:05 - 2011-10-15 12:32 - 00000000 ____D C:\Program Files (x86)\Microsoft Games
2012-06-01 03:15 - 2012-06-01 03:13 - 00000000 ____D C:\Users\Vadim\Desktop\GEX Europe 2.0
2012-06-01 03:09 - 2012-06-01 03:09 - 00000000 ____D C:\Users\Vadim\AppData\Local\{C6A650F6-B710-41F1-99AE-F7196C69E268}
2012-06-01 03:09 - 2012-06-01 03:08 - 00000000 ____D C:\Users\Vadim\AppData\Local\{747E07DD-0C9F-4FF8-9B08-2C15B6A87363}
2012-06-01 03:03 - 2012-06-01 03:02 - 00000000 ____D C:\Users\Vadim\Desktop\Fsx Add-ons
2012-06-01 03:00 - 2009-07-13 21:08 - 00032550 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-05-31 01:38 - 2012-05-31 01:38 - 00000000 ____D C:\Users\Vadim\AppData\Local\{EF9B907D-6DD1-4BDC-A75A-1B20CFC9BFB3}
2012-05-31 01:37 - 2012-05-31 01:37 - 00000000 ____D C:\Users\Vadim\AppData\Local\{8AC6F831-545B-4015-BE26-399DD0FDA88B}
2012-05-31 01:34 - 2010-11-20 19:47 - 00052642 ____A C:\Windows\PFRO.log
2012-05-30 06:34 - 2012-05-30 06:29 - 00000000 ____D C:\Users\Public\Documents\Saitek SD6 Profiles
2012-05-30 06:26 - 2012-05-30 06:26 - 00000000 ____D C:\Users\All Users\Saitek
2012-05-30 06:26 - 2009-07-13 19:20 - 00000000 ___HD C:\ProgramData
2012-05-30 06:25 - 2012-05-30 06:25 - 00000000 ____D C:\Program Files\Saitek
2012-05-30 06:19 - 2012-05-30 06:19 - 00000000 ____D C:\Users\Vadim\AppData\Roaming\InstallShield
2012-05-30 05:42 - 2012-05-30 05:42 - 00000000 ____D C:\Users\Vadim\AppData\Local\{F5230B93-698E-427E-8438-E051B9919065}
2012-05-30 05:42 - 2012-05-30 05:42 - 00000000 ____D C:\Users\Vadim\AppData\Local\{1C147706-D119-4718-88BB-80881E16B2F4}
2012-05-29 03:36 - 2012-05-29 03:36 - 00000000 ____D C:\Users\Vadim\AppData\Local\{14C16B67-2B2D-4664-AECF-3F72116C89E6}
2012-05-29 03:36 - 2012-05-29 03:35 - 00000000 ____D C:\Users\Vadim\AppData\Local\{2B7671BF-4FD7-430E-A938-D585D5D20F13}
2012-05-28 01:16 - 2012-05-28 01:16 - 00000000 ____D C:\Users\Vadim\AppData\Local\{46CA8A63-C145-41AA-8D0C-D1A651DA58B4}
2012-05-28 01:16 - 2012-05-28 01:16 - 00000000 ____D C:\Users\Vadim\AppData\Local\{0A2257AB-3D60-4429-AB09-51BDAE7A3E75}
2012-05-28 01:16 - 2012-05-28 01:15 - 00000000 ____D C:\Users\Vadim\AppData\Local\{5D058763-272F-43B3-BFD1-75C2A85B9987}
2012-05-27 13:18 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\LiveKernelReports
2012-05-27 08:07 - 2011-10-23 12:35 - 00000000 ____D C:\Users\All Users\Adobe
2012-05-27 08:06 - 2011-10-23 12:35 - 00000000 ____D C:\Users\Vadim\AppData\Local\Adobe
2012-05-27 08:06 - 2011-10-15 10:30 - 00000000 ____D C:\Users\Vadim\AppData\Roaming\Adobe
2012-05-27 06:33 - 2012-05-27 06:33 - 00000000 ____D C:\Users\Vadim\AppData\Local\{3B4EB2A7-068A-44CB-B7F4-B9E0528C379F}
2012-05-27 06:33 - 2012-05-27 06:33 - 00000000 ____D C:\Users\Vadim\AppData\Local\{302E94BC-0379-4231-BDD0-B5C954971F5C}
2012-05-26 08:36 - 2012-05-26 08:36 - 00000000 ____D C:\Users\Vadim\AppData\Local\{9D4FA9BE-5408-4E7E-B578-B9A07FF9E5BA}
2012-05-26 08:36 - 2012-05-26 08:36 - 00000000 ____D C:\Users\Vadim\AppData\Local\{93C4AB5C-EF80-4994-B8C5-12C1AD8D242F}
2012-05-23 09:27 - 2012-05-23 09:27 - 00000000 ____D C:\Users\Vadim\AppData\Local\{50F86471-7630-49E5-A1DD-8D9875F97B5E}
2012-05-23 09:27 - 2012-05-23 09:27 - 00000000 ____D C:\Users\Vadim\AppData\Local\{480DF89F-442A-4C44-831D-FCB4C9E06C8B}
2012-05-21 08:22 - 2011-10-15 11:51 - 00000000 ____D C:\Program Files (x86)\uTorrent
2012-05-21 08:13 - 2012-05-21 08:13 - 00000000 ____D C:\Users\Vadim\AppData\Local\{E22E8107-2310-4715-9083-311FE833C639}
2012-05-21 08:13 - 2012-05-21 08:13 - 00000000 ____D C:\Users\Vadim\AppData\Local\{384CFCAD-F354-49D5-9E72-6444905D2C51}
2012-05-17 18:47 - 2012-06-17 09:23 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-05-17 18:16 - 2012-06-17 09:23 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-05-17 18:06 - 2012-06-17 09:23 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-05-17 17:59 - 2012-06-17 09:23 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-05-17 17:59 - 2012-06-17 09:23 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-05-17 17:58 - 2012-06-17 09:23 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-05-17 17:58 - 2012-06-17 09:23 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-05-17 17:56 - 2012-06-17 09:23 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-05-17 17:55 - 2012-06-17 09:23 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-05-17 17:55 - 2012-06-17 09:23 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-05-17 17:54 - 2012-06-17 09:23 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-05-17 17:51 - 2012-06-17 09:23 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-05-17 17:51 - 2012-06-17 09:23 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-05-17 17:47 - 2012-06-17 09:23 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-05-17 15:11 - 2012-06-17 09:23 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-05-17 14:48 - 2012-06-17 09:23 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-05-17 14:45 - 2012-06-17 09:23 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-05-17 14:36 - 2012-06-17 09:23 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-05-17 14:35 - 2012-06-17 09:23 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-05-17 14:35 - 2012-06-17 09:23 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-05-17 14:33 - 2012-06-17 09:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-05-17 14:31 - 2012-06-17 09:23 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-05-17 14:29 - 2012-06-17 09:23 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-05-17 14:29 - 2012-06-17 09:23 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-05-17 14:27 - 2012-06-17 09:23 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-05-17 14:25 - 2012-06-17 09:23 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-05-17 14:24 - 2012-06-17 09:23 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-05-17 14:20 - 2012-06-17 09:23 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-05-17 06:09 - 2012-05-17 06:09 - 00000000 ____D C:\Users\Vadim\AppData\Local\{A1D2EE3E-D52A-4BD4-8A20-C7279907C9B1}
2012-05-17 06:09 - 2012-05-17 06:08 - 00000000 ____D C:\Users\Vadim\AppData\Local\{7DC11C36-F219-4118-BD90-826C8D34F9C5}
2012-05-16 11:23 - 2012-05-16 11:22 - 00000000 ____D C:\Users\Vadim\AppData\Local\Facebook
2012-05-16 03:49 - 2012-05-16 03:49 - 00000000 ____D C:\Users\Vadim\AppData\Local\{B933533D-FB71-4FC2-BC37-500F2FA3F573}
2012-05-16 03:49 - 2012-05-16 03:49 - 00000000 ____D C:\Users\Vadim\AppData\Local\{ADE70B16-D950-41AD-B10D-AA2DABB76AD3}
2012-05-15 10:20 - 2012-05-15 10:20 - 00000000 ____D C:\Users\Vadim\AppData\Local\{65CE2379-79F0-4366-94A1-41190439A08A}
2012-05-15 10:20 - 2012-05-15 10:19 - 00000000 ____D C:\Users\Vadim\AppData\Local\{8EDCB01A-5CE8-4D51-903A-AB91D5ADABE2}
2012-05-14 17:32 - 2012-06-17 09:15 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-14 06:14 - 2012-05-14 06:14 - 00000000 ____D C:\Users\Vadim\AppData\Local\{A7FE15E9-D3C0-46E2-998D-A061C782E03D}
2012-05-14 06:14 - 2012-05-14 06:14 - 00000000 ____D C:\Users\Vadim\AppData\Local\{092D12EC-355A-4050-92F3-F61EDEC67FC2}
2012-05-14 03:38 - 2011-10-15 11:54 - 00000000 ____D C:\Users\All Users\DAEMON Tools Lite
2012-05-14 03:35 - 2012-05-14 03:34 - 00283200 ____A (DT Soft Ltd) C:\Windows\System32\Drivers\dtsoftbus01.sys
2012-05-14 03:34 - 2012-05-14 03:34 - 00000000 ____D C:\Program Files (x86)\DAEMON Tools Lite
2012-05-13 01:28 - 2011-10-15 11:56 - 00000000 ____D C:\Program Files (x86)\JDownloader
2012-05-13 00:55 - 2012-05-13 00:55 - 00000000 ____D C:\Users\Vadim\AppData\Local\{02FC73C7-0EB9-4A65-ADB5-7774A4F34BA4}
2012-05-13 00:55 - 2012-05-13 00:54 - 00000000 ____D C:\Users\Vadim\AppData\Local\{8ABDBAA4-9494-40A8-B849-F46C5BACEB66}
2012-05-12 16:49 - 2011-10-15 10:47 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-05-12 13:35 - 2010-11-20 23:16 - 00000000 ____D C:\Program Files\Windows Journal
2012-05-12 05:57 - 2012-05-12 05:57 - 00000000 ____D C:\Users\Vadim\AppData\Local\{4E69222C-999B-4470-AFD4-01F08D0C6C9A}
2012-05-12 05:57 - 2012-05-12 05:57 - 00000000 ____D C:\Users\Vadim\AppData\Local\{0F7433D3-57F2-448A-BECE-EC69897E9E3D}
2012-05-04 03:06 - 2012-06-17 09:15 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-04 02:03 - 2012-06-17 09:15 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-04 02:03 - 2012-06-17 09:15 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-05-03 06:18 - 2012-05-03 06:18 - 00000000 ____D C:\Users\Vadim\AppData\Local\{3BA02FA6-361E-48B1-B5D0-4C533CF54465}
2012-05-03 06:18 - 2012-05-03 06:18 - 00000000 ____D C:\Users\Vadim\AppData\Local\{0D4B1BF4-49F9-44D4-B85E-B598E3633CD6}
2012-04-30 21:40 - 2012-06-17 09:15 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-04-30 01:52 - 2012-04-30 01:52 - 00000000 ____D C:\Windows\el
2012-04-30 01:51 - 2012-04-30 01:51 - 00000000 ____D C:\Windows\en
2012-04-30 01:49 - 2012-04-30 01:49 - 00000000 ____D C:\Program Files\Windows Live
2012-04-30 01:49 - 2011-10-15 10:49 - 00000000 ____D C:\Program Files (x86)\Windows Live
2012-04-30 01:45 - 2012-04-30 01:45 - 00000000 ____D C:\Users\Vadim\AppData\Local\{D9AC0B6C-BE9A-4ED5-8152-DDE4B627DA0E}
2012-04-30 01:45 - 2012-04-30 01:45 - 00000000 ____D C:\Users\Vadim\AppData\Local\{18E78E1C-4CF2-4F0B-8CF3-08287A54A512}
2012-04-30 01:45 - 2012-04-30 01:44 - 00000000 ____D C:\Users\Vadim\AppData\Local\{3DE69062-6CA1-4D03-8181-9E67B75D9670}
2012-04-30 01:44 - 2012-04-30 01:44 - 00000000 ____D C:\Users\Vadim\AppData\Local\{46D3339E-8D09-4884-961D-F26121E3BC11}
2012-04-28 18:39 - 2012-04-28 18:39 - 00000000 ____D C:\Users\Vadim\AppData\Local\{F85C6F6A-800D-40F1-B59C-B89F9E9DD28E}
2012-04-28 18:39 - 2012-04-28 18:39 - 00000000 ____D C:\Users\Vadim\AppData\Local\{189F6A89-D391-46C8-843A-8C5E658C005B}
2012-04-28 10:01 - 2012-04-28 10:01 - 00000000 ____D C:\Users\Vadim\AppData\Local\{577EC296-7ACA-4A91-8CD3-97D0396734BC}
2012-04-28 10:01 - 2012-04-28 10:01 - 00000000 ____D C:\Users\Vadim\AppData\Local\{33603BF0-D872-4A54-BCFE-54BC8E680728}
2012-04-27 21:32 - 2012-06-17 09:15 - 01112064 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll
2012-04-27 19:55 - 2012-06-17 09:15 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-25 21:41 - 2012-06-17 09:15 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-04-25 21:41 - 2012-06-17 09:15 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-04-25 21:34 - 2012-06-17 09:15 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-04-23 21:37 - 2012-06-17 09:15 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-04-23 21:37 - 2012-06-17 09:15 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-04-23 21:37 - 2012-06-17 09:15 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-04-23 20:36 - 2012-06-17 09:15 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-04-23 20:36 - 2012-06-17 09:15 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-04-23 20:36 - 2012-06-17 09:15 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-04-19 08:04 - 2009-07-13 18:34 - 00000478 ____A C:\Windows\win.ini
2012-04-19 05:47 - 2012-04-19 05:47 - 00000000 ____D C:\Users\Vadim\AppData\Local\{957C8FCE-99CE-432C-9DC9-5C3670012883}
2012-04-07 04:31 - 2012-06-17 09:15 - 03216384 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
2012-04-07 03:26 - 2012-06-17 09:15 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2012-04-06 00:26 - 2012-04-06 00:26 - 00000000 ____D C:\Fraps
2012-04-05 23:30 - 2012-04-05 23:30 - 00000000 ____D C:\Users\Vadim\Documents\Games for Windows - LIVE Demos
2012-04-05 23:02 - 2012-04-05 23:02 - 00000020 ___SH C:\Users\UpdatusUser\ntuser.ini
2012-04-05 23:02 - 2011-10-15 11:25 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2012-04-05 23:02 - 2011-10-15 11:25 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2012-04-05 23:02 - 2009-07-13 19:20 - 00000000 ___RD C:\Users
2012-04-05 23:01 - 2011-10-25 03:45 - 00000000 ____D C:\NVIDIA
2012-04-04 03:43 - 2012-04-04 03:43 - 00000000 ____D C:\Users\Vadim\AppData\Local\{DE23D538-02C8-47FB-821D-DAE2C6933710}
2012-04-03 08:46 - 2012-04-02 07:56 - 00483461 ____A C:\Users\Vadim\Desktop\??e??? p???ap?as?asµ?? t??a?taf??????.docx
2012-04-03 02:22 - 2012-04-03 02:21 - 00000000 ____D C:\Users\Vadim\AppData\Local\{14CF0A68-AA5C-458B-BD9A-249A538695C6}
2012-04-02 07:57 - 2012-04-02 07:57 - 00000000 ____D C:\Users\Vadim\AppData\Local\{EF4CA32C-784A-447D-BCBF-FAD408EA287A}
2012-04-02 07:56 - 2012-04-02 07:55 - 00445114 ____A C:\Users\Vadim\Desktop\???f?sd?fsf.docx
2012-04-02 05:30 - 2012-04-02 05:30 - 00424392 ____A C:\Users\Vadim\Desktop\?.docx
2012-04-01 06:01 - 2012-03-22 03:31 - 00691896 ____A (BitDefender) C:\Windows\System32\Drivers\avc3.sys
2012-04-01 05:33 - 2012-04-01 05:33 - 00000000 ____D C:\Users\Vadim\AppData\Local\{75A9ADD4-078A-4B66-920A-0C891B37024A}
2012-03-30 03:35 - 2012-05-12 06:23 - 01918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-03-29 09:54 - 2012-03-29 09:51 - 00000000 ____D C:\Users\Vadim\Documents\ShipSimExtremes Userdata
2012-03-29 09:51 - 2012-03-29 09:51 - 00000000 ____D C:\Users\Vadim\AppData\Roaming\Quest3D
2012-03-29 09:20 - 2012-03-29 09:20 - 00000000 ____D C:\Users\Vadim\AppData\Local\{CEF214A3-1C82-4943-B1DE-1198913BAFBB}
2012-03-27 11:00 - 2012-03-27 11:00 - 00000000 ____D C:\Users\Vadim\AppData\Local\{D120BE90-6274-40C1-B38F-5190C48DA6C1}
2012-03-27 11:00 - 2012-03-27 11:00 - 00000000 ____D C:\Users\Vadim\AppData\Local\{714371B4-448D-41B9-B1CC-DEE6032D5859}
2012-03-27 05:56 - 2011-10-15 11:10 - 00000000 ____D C:\Users\Vadim\Documents\??f???ta a??e?a
2012-03-26 00:47 - 2012-03-26 00:46 - 00000000 ____D C:\Users\Vadim\AppData\Local\{7C0E3CE7-601A-487C-A465-9F3BD83F6F1C}
2012-03-26 00:46 - 2012-03-26 00:46 - 00000000 ____D C:\Users\Vadim\AppData\Local\{C99DCA4F-4719-4140-AB07-DB74401DBE1C}
2012-03-24 11:55 - 2011-10-16 01:11 - 00000000 ____D C:\Users\Vadim\AppData\Roaming\Tunngle
2012-03-24 10:50 - 2011-10-16 01:11 - 00000000 ____D C:\Users\All Users\Tunngle
2012-03-24 02:25 - 2012-03-24 02:24 - 00000000 ____D C:\Users\Vadim\AppData\Local\{4C5354CB-15AD-4D17-99BB-1491933BDB4B}
2012-03-24 02:24 - 2012-03-24 02:24 - 00000000 ____D C:\Users\Vadim\AppData\Local\{CB769A2D-D274-454A-86EC-676BF89E2A7F}
2012-03-23 11:41 - 2012-03-23 11:40 - 00000000 ____D C:\Users\Vadim\AppData\Local\{7BB1D996-68DD-4C1E-8683-0BCE63AAC626}
2012-03-23 11:40 - 2012-03-23 11:40 - 00000000 ____D C:\Users\Vadim\AppData\Local\{C923B416-9131-4EC0-BF56-6687C0528E9E}
2012-03-22 23:43 - 2012-03-22 23:43 - 00000000 ____D C:\Users\Vadim\AppData\Local\2K Games
2012-03-22 23:39 - 2012-03-22 23:39 - 00000000 ____D C:\Users\Vadim\AppData\Local\{8AAD0110-CFF3-4BB6-BF0F-D995BA32E5AC}
2012-03-22 23:39 - 2012-03-22 23:39 - 00000000 ____D C:\Users\Vadim\AppData\Local\{73270C0C-C97B-47D3-879F-CD7DCCD19414}
2012-03-22 11:01 - 2011-10-29 10:08 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2012-03-22 07:33 - 2012-03-22 07:33 - 00000000 ____D C:\Users\All Users\BDLogging
2012-03-22 04:07 - 2012-03-22 04:07 - 00000000 ____D C:\Users\Vadim\AppData\Roaming\Xilisoft
2012-03-22 04:06 - 2009-07-13 18:34 - 00001084 ____A C:\Windows\System32\Drivers\etc\hosts
2012-03-22 04:05 - 2012-03-22 04:05 - 00726016 ____A (Igor Pavlov) C:\Windows\SysWOW64\7z.dll
2012-03-22 04:05 - 2012-03-22 04:05 - 00000000 ____D C:\Users\All Users\Xilisoft
2012-03-22 04:05 - 2012-03-22 04:05 - 00000000 ____D C:\Program Files (x86)\Xilisoft
2012-03-22 03:37 - 2011-10-16 09:47 - 00414368 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-03-22 03:31 - 2012-03-22 03:31 - 00079952 ____A (BitDefender SRL) C:\Windows\System32\Drivers\bdsandbox.sys
2012-03-22 03:30 - 2011-09-01 00:15 - 00545064 ____A (BitDefender) C:\Windows\System32\Drivers\avckf.sys
2012-03-22 03:24 - 2012-03-22 03:24 - 00000000 ____D C:\Users\Vadim\AppData\Local\{E068BE5B-C9A7-4E9D-BDF3-A296AEE5F6AD}
2012-03-22 03:24 - 2012-03-22 03:24 - 00000000 ____D C:\Users\Vadim\AppData\Local\{41955744-F79E-4033-87E2-D332F4A188C7}
2012-03-22 03:16 - 2012-03-22 03:16 - 00000000 ____D C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
2012-03-22 02:18 - 2012-03-22 02:18 - 00000000 ____D C:\Users\Vadim\AppData\Local\Logitech® Webcam Software
2012-03-22 02:15 - 2012-03-22 02:15 - 00000000 ____D C:\Users\All Users\LogiShrd
2012-03-22 02:14 - 2012-03-22 02:14 - 00000000 ____D C:\Users\Vadim\AppData\Roaming\Leadertech
2012-03-22 02:14 - 2012-03-22 02:13 - 00004168 ____A C:\Windows\LDPINST.LOG
2012-03-22 02:14 - 2012-03-22 02:13 - 00000000 ____D C:\Program Files (x86)\Logitech
2012-03-22 02:14 - 2012-03-21 06:08 - 00011486 ____A C:\Windows\System32\lvcoinst.log
2012-03-22 02:14 - 2012-03-21 06:08 - 00000000 ____D C:\Program Files\Common Files\logishrd
2012-03-22 02:13 - 2012-03-22 02:13 - 00000000 ____D C:\Users\All Users\Logitech
2012-03-21 08:20 - 2012-03-21 08:20 - 00000000 __SHD C:\Users\All Users\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2012-03-21 08:19 - 2012-03-21 08:19 - 00000000 ____D C:\Users\Vadim\Desktop\Xilisoft Video Converter Ultimate 7.1.0.20120222
2012-03-21 08:19 - 2012-03-21 08:18 - 00000000 ____D C:\Users\Vadim\Desktop\Tune Up Utilities 2012
2012-03-21 06:04 - 2011-10-15 13:35 - 00000000 ___RD C:\Program Files (x86)\Skype
2012-03-21 06:04 - 2011-10-15 12:38 - 00000000 ____D C:\Users\All Users\Skype
2012-03-21 06:02 - 2012-03-21 06:02 - 00157472 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
2012-03-21 06:02 - 2012-03-21 06:02 - 00149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
2012-03-21 06:02 - 2012-03-21 06:02 - 00149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
2012-03-21 06:02 - 2012-03-21 06:02 - 00000000 ____D C:\Program Files (x86)\Java
2012-03-21 06:02 - 2011-10-16 01:10 - 00000000 ____D C:\Program Files (x86)\Tunngle
2012-03-21 06:02 - 2011-10-15 11:58 - 00472808 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\deployJava1.dll
2012-03-21 05:58 - 2012-03-21 05:57 - 00000000 ____D C:\Users\Vadim\AppData\Local\{823ABFF7-F0A1-43F0-A348-322C4055EA2D}
2012-03-21 05:57 - 2012-03-21 05:57 - 00000000 ____D C:\Users\Vadim\AppData\Local\{27C95E16-6432-48EE-B306-BF44A4599A40}
2012-03-21 05:51 - 2012-03-21 05:51 - 00000000 ____D C:\Program Files (x86)\Realtek
2012-03-21 05:50 - 2012-03-21 05:50 - 00000010 ____A C:\Windows\GSetup.ini
2012-03-21 05:48 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF

ZeroAccess:
C:\Windows\Installer\{5d04a224-65f0-722b-c10e-35d2efedea4d}
C:\Windows\Installer\{5d04a224-65f0-722b-c10e-35d2efedea4d}\@
C:\Windows\Installer\{5d04a224-65f0-722b-c10e-35d2efedea4d}\L
C:\Windows\Installer\{5d04a224-65f0-722b-c10e-35d2efedea4d}\n
C:\Windows\Installer\{5d04a224-65f0-722b-c10e-35d2efedea4d}\U

ZeroAccess:
C:\Users\Vadim\AppData\Local\{5d04a224-65f0-722b-c10e-35d2efedea4d}
C:\Users\Vadim\AppData\Local\{5d04a224-65f0-722b-c10e-35d2efedea4d}\@
C:\Users\Vadim\AppData\Local\{5d04a224-65f0-722b-c10e-35d2efedea4d}\L
C:\Users\Vadim\AppData\Local\{5d04a224-65f0-722b-c10e-35d2efedea4d}\U

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 14%
Total physical RAM: 4079.12 MB
Available physical RAM: 3502.51 MB
Total Pagefile: 4077.32 MB
Available Pagefile: 3486.14 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:232.88 GB) (Free:4.14 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (???e?a) (Fixed) (Total:596.17 GB) (Free:365.81 GB) NTFS
5 Drive g: (FOTINI) (Removable) (Total:1.92 GB) (Free:1.92 GB) FAT32
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 596 GB 1024 KB
Disk 1 Online 232 GB 8 MB *
Disk 2 Online 1968 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 596 GB 1024 KB

======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 D ΰ??ξ?ΰ NTFS Partition 596 GB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Dynamic Data 232 GB 31 KB
Partition 2 Dynamic Data 8 MB 232 GB

======================================================================================================

Disk: 1
Partition 1
Type : 42
Hidden: Yes
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 0 C NTFS Simple 232 GB Healthy

======================================================================================================

Disk: 1
Partition 2
Type : 42
Hidden: Yes
Active: No

There is no volume associated with this partition.

======================================================================================================

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1967 MB 31 KB

======================================================================================================

Disk: 2
Partition 1
Type : 0B
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G FOTINI FAT32 Removable 1967 MB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-06-09 04:42

======================= End Of Log ==========================

#3 tutankhamon

tutankhamon
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:30 AM

Posted 18 June 2012 - 06:44 AM

Plus "services.exe" if helpfull :) Thank you in advance whoever helps me!

Farbar Recovery Scan Tool Version: 17-06-2012 04
Ran by SYSTEM at 2012-06-18 14:29:21
Running from G:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06

====== End Of Search ======

#4 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:06:30 PM

Posted 18 June 2012 - 08:37 AM

Hi tutankhamon,


:welcome: to Bleeping Computer.

My name is Jason and I'll be helping you with your computer problems. You can call me by my screename jntkwx or Jason is fine.

Some things to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please do not attach logs or put logs in code boxes (unless explicitly asked to)
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can also help.
  • Do not run anything while running a fix.
  • If you don't understand a step, please ask for clarification before continuing with any future steps.

Click on the Watch Topic button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

 

Posted Image One or more of the identified infections is a backdoor trojan and password stealer.

This type of infection allows hackers to access and remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.
If you do any banking or other financial transactions on the PC or if it contains any other sensitive information, then from a clean computer, change all passwords where applicable.
It would also be wise to contact those same financial institutions to appraise them of your situation.


I highly suggest you take a look at the two links provided below:
1. How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?
2. When should I re-format? How should I reinstall?

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.


Let me look over your logs and I'll get back to you shortly.
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#5 tutankhamon

tutankhamon
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:30 AM

Posted 18 June 2012 - 08:46 AM

Hi Jason

Thank you for your quick response to my problem... i hope i won't have to format :)

Looking forward for a possible solution.

#6 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:06:30 PM

Posted 18 June 2012 - 08:59 AM

tutankhamon,

Including the services.exe search was very helpful, because I would have asked for it anyway! :)

Please open notepad, and copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. If you can't do this on the infected computer, you can do it on a clean computer. Save it on the flashdrive as fixlist.txt

C:\Windows\Installer\{5d04a224-65f0-722b-c10e-35d2efedea4d}
C:\Users\Vadim\AppData\Local\{5d04a224-65f0-722b-c10e-35d2efedea4d}
3 gdrv; \??\C:\Windows\gdrv.sys
3 netr28x; C:\Windows\System32\DRIVERS\netr28x.sys
0 TfFsMon; C:\Windows\System32\drivers\TfFsMon.sys
3 TfNetMon; \??\C:\Windows\system32\drivers\TfNetMon.sys
0 TFSysMon; C:\Windows\System32\drivers\TfSysMon.sys
3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys
NETSVCx32: Mcx2Svc -> C:\Windows\SysWOW64\Mcx2Svc.dll
Replace: C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe C:\Windows\System32\services.exe

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Please enter System Recovery Options, as you did previously.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt), please post it to your reply.
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#7 tutankhamon

tutankhamon
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:30 AM

Posted 18 June 2012 - 09:06 AM

I'm glad services.exe was there then...

here's the results of the fixlog..

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 17-06-2012 04
Ran by SYSTEM at 2012-06-18 17:03:42 Run:1
Running from G:\

==============================================

C:\Windows\Installer\{5d04a224-65f0-722b-c10e-35d2efedea4d} moved successfully.
C:\Users\Vadim\AppData\Local\{5d04a224-65f0-722b-c10e-35d2efedea4d} moved successfully.
gdrv service deleted successfully.
netr28x service deleted successfully.
TfFsMon service deleted successfully.
TfNetMon service deleted successfully.
TFSysMon service deleted successfully.
VGPU service deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs Mcx2Svc Deleted successfully.
C:\Windows\System32\services.exe moved successfully.
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe

==== End of Fixlog ====

i didn't try to start the pc again i just shut it down until you tell me what to do.

#8 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:06:30 PM

Posted 18 June 2012 - 09:10 AM

tutankhamon,

Go ahead and start your computer normally. We've gotten rid of most of the infection.

:step1: Combofix

Please download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. If you do not know how to do this you can find out >here< or >here<
3. Double click on combofix.exe & follow the prompts.

Important:
  • Do not mouseclick combofix's window while it's running. That may cause it to stall.
  • If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

:step2: FSS
Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:

    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


In your next reply, please include:
  • Combofix log
  • FSS log
  • How is your computer running now? Please be as descriptive as possible. Include any word-for-word error messages that you may have, and/or screenshots of strange behavior.

Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#9 tutankhamon

tutankhamon
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:30 AM

Posted 18 June 2012 - 10:06 AM

Combofix log:


ComboFix 12-06-16.02 - Vadim 18/06/2012 17:37:30.1.8 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1253.30.1033.18.4079.2449 [GMT 3:00]
Running from: i:\λήψεις\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\1318715593.bdinstall.bin
c:\programdata\1319366135.bdinstall.bin
c:\programdata\1319397867.1472.bin
c:\programdata\1319397867.1488.bin
c:\programdata\1319397867.1624.bin
c:\programdata\1319397867.2608.bin
c:\programdata\1319397867.3836.bin
c:\programdata\1319397867.4692.bin
c:\programdata\1319397867.4708.bin
c:\programdata\1319397867.5384.bin
c:\programdata\1319397867.5848.bin
c:\programdata\1319398524.bdinstall.bin
c:\programdata\1340029440.bdinstall.bin
c:\users\Vadim\AppData\Roaming\Roaming
c:\users\Vadim\AppData\Roaming\Roaming\Quest3D\ShipSimExtreme\channels.lst
c:\windows\SysWow64\tmp3755.tmp
c:\windows\SysWow64\tmp3766.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-05-18 to 2012-06-18 )))))))))))))))))))))))))))))))
.
.
2012-06-18 21:50 . 2012-06-18 21:51 -------- d-----w- C:\FRST
2012-06-18 14:33 . 2012-06-18 14:33 -------- d-----w- c:\windows\LastGood.Tmp
2012-06-18 14:27 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{547A8B67-5787-4938-A505-EFBA21711D78}\mpengine.dll
2012-06-18 14:25 . 2012-06-18 14:25 -------- d-----w- c:\program files\Bitdefender
2012-06-18 11:26 . 2012-06-18 11:26 -------- d-----w- c:\users\Vadim\AppData\Roaming\Malwarebytes
2012-06-18 11:26 . 2012-06-18 11:26 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-18 11:26 . 2012-06-18 11:26 -------- d-----w- c:\programdata\Malwarebytes
2012-06-18 11:26 . 2012-04-04 12:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-18 10:10 . 2012-06-18 10:10 0 ----a-w- c:\windows\system32\bdaDD20.tmp
2012-06-18 09:57 . 2012-06-18 09:57 34080 ----a-w- c:\windows\system32\bdaDF33.tmp
2012-06-18 09:42 . 2012-06-18 09:41 927800 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0579629A-FF7C-43C0-8735-9F9298254DF9}\gapaengine.dll
2012-06-18 09:41 . 2012-05-08 07:02 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F6070718-779E-4BB3-8914-4C47114A4339}\mpengine.dll
2012-06-18 09:40 . 2012-06-18 09:40 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-06-18 09:39 . 2012-06-18 09:40 -------- d-----w- c:\program files\Microsoft Security Client
2012-06-17 17:15 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-06-13 13:42 . 2012-06-13 13:49 -------- d-----w- c:\program files (x86)\Real Environment Xtreme Essential
2012-06-06 15:17 . 2012-06-06 15:17 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-06-06 07:03 . 2012-06-06 07:03 1958912 ----a-w- c:\windows\SysWow64\mprdin.dll
2012-06-01 12:05 . 2012-06-01 12:10 -------- d-----w- C:\GEXn-Backup
2012-06-01 11:39 . 2012-06-01 11:44 514517 ----a-w- c:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\UninstalEurope.exe
2012-05-30 14:32 . 2011-09-08 20:51 28672 ----a-w- c:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\Aerosoft\Corfu X\scenery\Corfu X Manager.exe
2012-05-30 14:31 . 2011-09-14 06:22 552448 ----a-w- c:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\Aerosoft\Corfu X\Corfu X Manager.exe
2012-05-30 14:26 . 2012-05-30 14:26 -------- d-----w- c:\programdata\Saitek
2012-05-30 14:25 . 2012-05-30 14:25 -------- d-----w- c:\program files\Saitek
2012-05-30 14:24 . 2008-10-22 08:40 69160 ----a-w- c:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\SimObjects\Airplanes\Aerosoft F-16C Clean\Panel\SCControl.dll
2012-05-30 14:24 . 2008-10-22 08:40 69160 ----a-w- c:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\SimObjects\Airplanes\Aerosoft F-16A 9\Panel\SCControl.dll
2012-05-30 14:19 . 2012-05-30 14:19 -------- d-----w- c:\users\Vadim\AppData\Roaming\InstallShield
2012-05-30 13:31 . 2010-09-02 15:13 108544 ----a-w- c:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\SimObjects\Airplanes\Aerosoft Airbus X A321 CFM\Panel\ASC.DLL
2012-05-30 13:31 . 2010-08-27 07:42 134696 ----a-w- c:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\SimObjects\Airplanes\Aerosoft Airbus X A321 CFM\Panel\ASFADEC.dll
2012-05-30 13:31 . 2010-09-02 15:13 108544 ----a-w- c:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\SimObjects\Airplanes\Aerosoft Airbus X A320 IAE\Panel\ASC.DLL
2012-05-30 13:31 . 2010-08-27 07:42 134696 ----a-w- c:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\SimObjects\Airplanes\Aerosoft Airbus X A320 IAE\Panel\ASFADEC.dll
2012-05-30 13:30 . 2010-09-02 15:13 108544 ----a-w- c:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\SimObjects\Airplanes\Aerosoft Airbus X A321 IAE\Panel\ASC.DLL
2012-05-30 13:30 . 2010-09-02 15:13 108544 ----a-w- c:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\SimObjects\Airplanes\Aerosoft Airbus X A320 CFM\Panel\ASC.DLL
2012-05-30 13:30 . 2010-08-27 07:42 134696 ----a-w- c:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\SimObjects\Airplanes\Aerosoft Airbus X A321 IAE\Panel\ASFADEC.dll
2012-05-30 13:30 . 2010-08-27 07:42 134696 ----a-w- c:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\SimObjects\Airplanes\Aerosoft Airbus X A320 CFM\Panel\ASFADEC.dll
2012-05-30 13:30 . 2010-09-13 12:42 221184 ----a-w- c:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\Aerosoft\Airbus X\AirbusXConnect.exe
2012-05-27 15:18 . 2012-05-27 16:00 854904 ----a-w- c:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\unins000.exe
2012-05-26 16:05 . 2010-09-02 03:00 254504 ----a-w- c:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\Modules\GPSModule.dll
2012-05-26 15:55 . 2011-12-26 16:18 104960 ----a-w- c:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\SimObjects\Airplanes\Aerosoft OV-10B\Panel\ASC.dll
2012-05-26 15:55 . 2011-12-26 16:18 104960 ----a-w- c:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\SimObjects\Airplanes\Aerosoft OV-10A - TRAINING MARINE\Panel\ASC.dll
2012-05-26 15:55 . 2011-12-26 16:18 104960 ----a-w- c:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\SimObjects\Airplanes\Aerosoft OV-10A - TRAINING AIRFORCE\Panel\ASC.dll
2012-05-26 15:54 . 2011-12-26 16:18 104960 ----a-w- c:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\SimObjects\Airplanes\Aerosoft OV-10A - LONG RANGE FERRY\Panel\ASC.dll
2012-05-26 15:54 . 2011-12-26 16:18 104960 ----a-w- c:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\SimObjects\Airplanes\Aerosoft OV-10A - FAC\Panel\ASC.dll
2012-05-26 15:54 . 2011-12-26 16:18 104960 ----a-w- c:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\SimObjects\Airplanes\Aerosoft OV-10A - CLEAN\Panel\ASC.dll
2012-05-26 15:54 . 2011-12-26 16:18 104960 ----a-w- c:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\SimObjects\Airplanes\Aerosoft OV-10A - CAS\Panel\ASC.dll
2012-05-26 15:54 . 2011-12-26 16:18 104960 ----a-w- c:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\SimObjects\Airplanes\Aerosoft OV-10 CDF\Panel\ASC.dll
2012-05-26 15:54 . 2012-05-26 15:54 122005 ----a-w- c:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\VistaMare\ViMaCoreXUninstall.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-14 11:35 . 2012-05-14 11:34 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-03-30 11:35 . 2012-05-12 14:23 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-03-22 12:05 . 2012-03-22 12:05 726016 ----a-w- c:\windows\SysWow64\7z.dll
2012-03-22 11:37 . 2011-10-16 17:47 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-22 11:30 . 2011-09-01 08:15 545064 ----a-w- c:\windows\system32\drivers\avckf.sys
2012-03-22 10:14 . 2012-03-22 10:14 53248 ----a-r- c:\users\Vadim\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2012-03-21 14:02 . 2011-10-15 19:58 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-03-20 17:44 . 2012-03-20 17:44 98688 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-03-20 17:44 . 2012-03-20 17:44 203888 ----a-w- c:\windows\system32\drivers\MpFilter.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-05-21 880496]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872]
"Facebook Update"="c:\users\Vadim\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-05-16 137536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"WindowsLiveDeviceIntegrator"="c:\program files (x86)\Windows Live\Device Integrator\wldi.exe" [2010-09-24 245544]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"{90140000-0011-0000-0000-0000000FF1CE}"="c:\windows\system32\cmd.exe" [2010-11-21 302592]
"{90140000-001A-0409-0000-0000000FF1CE}"="c:\windows\system32\cmd.exe" [2010-11-21 302592]
"{90140000-001A-0408-0000-0000000FF1CE}"="c:\windows\system32\cmd.exe" [2010-11-21 302592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 athur;Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 etdrv;etdrv;c:\windows\etdrv.sys [2011-11-08 25640]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2011-11-08 30528]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [x]
R3 netr7364;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr7364.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Επιθεώρηση δικτύου της Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 SaiH0461;SaiH0461;c:\windows\system32\DRIVERS\SaiH0461.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-03-01 2348352]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-29 382272]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-11-03 2358656]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-03-19 2666880]
S3 CompFilter64;UVCCompositeFilter;c:\windows\system32\DRIVERS\lvbflt64.sys [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
S3 LVUVC64;Logitech HD Webcam C510(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-11 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2005625594-2423597577-296749431-1000Core.job
- c:\users\Vadim\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-05-16 19:22]
.
2012-06-13 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2005625594-2423597577-296749431-1000UA.job
- c:\users\Vadim\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-05-16 19:22]
.
2012-06-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2005625594-2423597577-296749431-1000Core.job
- c:\users\Vadim\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-15 18:17]
.
2012-06-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2005625594-2423597577-296749431-1000UA.job
- c:\users\Vadim\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-15 18:17]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"ProfilerU"="c:\program files\Saitek\SD6\Software\ProfilerU.exe" [2010-07-29 310272]
"SaiMfd"="c:\program files\Saitek\SD6\Software\SaiMfd.exe" [2010-07-29 158208]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.254
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\Vadim\AppData\Local\Temp\00586AC.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\SetId\Internal]
@Denied: (A 2) (LocalSystem)
"DEVICE2"="vcvIsaaxyAA="
"DATA2"="<settings accountStatus=\"4\" oldDevice=\"\" timeDiff=\"1106312873\" expireTime=\"1309830893\" productStatus=\"1\" obSize=\"0\" InstallSTD=\"1289332796\" isSubsc=\"0\" authStat_av=\"0\" version=\"14.1\" keyType=\"194\" prodId=\"3\" moduleId1=\"9\" moduleId2=\"0\" relType=\"1\" />"
.
[HKEY_USERS\S-1-5-21-2005625594-2423597577-296749431-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2005625594-2423597577-296749431-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-2005625594-2423597577-296749431-1000\Software\SecuROM\License information*]
"datasecu"=hex:0f,8c,66,ec,7a,45,56,e4,6e,5a,30,df,61,df,3e,97,e4,42,c2,a0,f6,
b3,44,18,2e,91,4b,af,2d,23,cf,b7,2a,e8,c1,5c,14,9b,f6,68,e2,31,92,54,b9,56,\
"rkeysecu"=hex:23,fd,4a,45,62,d2,5a,ab,aa,cd,32,03,3e,71,5d,7c
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\windows\SysWOW64\PnkBstrB.exe
.
**************************************************************************
.
Completion time: 2012-06-18 17:50:46 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-18 14:50
.
Pre-Run: 1.284.984.832 διαθέσιμα byte
Post-Run: 2.880.208.896 διαθέσιμα byte
.
- - End Of File - - 0012858342B8A28337ADF3DA4CAF194B


FSS log:

Farbar Service Scanner Version: 09-06-2012
Ran by Vadim (administrator) on 18-06-2012 at 17:55:44
Running from "I:\Λήψεις"
Microsoft Windows 7 Ultimate Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll
[2012-06-17 20:15] - [2012-04-24 08:37] - 0184320 ____A (Microsoft Corporation) 4F5414602E2544A4554D95517948B705

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

Jason,

When i started the computer it was still a bit slow so i restarted it. Second time it was a lot better but i didn't have internet. it said "no access to the internet" even though the router was fine. Then i run combofix and before log was created the computer restarted. It was then that firewall came back to life after a long time as well as the internet but it gave me the error "Illegal operation attempted on a registery key that has been marked for deletion." so i restarted the computer once again. in the end i executed FSS and until now no problems even though i'm not doing much right now.
Should i do anything else? I can't even start to thank you!!

p.s in the log some words are greek, that's why you might find it a bit weird.

Edited by tutankhamon, 18 June 2012 - 10:27 AM.


#10 tutankhamon

tutankhamon
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:30 AM

Posted 18 June 2012 - 11:41 AM

Jason,

Should i procceed with a virus scan?

Thank you once again!

#11 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:06:30 PM

Posted 18 June 2012 - 12:11 PM

tutankhamon,

I'd like us to rerun Malwarebytes:

Open Malwarebytes, click on the Update tab, and click the check for Updates button.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Full Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#12 tutankhamon

tutankhamon
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:30 AM

Posted 19 June 2012 - 09:40 AM

Hi again Jason,

I did the scan and no obvious malaware exists.

Here's the log file:


Malwarebytes Anti-Malware (Δοκιμαστική έκδοση) 1.61.0.1400
www.malwarebytes.org

Έκδοση βάσης δεδομένων: v2012.06.18.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Vadim :: VADIM-PC [διαχειριστής]

Προστασία: Απενεργοποιημένη

18/6/2012 8:29:17 μμ
mbam-log-2012-06-18 (20-29-17).txt

Τύπος σάρωσης: Πλήρης σάρωση
Ενεργοποιημένες επιλογές σάρωσης: Μνήμη | Εκκίνηση | Μητρώο | Σύστημα αρχείων | Ευρετική μέθοδος/Extra | Ευρετική μέθοδος/Shuriken | PUP | PUM
Απενεργοποιημένες επιλογές σάρωσης: P2P
Αντικείμενα που σαρώθηκαν: 471941
Χρόνος που έχει διανυθεί: 1 ώρα(ες), 10 λεπτό(ά), 23 δευτερόλεπτο(α)

Εντοπίστηκαν διεργασίες στη μνήμη: 0
(Δεν εντοπίστηκαν επιβλαβή αντικείμενα)

Εντοπίστηκαν στοιχεία στη μνήμη: 0
(Δεν εντοπίστηκαν επιβλαβή αντικείμενα)

Εντοπίστηκαν κλειδιά στο μητρώο: 0
(Δεν εντοπίστηκαν επιβλαβή αντικείμενα)

Εντοπίστηκαν τιμές στο μητρώο: 0
(Δεν εντοπίστηκαν επιβλαβή αντικείμενα)

Εντοπίστηκαν αντικείμενα δεδομένων στο μητρώο: 0
(Δεν εντοπίστηκαν επιβλαβή αντικείμενα)

Εντοπίστηκαν φάκελοι: 0
(Δεν εντοπίστηκαν επιβλαβή αντικείμενα)

Εντοπίστηκαν αρχεία: 6
C:\Program Files (x86)\Codemasters\DiRT 3\paul.dll (PUP.RiskwareTool.CK) -> Απομονώθηκε και διαγράφτηκε επιτυχώς. ----->ISOLATED AND DELETED
C:\Program Files (x86)\Codemasters\DiRT 3\SKIDROW.dll (Trojan.Downloader.H) -> Απομονώθηκε και διαγράφτηκε επιτυχώς. ----->ISOLATED AND DELETED
I:\Game Setups\Dirt 3\Dirt 3 Update 1\SKIDROW\paul.dll (PUP.RiskwareTool.CK) -> Απομονώθηκε και διαγράφτηκε επιτυχώς. ----->ISOLATED AND DELETED
I:\Game Setups\Dirt 3\Dirt 3 Update 1\SKIDROW\SKIDROW.dll (Trojan.Downloader.H) -> Απομονώθηκε και διαγράφτηκε επιτυχώς. ----->ISOLATED AND DELETED
I:\Program Setups\KeygenWinrar4_64bit\Keygen CORE\x64\CORE10k.EXE (Dont.Steal.Our.Software) -> Απομονώθηκε και διαγράφτηκε επιτυχώς. ----->ISOLATED AND DELETED
I:\Program Setups\KeygenWinrar4_64bit\Keygen CORE\x86\CORE10k.EXE (Dont.Steal.Our.Software) -> Απομονώθηκε και διαγράφτηκε επιτυχώς. ----->ISOLATED AND DELETED

(τέλος)

#13 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:06:30 PM

Posted 19 June 2012 - 09:46 AM

tutankhamon,

You are correct, no malware exists.

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image
      icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.


In your next reply, please include:
  • ESET log
  • How is your computer running now? Please be as descriptive as possible.

Edited by jntkwx, 21 June 2012 - 01:13 PM.

Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#14 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:06:30 PM

Posted 21 June 2012 - 01:13 PM

tutankhamon,

It has been two days since my last post. Do you still nee help?

If you do, please follow my previous instructions for running ESET. :thumbup2:
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#15 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:06:30 PM

Posted 23 June 2012 - 08:14 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users