Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Services.exe RootKit.0 Access (Kaspersky Alert) 800000cb.@


  • This topic is locked This topic is locked
2 replies to this topic

#1 methows

methows

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:12:57 PM

Posted 25 June 2012 - 09:29 AM

Hi guys, my name is Carlos, im from Brazil.

Im trying remove the Rootkit.0 Access.

Logs:

Results of screen317's Security Check version 0.99.42  
 Windows 7 Service Pack 1 x64 [color=red][b](UAC is disabled!)[/b][/color]  
 Internet Explorer 9  
[b][u]``````````````Antivirus/Firewall Check:``````````````[/b][/u] 
 [color=red][b]Windows Security Center service is not running! This report may not be accurate![/b][/color] 
 [size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size] 
[b][u]`````````Anti-malware/Other Utilities Check:`````````[/b][/u] 
 JavaFX 2.1.0    
 Java(TM) 7 Update 4  
 [color=red][b]Java version out of Date![/b][/color] 
 Adobe Reader X (10.1.3) 
 Mozilla Firefox (13.0.1) 
[b][u]````````Process Check: objlist.exe by Laurent````````[/b][/u]  
 Kaspersky Lab Kaspersky Anti-Virus 2011 avp.exe  
[b][u]`````````````````System Health check`````````````````[/b][/u] 
 Total Fragmentation on Drive C: = 
[b][u]````````````````````End of Log``````````````````````[/b][/u]

.
DDS (Ver_2011-08-26.01) - NTFSAMD64 
Internet Explorer: 9.0.8112.16421  BrowserJavaVersion: 10.4.1
Run by Kakashi at 11:12:05 on 2012-06-25
Microsoft Windows 7 Enterprise   6.1.7601.1.1252.55.1033.18.8089.5208 [GMT -3:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTSS.exe
C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe
C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe
C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe
C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
C:\Program Files (x86)\Razer\Razer Lycosa\razerhid.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
C:\Program Files (x86)\Razer\Razer Lycosa\razertra.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\ASUS\AI Suite II\USB 3.0 Boost\U3BoostSvr64.exe
C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\iPhone Simulator\pnSvc.exe
C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Windows\splwow64.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\HijackThis.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Kakashi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BVNX33ZH\setup_11.0.0.1245.x01_2012_06_25_14_43.exe
C:\Users\Kakashi\AppData\Local\Temp\RarSFX0\1793494.exe
C:\Users\Kakashi\AppData\Local\Temp\8242496\1793494.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Kakashi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0T2UXYPZ\Defogger.exe
C:\Windows\system32\conhost.exe
C:\Users\Kakashi\Desktop\SecurityCheck.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Users\Kakashi\AppData\Local\Temp\RarSFX1\SecurityCheck\Objlist.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com.br/
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\ievkbd.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [Razer Synapse] "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
mRun: [ASUS ShellProcess Execute] C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe
mRun: [ASUS AiChargerPlus Execute] C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Lycosa] "C:\Program Files (x86)\Razer\Razer Lycosa\razerhid.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [<NO NAME>] 
mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe"
mRunOnce: [GrpConv] grpconv -o
StartupFolder: C:\Users\Kakashi\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\_UNINS~1.LNK - C:\Users\Kakashi\AppData\Local\Temp\_uninst_75898040.bat
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: LocalAccountTokenFilterPolicy = 1 (0x1)
IE: E&xportar para o Microsoft Excel - C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{1B1E11C9-3020-4B8A-BDAA-86A4FF69F6B7} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{4DCD7164-11A3-4EAD-BC8F-3468C48394B3} : DhcpNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
{9030D464-4C02-4ABF-8ECC-5164760863C6}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
{E33CF602-D945-461A-83F0-819F76A199F8}
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [Razer Synapse] "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
mRun-x64: [ASUS ShellProcess Execute] C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe
mRun-x64: [ASUS AiChargerPlus Execute] C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Lycosa] "C:\Program Files (x86)\Razer\Razer Lycosa\razerhid.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [(padrÆo)] 
mRun-x64: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe"
mRunOnce-x64: [GrpConv] grpconv -o
AppInit_DLLs-X64: C:\Windows\SysWOW64\nvinit.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Kakashi\AppData\Roaming\Mozilla\Firefox\Profiles\9m03crtb.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 75898040;75898040;C:\Windows\system32\DRIVERS\75898040.sys --> C:\Windows\system32\DRIVERS\75898040.sys [?]
R0 AiChargerPlus;ASUS Charger Plus Driver;C:\Windows\system32\DRIVERS\AiChargerPlus.sys --> C:\Windows\system32\DRIVERS\AiChargerPlus.sys [?]
R0 mv91xx;mv91xx;C:\Windows\system32\DRIVERS\mv91xx.sys --> C:\Windows\system32\DRIVERS\mv91xx.sys [?]
R1 kl2;kl2;C:\Windows\system32\DRIVERS\kl2.sys --> C:\Windows\system32\DRIVERS\kl2.sys [?]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys --> C:\Windows\system32\DRIVERS\klim6.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 asComSvc;ASUS Com Service;C:\Program Files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe [2011-6-13 922240]
R2 asHmComSvc;ASUS HM Com Service;C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe [2010-12-1 915584]
R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2012-4-3 586880]
R2 AVP;Serviço do Kaspersky Anti-Virus;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe [2011-4-25 365336]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-4-2 13592]
R2 inpoutx64;inpoutx64;C:\Windows\system32\Drivers\inpoutx64.sys --> C:\Windows\system32\Drivers\inpoutx64.sys [?]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-4-2 1262400]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-5-15 382272]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-4-2 2656280]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\system32\DRIVERS\asmthub3.sys --> C:\Windows\system32\DRIVERS\asmthub3.sys [?]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\system32\DRIVERS\asmtxhci.sys --> C:\Windows\system32\DRIVERS\asmtxhci.sys [?]
R3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C;C:\Windows\system32\DRIVERS\e1c62x64.sys --> C:\Windows\system32\DRIVERS\e1c62x64.sys [?]
R3 ICCWDT;Intel(R) Watchdog Timer Driver (Intel(R) WDT);C:\Windows\system32\DRIVERS\ICCWDT.sys --> C:\Windows\system32\DRIVERS\ICCWDT.sys [?]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\system32\DRIVERS\klmouflt.sys --> C:\Windows\system32\DRIVERS\klmouflt.sys [?]
R3 Lycosa;Lycosa Keyboard;C:\Windows\system32\drivers\Lycosa.sys --> C:\Windows\system32\drivers\Lycosa.sys [?]
R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 RTCore64;RTCore64;C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [2010-5-26 14648]
R3 rzudd;Razer Keyboard Driver;C:\Windows\system32\DRIVERS\rzudd.sys --> C:\Windows\system32\DRIVERS\rzudd.sys [?]
R3 VKbms;Virtual HID Minidriver;C:\Windows\system32\DRIVERS\VKbms.sys --> C:\Windows\system32\DRIVERS\VKbms.sys [?]
RUnknown 1793494drv;1793494drv; [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-2 257224]
S3 ASUSstpt;ASUS USB 3.0 Boost Storage Driver (Storage Driver);C:\Windows\system32\DRIVERS\ASUSstpt.sys --> C:\Windows\system32\DRIVERS\ASUSstpt.sys [?]
S3 ASUSumsc;ASUS USB 3.0 Boost Storage Driver (WDM);C:\Windows\system32\DRIVERS\ASUSumsc.sys --> C:\Windows\system32\DRIVERS\ASUSumsc.sys [?]
S3 cphs;Intel(R) Content Protection HECI Service;C:\Windows\SysWOW64\IntelCpHeciSvc.exe [2012-2-14 276248]
S3 DCamUSBVM;Lenovo Q350 USB PC Camera;C:\Windows\system32\Drivers\usbVM31b.sys --> C:\Windows\system32\Drivers\usbVM31b.sys [?]
S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]
S3 libusb0;LibUsb-Win32 - Kernel Driver 07/07/2009, 0.1.12.2;C:\Windows\system32\DRIVERS\libusb0.sys --> C:\Windows\system32\DRIVERS\libusb0.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-25 113120]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;C:\Windows\system32\DRIVERS\rtl8187.sys --> C:\Windows\system32\DRIVERS\rtl8187.sys [?]
S3 StorSvc;Serviço de Armazenamento;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;C:\Windows\system32\drivers\Synth3dVsc.sys --> C:\Windows\system32\drivers\Synth3dVsc.sys [?]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\system32\drivers\terminpt.sys --> C:\Windows\system32\drivers\terminpt.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 tsusbhub;Remote Deskotop USB Hub;C:\Windows\system32\drivers\tsusbhub.sys --> C:\Windows\system32\drivers\tsusbhub.sys [?]
S3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
.
=============== Created Last 30 ================
.
2012-06-25 12:28:29	460888	----a-w-	C:\Windows\System32\drivers\75898040.sys
2012-06-25 12:16:33	388608	----a-w-	C:\HijackThis.exe
2012-06-25 07:11:06	--------	d-----w-	C:\Users\Kakashi\AppData\Local\{E463B540-08A5-43E6-986B-66E88109A9D6}
2012-06-25 07:10:57	--------	d-----w-	C:\Users\Kakashi\AppData\Local\{0143E175-466C-4BF4-B14B-DDB95B3E6CF0}
2012-06-25 06:39:55	--------	d-----w-	C:\Program Files (x86)\Anvisoft
2012-06-25 05:44:44	--------	d-----w-	C:\Users\Kakashi\AppData\Roaming\Malwarebytes
2012-06-25 05:44:42	--------	d-----w-	C:\ProgramData\Malwarebytes
2012-06-25 05:34:54	--------	d-----w-	C:\Users\Kakashi\AppData\Roaming\SpeedyPC Software
2012-06-25 05:34:54	--------	d-----w-	C:\Users\Kakashi\AppData\Roaming\DriverCure
2012-06-25 05:34:50	--------	d-----w-	C:\ProgramData\SpeedyPC Software
2012-06-25 05:34:50	--------	d-----w-	C:\Program Files (x86)\SpeedyPC Software
2012-06-25 05:21:25	2128472	----a-w-	C:\TDSSKiller.exe
2012-06-25 03:21:39	151952	----a-w-	C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak\components\kavlinkfilter.dll
2012-06-25 03:21:27	--------	d-----w-	C:\ProgramData\Kaspersky Lab
2012-06-25 03:21:27	--------	d-----w-	C:\Program Files (x86)\Kaspersky Lab
2012-06-23 03:39:01	--------	d-----w-	C:\Users\Kakashi\AppData\Local\{38726257-AAA8-4231-90AA-C0A4B8693F2C}
2012-06-22 15:38:40	--------	d-----w-	C:\Users\Kakashi\AppData\Local\{44A9301F-19C6-41B5-BC64-0AC193E8F944}
2012-06-22 04:03:51	--------	d-sh--w-	C:\Windows\System32\%APPDATA%
2012-06-22 03:38:17	--------	d-----w-	C:\Users\Kakashi\AppData\Local\{CD74F6F3-FB08-4FF0-8143-D191DA8D0637}
2012-06-22 03:37:55	--------	d-----w-	C:\Users\Kakashi\AppData\Local\{3C2EFACB-D9F4-4FF6-B3F7-7B346085685C}
2012-06-21 23:31:42	--------	d-----w-	C:\netlb
2012-06-21 15:37:33	--------	d-----w-	C:\Users\Kakashi\AppData\Local\{39DC7EDE-F98E-444B-8242-F5733D273232}
2012-06-21 03:37:13	--------	d-----w-	C:\Users\Kakashi\AppData\Local\{56EF8566-ECFA-450E-A8D8-0FE34B0314BE}
2012-06-21 03:37:03	--------	d-----w-	C:\Users\Kakashi\AppData\Local\{B00C8A66-CAC9-485A-A4BC-91BDC986F362}
2012-06-21 01:49:23	2622464	----a-w-	C:\Windows\System32\wucltux.dll
2012-06-21 01:49:22	99840	----a-w-	C:\Windows\System32\wudriver.dll
2012-06-21 01:49:21	36864	----a-w-	C:\Windows\System32\wuapp.exe
2012-06-21 01:49:21	186752	----a-w-	C:\Windows\System32\wuwebv.dll
2012-06-20 15:36:39	--------	d-----w-	C:\Users\Kakashi\AppData\Local\{9C5F0324-5BFD-46CD-A44C-53714B0F96CA}
2012-06-20 03:36:06	--------	d-----w-	C:\Users\Kakashi\AppData\Local\{E1F8A395-6B1A-44FC-A2A0-5742F2254E5B}
2012-06-19 21:10:59	--------	d-----w-	C:\snmpcert
2012-06-19 15:35:44	--------	d-----w-	C:\Users\Kakashi\AppData\Local\{7599DE88-C6DC-4D52-958D-E67211B84200}
2012-06-19 09:33:08	9013136	----a-w-	C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{12668755-FD6C-4E36-B07D-2308F64DF78A}\mpengine.dll
2012-06-19 03:35:19	--------	d-----w-	C:\Users\Kakashi\AppData\Local\{562B78A4-D4C0-410D-A179-EEB5BFC23A93}
2012-06-19 03:35:09	--------	d-----w-	C:\Users\Kakashi\AppData\Local\{4FAA7737-5A50-4397-BC4A-7E356CC1DCA0}
2012-06-18 15:34:47	--------	d-----w-	C:\Users\Kakashi\AppData\Local\{B8E84AB2-F213-4320-BB31-98F4F4BF20E7}
2012-06-18 03:34:36	--------	d-----w-	C:\Users\Kakashi\AppData\Local\{D37D5C07-BB87-4B76-A88B-67F229C8280F}
2012-06-17 15:47:45	--------	d-----w-	C:\ProgramData\Blizzard Entertainment
2012-06-17 15:47:45	--------	d-----w-	C:\Program Files (x86)\Diablo III
2012-06-17 15:47:45	--------	d-----w-	C:\Program Files (x86)\Common Files\Blizzard Entertainment
2012-06-17 15:46:25	--------	d-----w-	C:\ProgramData\Battle.net
2012-06-17 15:34:13	--------	d-----w-	C:\Users\Kakashi\AppData\Local\{596DE96C-CEE6-48B4-AD02-5CBF6414E747}
2012-06-16 18:52:30	--------	d-----w-	C:\Users\Kakashi\AppData\Local\{9385498B-F7FE-41A2-96EF-912D70722355}
2012-06-16 06:54:26	--------	d-----w-	C:\Users\Kakashi\AppData\Local\{09C8CF6B-5E2B-474D-8C84-312E99CBEE74}
2012-06-15 18:54:04	--------	d-----w-	C:\Users\Kakashi\AppData\Local\{DC0886A9-6C92-48EE-8032-9B3C75E9DF09}
2012-06-15 01:24:21	--------	d-----w-	C:\Users\Kakashi\AppData\Local\{5BF2BCB3-0478-4343-9C73-18C9A13995AD}
2012-06-14 13:24:11	--------	d-----w-	C:\Users\Kakashi\AppData\Local\{BD32ADF8-AE0A-4276-BD6F-5FD1B47FD271}
2012-06-14 13:24:01	--------	d-----w-	C:\Users\Kakashi\AppData\Local\{B8B0D91F-79CE-45C7-B548-F2D2AB2C032F}
2012-06-14 01:23:51	--------	d-----w-	C:\Users\Kakashi\AppData\Local\{B242D8DA-5EF5-4F03-81D9-E4D9B195EFB6}
2012-06-14 01:23:41	--------	d-----w-	C:\Users\Kakashi\AppData\Local\{780172A9-CAC0-4292-8FCC-59F5C22AF2FF}
2012-06-13 13:23:18	--------	d-----w-	C:\Users\Kakashi\AppData\Local\{6240443B-86AC-4B4E-81C3-D49D367C4227}
2012-06-13 13:23:08	--------	d-----w-	C:\Users\Kakashi\AppData\Local\{5AC3B35F-6090-4720-847C-153875298137}
2012-06-13 01:43:05	9216	----a-w-	C:\Windows\System32\rdrmemptylst.exe
2012-06-13 01:43:05	77312	----a-w-	C:\Windows\System32\rdpwsx.dll
2012-06-13 01:43:05	149504	----a-w-	C:\Windows\System32\rdpcorekmts.dll
2012-06-13 01:22:45	--------	d-----w-	C:\Users\Kakashi\AppData\Local\{13E10463-010B-4004-8FEF-A429772DECA8}
2012-06-13 01:22:36	--------	d-----w-	C:\Users\Kakashi\AppData\Local\{42158AA9-C78F-44B6-82D9-B9D80588095E}
2012-06-12 13:22:25	--------	d-----w-	C:\Users\Kakashi\AppData\Local\{DB1A2C4B-8AE7-4451-87BD-A9D1C7D9BFAE}
2012-06-12 01:22:05	--------	d-----w-	C:\Users\Kakashi\AppData\Local\{B594622B-6DDA-4E0A-8EFE-71D2180E6A47}
2012-06-11 13:21:44	--------	d-----w-	C:\Users\Kakashi\AppData\Local\{FD217E6F-E01A-4965-BDAF-F325F9F80AE7}
2012-06-11 01:21:24	--------	d-----w-	C:\Users\Kakashi\AppData\Local\{7A2D94AD-02E6-4015-8A9F-D0D6570A1F02}
2012-06-11 01:21:14	--------	d-----w-	C:\Users\Kakashi\AppData\Local\{1A2D145B-9162-4A07-A546-E0B6389527C5}
2012-06-10 13:20:51	--------	d-----w-	C:\Users\Kakashi\AppData\Local\{34E80425-1A89-42BA-975C-6E802324B8C7}
2012-06-10 13:20:41	--------	d-----w-	C:\Users\Kakashi\AppData\Local\{3FB098EA-A965-4E75-8004-507ECB86E8F7}
2012-06-10 01:20:31	--------	d-----w-	C:\Users\Kakashi\AppData\Local\{592C12CE-71A9-44EA-A64B-7819DF1958DC}
2012-06-10 01:20:21	--------	d-----w-	C:\Users\Kakashi\AppData\Local\{F108237F-7BC3-4573-B70B-16B5B364C402}
2012-06-09 15:00:30	770384	----a-w-	C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-09 15:00:30	421200	----a-w-	C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-09 13:20:11	--------	d-----w-	C:\Users\Kakashi\AppData\Local\{AE505D04-40C7-44C5-9136-E6B87CF44625}
2012-06-09 13:20:01	--------	d-----w-	C:\Users\Kakashi\AppData\Local\{CF466B35-F8F0-4E6F-B7C5-233647D38DD3}
2012-06-09 01:19:50	--------	d-----w-	C:\Users\Kakashi\AppData\Local\{A64699E0-5581-4F92-A729-21BC91CD54DA}
2012-06-09 01:19:41	--------	d-----w-	C:\Users\Kakashi\AppData\Local\{9ABC6633-A533-469E-B930-561BF863BE29}
2012-06-08 13:23:44	--------	d-----w-	C:\Program Files (x86)\Loquendo
2012-06-08 13:19:30	--------	d-----w-	C:\Users\Kakashi\AppData\Local\{9A8BD67A-7C5E-421A-896B-7E0EAD9AFE8C}
2012-06-08 13:19:20	--------	d-----w-	C:\Users\Kakashi\AppData\Local\{163173DA-8C54-477B-8C8F-C776939272B8}
2012-06-08 03:55:02	--------	d-----w-	C:\Program Files (x86)\NextUp-ScanSoft
2012-06-08 03:54:54	--------	d-----w-	C:\Windows\Downloaded Installations
2012-06-08 03:26:32	--------	d-----w-	C:\Users\Kakashi\AppData\Local\NextUp
2012-06-08 03:26:32	--------	d-----w-	C:\ProgramData\NextUp
2012-06-08 03:26:01	--------	d-----w-	C:\Program Files (x86)\TextAloud
2012-06-08 01:19:10	--------	d-----w-	C:\Users\Kakashi\AppData\Local\{BB4A828D-DDDD-4323-B2D7-2C91554116C0}
2012-06-08 01:19:00	--------	d-----w-	C:\Users\Kakashi\AppData\Local\{675686D9-BF99-4E9D-AEF7-DB612B9FCC82}
2012-06-07 13:18:37	--------	d-----w-	C:\Users\Kakashi\AppData\Local\{FB2BA2D0-7413-4430-AE3E-72E77F6B3EB9}
2012-06-07 13:18:28	--------	d-----w-	C:\Users\Kakashi\AppData\Local\{A8CF8B67-6DCB-4844-A200-F29272EE9AC5}
2012-06-07 01:18:17	--------	d-----w-	C:\Users\Kakashi\AppData\Local\{DBB604D1-4E79-4315-94C2-E8DCE3C3ADD3}
2012-06-07 01:18:07	--------	d-----w-	C:\Users\Kakashi\AppData\Local\{9B3D0468-4C50-48E1-BAEB-09E917FB25EB}
2012-06-06 13:17:57	--------	d-----w-	C:\Users\Kakashi\AppData\Local\{3B5761AD-24E6-457D-B932-9C3E27DB4B7E}
2012-06-06 13:17:47	--------	d-----w-	C:\Users\Kakashi\AppData\Local\{5C443EA5-5B1F-4AC6-AAEB-F962D9821502}
2012-06-06 01:17:37	--------	d-----w-	C:\Users\Kakashi\AppData\Local\{EB994AC7-32C0-4055-891F-472ACBB537B6}
2012-06-06 01:17:27	--------	d-----w-	C:\Users\Kakashi\AppData\Local\{F2E3E684-AE2A-47B1-B164-4E85C4ACF8AA}
2012-06-05 13:17:16	--------	d-----w-	C:\Users\Kakashi\AppData\Local\{397CD7C6-EFF9-4B0F-8A3C-618FF757C765}
2012-06-05 13:17:06	--------	d-----w-	C:\Users\Kakashi\AppData\Local\{23BB6EFB-5C73-4E96-A66B-AC2BFD484D83}
2012-06-05 03:12:54	--------	d-----w-	C:\Users\Kakashi\AppData\Local\XNand_Healer_GUI
2012-06-05 01:16:44	--------	d-----w-	C:\Users\Kakashi\AppData\Local\{3D341259-30DA-473C-A79D-664936211A11}
2012-06-05 01:16:33	--------	d-----w-	C:\Users\Kakashi\AppData\Local\{C2F979E1-C02A-4911-91BB-6E73BF11D329}
2012-06-04 13:16:23	--------	d-----w-	C:\Users\Kakashi\AppData\Local\{07F7D842-1479-466F-931F-F465BC5B36D6}
2012-06-04 13:16:12	--------	d-----w-	C:\Users\Kakashi\AppData\Local\{FFE15A74-78F5-4935-BB39-A70CCC4BA5EB}
2012-06-04 01:16:02	--------	d-----w-	C:\Users\Kakashi\AppData\Local\{764D9C38-A1CE-4072-974C-1C7E8DFB7E84}
2012-06-04 01:15:52	--------	d-----w-	C:\Users\Kakashi\AppData\Local\{8C7F7D1D-1696-48FF-AF34-1972F9B0A9E6}
2012-06-03 13:15:41	--------	d-----w-	C:\Users\Kakashi\AppData\Local\{7B4453A0-1AD0-4016-966A-85B018A007E7}
2012-06-03 13:15:31	--------	d-----w-	C:\Users\Kakashi\AppData\Local\{48212B8F-1360-408D-AEE3-60F685000635}
2012-06-03 01:15:20	--------	d-----w-	C:\Users\Kakashi\AppData\Local\{2C464506-81F3-45AC-8D41-6ECE16E66DAC}
2012-06-03 01:15:10	--------	d-----w-	C:\Users\Kakashi\AppData\Local\{65372460-24C4-46A4-830B-6095BBD1211C}
2012-06-02 13:15:00	--------	d-----w-	C:\Users\Kakashi\AppData\Local\{8896F1ED-65ED-4671-B77D-4EE2F0417577}
2012-06-02 13:14:50	--------	d-----w-	C:\Users\Kakashi\AppData\Local\{CED5EB36-EAE7-43DC-BABD-05CCFCD2F2BA}
2012-06-02 01:14:39	--------	d-----w-	C:\Users\Kakashi\AppData\Local\{D9CE8A0B-8942-4180-B1B7-A46F22EEBD5F}
2012-06-02 01:14:29	--------	d-----w-	C:\Users\Kakashi\AppData\Local\{8AB3C678-9B90-4A42-B019-E688D040E22D}
2012-06-01 13:14:18	--------	d-----w-	C:\Users\Kakashi\AppData\Local\{BA53D068-7804-45F3-B1C1-EF23E8825978}
2012-06-01 13:14:08	--------	d-----w-	C:\Users\Kakashi\AppData\Local\{FE6CD1C8-39BB-4E18-91AC-7E8E7A2899D8}
2012-06-01 01:13:57	--------	d-----w-	C:\Users\Kakashi\AppData\Local\{23FB3031-5AE5-4F2E-BA5B-BC84F12FB97A}
2012-06-01 01:13:47	--------	d-----w-	C:\Users\Kakashi\AppData\Local\{DF9D0694-707D-4BBE-9B7D-F001B718D2C6}
2012-05-31 13:13:37	--------	d-----w-	C:\Users\Kakashi\AppData\Local\{F32D5B2D-284A-41A9-A4EA-F2C60FD93F99}
2012-05-31 13:13:27	--------	d-----w-	C:\Users\Kakashi\AppData\Local\{CC4FADB1-5755-490E-9649-D381A56A27CD}
2012-05-31 01:44:23	--------	d-----w-	C:\Program Files (x86)\Oracle
2012-05-31 01:44:19	772504	----a-w-	C:\Windows\SysWow64\npDeployJava1.dll
2012-05-31 01:44:19	687504	----a-w-	C:\Windows\SysWow64\deployJava1.dll
2012-05-31 01:13:16	--------	d-----w-	C:\Users\Kakashi\AppData\Local\{B78F4328-F932-418A-943D-7BCFA8731E43}
2012-05-31 01:13:06	--------	d-----w-	C:\Users\Kakashi\AppData\Local\{64948B9C-F5C1-4245-8C62-20DBCAF9A4F4}
2012-05-30 20:20:39	827728	----a-w-	C:\Windows\msvcr100.dll
2012-05-30 20:20:33	827728	----a-w-	C:\Windows\system\msvcr100.dll
2012-05-30 20:20:26	827728	----a-w-	C:\Windows\System32\msvcr100.dll
2012-05-30 20:05:47	17128	----a-w-	C:\Windows\System32\roboot64.exe
2012-05-30 13:12:56	--------	d-----w-	C:\Users\Kakashi\AppData\Local\{61BF18B5-12EB-48B1-A39E-857DC82BBE37}
2012-05-30 13:12:46	--------	d-----w-	C:\Users\Kakashi\AppData\Local\{A6C32ABF-0543-48AD-9D20-F188D419D448}
2012-05-30 05:51:48	323584	----a-w-	C:\Windows\SysWow64\AudioControl.ocx
2012-05-30 05:51:48	24576	----a-w-	C:\Windows\SysWow64\JKTryIcn.ocx
2012-05-30 05:51:48	--------	d-----w-	C:\Program Files (x86)\KP  Software
2012-05-30 01:12:35	--------	d-----w-	C:\Users\Kakashi\AppData\Local\{57B5232C-CFC9-46B9-B7E6-A0CD3427EED1}
2012-05-30 01:12:25	--------	d-----w-	C:\Users\Kakashi\AppData\Local\{26DFEC0A-A5D0-45E3-B38C-A46944E168F3}
2012-05-29 13:12:15	--------	d-----w-	C:\Users\Kakashi\AppData\Local\{BB21CBCF-E360-46DF-83B0-27A5F41273DF}
2012-05-29 13:12:05	--------	d-----w-	C:\Users\Kakashi\AppData\Local\{70D6A580-BE40-4AC1-947E-001A92A37CC7}
2012-05-29 01:11:55	--------	d-----w-	C:\Users\Kakashi\AppData\Local\{D4EC4D4E-A937-489D-BB6A-A81E8D43B90A}
2012-05-29 01:11:45	--------	d-----w-	C:\Users\Kakashi\AppData\Local\{D36A47B8-180B-4A42-9841-4B1407E92A25}
2012-05-28 13:11:34	--------	d-----w-	C:\Users\Kakashi\AppData\Local\{04F5AEAC-454B-42B3-8DA5-DBEF054D6EE4}
2012-05-28 13:11:25	--------	d-----w-	C:\Users\Kakashi\AppData\Local\{92E1318F-0596-481E-9C9D-82A21019C8F6}
2012-05-28 01:11:14	--------	d-----w-	C:\Users\Kakashi\AppData\Local\{95622962-16DC-468E-ADCF-C89A382110A8}
2012-05-28 01:11:04	--------	d-----w-	C:\Users\Kakashi\AppData\Local\{2E567961-3B2F-4EF8-BFB4-7F2698D2B49B}
2012-05-27 13:10:41	--------	d-----w-	C:\Users\Kakashi\AppData\Local\{3C8EDC89-F2E7-476F-B2E3-69CF457F271E}
2012-05-27 13:10:31	--------	d-----w-	C:\Users\Kakashi\AppData\Local\{9F99B2A2-E3F8-4C14-BD07-1A173B49173C}
2012-05-27 01:10:20	--------	d-----w-	C:\Users\Kakashi\AppData\Local\{99BDD650-8CDC-49E2-B777-42C7A4554E90}
2012-05-27 01:10:10	--------	d-----w-	C:\Users\Kakashi\AppData\Local\{FDFC8C30-AAE6-466B-8F85-444D44029B97}
.
==================== Find3M  ====================
.
2012-06-21 23:15:02	70344	----a-w-	C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-21 23:15:02	426184	----a-w-	C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-18 02:06:48	2311680	----a-w-	C:\Windows\System32\jscript9.dll
2012-05-18 01:59:14	1392128	----a-w-	C:\Windows\System32\wininet.dll
2012-05-18 01:58:39	1494528	----a-w-	C:\Windows\System32\inetcpl.cpl
2012-05-18 01:55:22	173056	----a-w-	C:\Windows\System32\ieUnatt.exe
2012-05-18 01:51:30	2382848	----a-w-	C:\Windows\System32\mshtml.tlb
2012-05-17 22:45:37	1800192	----a-w-	C:\Windows\SysWow64\jscript9.dll
2012-05-17 22:35:47	1129472	----a-w-	C:\Windows\SysWow64\wininet.dll
2012-05-17 22:35:39	1427968	----a-w-	C:\Windows\SysWow64\inetcpl.cpl
2012-05-17 22:29:45	142848	----a-w-	C:\Windows\SysWow64\ieUnatt.exe
2012-05-17 22:24:45	2382848	----a-w-	C:\Windows\SysWow64\mshtml.tlb
2012-05-15 09:29:47	889664	----a-w-	C:\Windows\System32\nvvsvc.exe
2012-05-15 09:29:46	63296	----a-w-	C:\Windows\System32\nvshext.dll
2012-05-15 09:29:46	2561856	----a-w-	C:\Windows\System32\nvsvcr.dll
2012-05-15 09:29:46	118080	----a-w-	C:\Windows\System32\nvmctray.dll
2012-05-15 09:29:45	2621723	----a-w-	C:\Windows\System32\nvcoproc.bin
2012-05-15 09:29:25	3149632	----a-w-	C:\Windows\System32\nvsvc64.dll
2012-05-15 09:28:42	6151488	----a-w-	C:\Windows\System32\nvcpl.dll
2012-05-15 05:21:50	423744	----a-w-	C:\Windows\SysWow64\nvStreaming.exe
2012-05-15 02:50:18	94208	----a-w-	C:\Windows\System32\drivers\rzudd.sys
2012-05-15 02:36:12	142848	----a-w-	C:\Windows\SysWow64\rztouchdll.dll
2012-05-15 02:36:02	354816	----a-w-	C:\Windows\SysWow64\rzdevicedll.dll
2012-05-15 02:36:00	165888	----a-w-	C:\Windows\SysWow64\rzaudiodll.dll
2012-05-15 01:32:33	3146752	----a-w-	C:\Windows\System32\win32k.sys
2012-05-05 10:45:05	8769696	----a-w-	C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-05-04 11:06:22	5559664	----a-w-	C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:03:53	3968368	----a-w-	C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50	3913072	----a-w-	C:\Windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40:20	209920	----a-w-	C:\Windows\System32\profsvc.dll
2012-04-28 05:32:05	1112064	----a-w-	C:\Windows\System32\rdpcorets.dll
2012-04-28 03:55:21	210944	----a-w-	C:\Windows\System32\drivers\rdpwd.sys
2012-04-24 05:37:37	184320	----a-w-	C:\Windows\System32\cryptsvc.dll
2012-04-24 05:37:37	140288	----a-w-	C:\Windows\System32\cryptnet.dll
2012-04-24 05:37:36	1462272	----a-w-	C:\Windows\System32\crypt32.dll
2012-04-24 04:36:42	140288	----a-w-	C:\Windows\SysWow64\cryptsvc.dll
2012-04-24 04:36:42	1158656	----a-w-	C:\Windows\SysWow64\crypt32.dll
2012-04-24 04:36:42	103936	----a-w-	C:\Windows\SysWow64\cryptnet.dll
2012-04-18 17:08:08	31040	----a-w-	C:\Windows\System32\nvhdap64.dll
2012-04-18 17:08:03	188736	----a-w-	C:\Windows\System32\drivers\nvhda64v.sys
2012-04-18 17:08:02	1451840	----a-w-	C:\Windows\System32\nvhdagenco6420103.dll
2012-04-07 12:31:40	3216384	----a-w-	C:\Windows\System32\msi.dll
2012-04-07 11:26:29	2342400	----a-w-	C:\Windows\SysWow64\msi.dll
2012-04-07 03:53:12	15008	----a-w-	C:\Windows\System32\drivers\inpoutx64.sys
2012-04-03 00:29:25	34064	----a-w-	C:\Windows\SysWow64\lhacm.acm
2012-04-02 23:32:17	16896	----a-w-	C:\Windows\AsTaskSched.dll
2012-03-30 11:35:47	1918320	----a-w-	C:\Windows\System32\drivers\tcpip.sys
.
============= FINISH: 11:12:17,85 ===============

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:33:50, on 25/06/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16446)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTSS.exe
C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe
C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
C:\Program Files (x86)\Razer\Razer Lycosa\razerhid.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
C:\Program Files (x86)\Razer\Razer Lycosa\razertra.exe
C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\iPhone Simulator\pnSvc.exe
C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\ievkbd.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [Razer Synapse] "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
O4 - HKLM\..\Run: [ASUS ShellProcess Execute] C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe
O4 - HKLM\..\Run: [ASUS AiChargerPlus Execute] C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Lycosa] "C:\Program Files (x86)\Razer\Razer Lycosa\razerhid.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe"
O4 - HKLM\..\RunOnce: [GrpConv] grpconv -o
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-911251589-1365415460-1663542602-1003\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-911251589-1365415460-1663542602-1003\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: &Teclado Virtual - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Veri&ficação de URLs - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: ASUS Com Service (asComSvc) - Unknown owner - C:\Program Files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe
O23 - Service: ASUS HM Com Service (asHmComSvc) - Unknown owner - C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe
O23 - Service: ASUS System Control Service (AsSysCtrlService) - Unknown owner - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
O23 - Service: Serviço do Kaspersky Anti-Virus (AVP) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: wampapache - Apache Software Foundation - F:\wamp\bin\apache\apache2.2.22\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - F:\wamp\bin\mysql\mysql5.5.24\bin\mysqld.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11924 bytes

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Enterprise 
Boot Device: \Device\HarddiskVolume4
Install Date: 02/04/2012 20:28:03
System Uptime: 25/06/2012 03:59:14 (8 hours ago)
.
Motherboard: ASUSTeK Computer INC. |  | P8Z68-V PRO GEN3
Processor: Intel(R) Core(TM) i7-2600K CPU @ 3.40GHz | LGA1155 | 3401/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 112 GiB total, 52,303 GiB free.
D: is FIXED (NTFS) - 75 GiB total, 2,592 GiB free.
E: is FIXED (NTFS) - 0 GiB total, 0,07 GiB free.
F: is FIXED (NTFS) - 931 GiB total, 170,601 GiB free.
G: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: 
Description: 
Device ID: USB\VID_0CF3&PID_3000\6&DF2EE03&0&7
Manufacturer: 
Name: 
PNP Device ID: USB\VID_0CF3&PID_3000\6&DF2EE03&0&7
Service: 
.
==== System Restore Points ===================
.
RP64: 13/06/2012 03:00:10 - Windows Update
RP65: 19/06/2012 06:33:01 - Windows Update
RP66: 20/06/2012 22:49:18 - Windows Update
RP67: 25/06/2012 00:21:20 - Installed Kaspersky Anti-Virus 2011.
RP68: 25/06/2012 02:38:32 - Removed Update Manager for SweetPacks 1.0
.
==== Installed Programs ======================
.
abgx360 v1.0.6
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.3) - Português
AI Suite II
Asmedia ASM104x USB 3.0 Host Controller Driver
µTorrent
AutoIt v3.3.8.1
D3DX10
Darkfall US
Diablo III
FormatFactory 2.95
Heroes of Newerth
ImgBurn
Intel(R) Management Engine Components
Intel(R) Rapid Storage Technology
Intel® Watchdog Timer Driver (Intel® WDT)
Java Auto Updater
Java(TM) 7 Update 4
JavaFX 2.1.0
JMicron JMB36X Driver
Jtag Tool
Kaspersky Anti-Virus 2011
KP-Anti Mosquitoes
Loquendo TTS: Gabriela (Portuguese-Brasilian)
marvell 91xx driver
Messenger Plus! 5
Microsoft Office Professional Edição 2003
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 13.0.1 (x86 pt-BR)
Mozilla Maintenance Service
MSI Afterburner 2.1.0
MSVCRT
NextUp-ScanSoft Raquel Brazilian Portuguese Voice
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
Razer Lycosa
Razer Synapse 2.0
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Skype™ 5.8
Sniper Elite V2
Steam
TeamSpeak 2 RC2
TextAloud 3.0
UnderCoverXP 1.23
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
VultureWare DOCSIS Config Editor 0.1
WampServer 2.2
Win7codecs
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Messenger
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
.
==== End Of File ===========================

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:			
Windows Version:		Windows 7 Enterprise Edition
Windows Information:		Service Pack 1 (build 7601), 64-bit
Base Board Manufacturer:	ASUSTeK Computer INC.
BIOS Manufacturer:		American Megatrends Inc.
System Manufacturer:		System manufacturer
System Product Name:		System Product Name
Logical Drives Mask:		0x000000fc

Kernel Drivers (total 213):
  0x0345A000 \SystemRoot\system32\ntoskrnl.exe
  0x03411000 \SystemRoot\system32\hal.dll
  0x00B9E000 \SystemRoot\system32\kdcom.dll
  0x00CD5000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
  0x00D24000 \SystemRoot\system32\PSHED.dll
  0x00D38000 \SystemRoot\system32\CLFS.SYS
  0x00C00000 \SystemRoot\system32\CI.dll
  0x00E01000 \SystemRoot\system32\DRIVERS\kl1.sys
  0x016AC000 \SystemRoot\system32\drivers\Wdf01000.sys
  0x01750000 \SystemRoot\system32\drivers\WDFLDR.SYS
  0x0175F000 \SystemRoot\system32\drivers\ACPI.sys
  0x017B6000 \SystemRoot\system32\drivers\WMILIB.SYS
  0x017BF000 \SystemRoot\system32\drivers\msisadrv.sys
  0x017C9000 \SystemRoot\system32\drivers\pci.sys
  0x01600000 \SystemRoot\system32\drivers\vdrvroot.sys
  0x0160D000 \SystemRoot\System32\drivers\partmgr.sys
  0x01622000 \SystemRoot\system32\drivers\compbatt.sys
  0x0162B000 \SystemRoot\system32\drivers\BATTC.SYS
  0x01637000 \SystemRoot\system32\drivers\volmgr.sys
  0x0164C000 \SystemRoot\System32\drivers\volmgrx.sys
  0x01560000 \SystemRoot\system32\drivers\pciide.sys
  0x01567000 \SystemRoot\system32\drivers\PCIIDEX.SYS
  0x01577000 \SystemRoot\system32\DRIVERS\jraid.sys
  0x01598000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
  0x016A8000 \SystemRoot\system32\DRIVERS\AiChargerPlus.sys
  0x015C7000 \SystemRoot\System32\drivers\mountmgr.sys
  0x01819000 \SystemRoot\system32\DRIVERS\iaStor.sys
  0x01BBB000 \SystemRoot\system32\drivers\atapi.sys
  0x01BC4000 \SystemRoot\system32\drivers\ataport.SYS
  0x01BEE000 \SystemRoot\system32\drivers\msahci.sys
  0x01C00000 \SystemRoot\system32\DRIVERS\mv91xx.sys
  0x01C8C000 \SystemRoot\system32\DRIVERS\mvxxmm.sys
  0x01C94000 \SystemRoot\system32\drivers\amdxata.sys
  0x01C9F000 \SystemRoot\system32\drivers\fltmgr.sys
  0x01CEB000 \SystemRoot\system32\drivers\fileinfo.sys
  0x01E51000 \SystemRoot\System32\Drivers\Ntfs.sys
  0x01CFF000 \SystemRoot\System32\Drivers\msrpc.sys
  0x01E00000 \SystemRoot\System32\Drivers\ksecdd.sys
  0x01D5D000 \SystemRoot\System32\Drivers\cng.sys
  0x01E1B000 \SystemRoot\System32\drivers\pcw.sys
  0x01E2C000 \SystemRoot\System32\Drivers\Fs_Rec.sys
  0x0207E000 \SystemRoot\system32\drivers\ndis.sys
  0x02171000 \SystemRoot\system32\drivers\NETIO.SYS
  0x021D1000 \SystemRoot\System32\Drivers\ksecpkg.sys
  0x02289000 \SystemRoot\System32\drivers\tcpip.sys
  0x0248C000 \SystemRoot\System32\drivers\fwpkclnt.sys
  0x024D6000 \SystemRoot\system32\drivers\vmstorfl.sys
  0x024E6000 \SystemRoot\system32\drivers\volsnap.sys
  0x02532000 \SystemRoot\System32\Drivers\spldr.sys
  0x0253A000 \SystemRoot\System32\drivers\rdyboost.sys
  0x02574000 \SystemRoot\System32\Drivers\mup.sys
  0x02586000 \SystemRoot\System32\drivers\hwpolicy.sys
  0x0258F000 \SystemRoot\System32\DRIVERS\fvevol.sys
  0x025C9000 \SystemRoot\system32\drivers\disk.sys
  0x02200000 \SystemRoot\system32\drivers\CLASSPNP.SYS
  0x02000000 \SystemRoot\system32\DRIVERS\cdrom.sys
  0x038D8000 \SystemRoot\system32\DRIVERS\klif.sys
  0x0396E000 \SystemRoot\System32\Drivers\Null.SYS
  0x03977000 \SystemRoot\System32\Drivers\Beep.SYS
  0x0397E000 \SystemRoot\System32\drivers\vga.sys
  0x0398C000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
  0x039B1000 \SystemRoot\System32\drivers\watchdog.sys
  0x039C1000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0x039CA000 \SystemRoot\system32\drivers\rdpencdd.sys
  0x039D3000 \SystemRoot\system32\drivers\rdprefmp.sys
  0x039DC000 \SystemRoot\System32\Drivers\Msfs.SYS
  0x039E7000 \SystemRoot\System32\Drivers\Npfs.SYS
  0x03800000 \SystemRoot\system32\DRIVERS\tdx.sys
  0x03822000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0x0382F000 \SystemRoot\system32\DRIVERS\kl2.sys
  0x03836000 \SystemRoot\system32\drivers\afd.sys
  0x0202A000 \SystemRoot\System32\DRIVERS\netbt.sys
  0x038BF000 \SystemRoot\system32\DRIVERS\wfplwf.sys
  0x01DCF000 \SystemRoot\system32\DRIVERS\pacer.sys
  0x02266000 \SystemRoot\system32\DRIVERS\vwififlt.sys
  0x038C8000 \SystemRoot\system32\DRIVERS\klim6.sys
  0x025DF000 \SystemRoot\system32\DRIVERS\netbios.sys
  0x01E36000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0x01800000 \SystemRoot\system32\DRIVERS\termdd.sys
  0x00D96000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0x025EE000 \SystemRoot\system32\drivers\nsiproxy.sys
  0x0227C000 \SystemRoot\system32\DRIVERS\mssmbios.sys
  0x0206F000 \SystemRoot\System32\drivers\discache.sys
  0x04CC4000 \SystemRoot\system32\drivers\csc.sys
  0x04D47000 \SystemRoot\System32\Drivers\dfsc.sys
  0x04D65000 \SystemRoot\system32\DRIVERS\blbdrive.sys
  0x04D76000 \SystemRoot\SysWow64\drivers\AsUpIO.sys
  0x04D7D000 \SystemRoot\SysWow64\drivers\AsIO.sys
  0x04D83000 \SystemRoot\system32\DRIVERS\tunnel.sys
  0x0FC3D000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
  0x0509B000 \SystemRoot\System32\drivers\dxgkrnl.sys
  0x0518F000 \SystemRoot\System32\drivers\dxgmms1.sys
  0x051D5000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
  0x10A90000 \SystemRoot\system32\DRIVERS\igdkmd64.sys
  0x11893000 \SystemRoot\system32\DRIVERS\HECIx64.sys
  0x118A4000 \SystemRoot\system32\DRIVERS\e1c62x64.sys
  0x118F3000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0x11904000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0x1195A000 \SystemRoot\system32\DRIVERS\asmtxhci.sys
  0x119BE000 \SystemRoot\system32\DRIVERS\1394ohci.sys
  0x10A00000 \SystemRoot\system32\DRIVERS\ICCWDT.sys
  0x10A0C000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
  0x10A15000 \SystemRoot\system32\DRIVERS\intelppm.sys
  0x10A2B000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
  0x10A3B000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
  0x10A51000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0x10A75000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0x05000000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0x0502F000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0x0504A000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0x0506B000 \SystemRoot\system32\DRIVERS\rassstp.sys
  0x10A81000 \SystemRoot\system32\DRIVERS\VKbms.sys
  0x05085000 \SystemRoot\System32\drivers\mshidkmdf.sys
  0x0FC00000 \SystemRoot\System32\drivers\HIDCLASS.SYS
  0x0508D000 \SystemRoot\System32\drivers\HIDPARSE.SYS
  0x0FC19000 \SystemRoot\system32\DRIVERS\rdpbus.sys
  0x0FC24000 \SystemRoot\system32\DRIVERS\kbdclass.sys
  0x04DA9000 \SystemRoot\system32\DRIVERS\mouclass.sys
  0x10A8C000 \SystemRoot\system32\DRIVERS\swenum.sys
  0x04DB8000 \SystemRoot\system32\DRIVERS\ks.sys
  0x04C00000 \SystemRoot\system32\DRIVERS\umbus.sys
  0x04C12000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0x04C6C000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0x04C81000 \SystemRoot\system32\DRIVERS\mouhid.sys
  0x0FC33000 \SystemRoot\system32\DRIVERS\klmouflt.sys
  0x04C8E000 \SystemRoot\system32\DRIVERS\kbdhid.sys
  0x06640000 \SystemRoot\system32\drivers\nvhda64v.sys
  0x06672000 \SystemRoot\system32\drivers\portcls.sys
  0x066AF000 \SystemRoot\system32\drivers\drmk.sys
  0x066D1000 \SystemRoot\system32\drivers\ksthunk.sys
  0x06886000 \SystemRoot\system32\drivers\RTKVHD64.sys
  0x06AF7000 \SystemRoot\system32\drivers\HdAudio.sys
  0x00090000 \SystemRoot\System32\win32k.sys
  0x06B53000 \SystemRoot\System32\drivers\Dxapi.sys
  0x06B5F000 \SystemRoot\System32\Drivers\crashdmp.sys
  0x06B6D000 \SystemRoot\System32\Drivers\dump_dumpata.sys
  0x06B79000 \SystemRoot\System32\Drivers\dump_atapi.sys
  0x06B82000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
  0x06B95000 \SystemRoot\system32\DRIVERS\asmthub3.sys
  0x06BB9000 \SystemRoot\SysWow64\drivers\ASUSFILTER.sys
  0x06BC7000 \SystemRoot\system32\DRIVERS\monitor.sys
  0x06BD5000 \SystemRoot\system32\DRIVERS\usbccgp.sys
  0x06BF2000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0x06BF4000 \SystemRoot\System32\Drivers\RimUsb_AMD64.sys
  0x06800000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
  0x0681B000 \SystemRoot\system32\DRIVERS\usbscan.sys
  0x0682C000 \SystemRoot\system32\DRIVERS\usbprint.sys
  0x00480000 \SystemRoot\System32\TSDDD.dll
  0x00610000 \SystemRoot\System32\cdd.dll
  0x06838000 \SystemRoot\system32\DRIVERS\hidusb.sys
  0x06846000 \SystemRoot\system32\DRIVERS\rzudd.sys
  0x008A0000 \SystemRoot\System32\ATMFD.DLL
  0x06864000 \SystemRoot\system32\drivers\Lycosa.sys
  0x066D7000 \SystemRoot\system32\drivers\luafv.sys
  0x066FA000 \SystemRoot\system32\drivers\WudfPf.sys
  0x0686C000 \SystemRoot\system32\DRIVERS\lltdio.sys
  0x0671B000 \SystemRoot\system32\DRIVERS\nwifi.sys
  0x0676E000 \SystemRoot\system32\DRIVERS\ndisuio.sys
  0x06781000 \SystemRoot\system32\DRIVERS\rspndr.sys
  0x07240000 \SystemRoot\system32\drivers\HTTP.sys
  0x07309000 \SystemRoot\System32\DRIVERS\srvnet.sys
  0x0733A000 \SystemRoot\system32\DRIVERS\bowser.sys
  0x07358000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0x07385000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
  0x073D3000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
  0x076EA000 \SystemRoot\System32\DRIVERS\srv2.sys
  0x07753000 \SystemRoot\System32\DRIVERS\srv.sys
  0x077EB000 \SystemRoot\System32\Drivers\inpoutx64.sys
  0x07600000 \SystemRoot\system32\drivers\peauth.sys
  0x076A6000 \SystemRoot\System32\Drivers\secdrv.SYS
  0x076B1000 \SystemRoot\System32\drivers\tcpipreg.sys
  0x07200000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
  0x076C3000 \??\C:\Program Files (x86)\MSI Afterburner\RTCore64.sys
  0x77970000 \Windows\System32\ntdll.dll
  0x48120000 \Windows\System32\smss.exe
  0xFFC90000 \Windows\System32\apisetschema.dll
  0xFF290000 \Windows\System32\autochk.exe
  0xFFC70000 \Windows\System32\lpk.dll
  0xFFB60000 \Windows\System32\msctf.dll
  0xFFB50000 \Windows\System32\nsi.dll
  0x77850000 \Windows\System32\kernel32.dll
  0xFFAB0000 \Windows\System32\comdlg32.dll
  0xFFA10000 \Windows\System32\msvcrt.dll
  0xFF9B0000 \Windows\System32\Wldap32.dll
  0xFF980000 \Windows\System32\imm32.dll
  0xFF8A0000 \Windows\System32\oleaut32.dll
  0xFF880000 \Windows\System32\imagehlp.dll
  0x77750000 \Windows\System32\user32.dll
  0x775F0000 \Windows\System32\wininet.dll
  0xFF750000 \Windows\System32\rpcrt4.dll
  0x773E0000 \Windows\System32\iertutil.dll
  0xFF570000 \Windows\System32\setupapi.dll
  0x77290000 \Windows\System32\urlmon.dll
  0xFF520000 \Windows\System32\ws2_32.dll
  0xFF4A0000 \Windows\System32\shlwapi.dll
  0x77B40000 \Windows\System32\psapi.dll
  0xFE710000 \Windows\System32\shell32.dll
  0xFE640000 \Windows\System32\usp10.dll
  0xFE560000 \Windows\System32\advapi32.dll
  0xFE4E0000 \Windows\System32\difxapi.dll
  0xFE2D0000 \Windows\System32\ole32.dll
  0xFE230000 \Windows\System32\clbcatq.dll
  0xFE1C0000 \Windows\System32\gdi32.dll
  0xFE1A0000 \Windows\System32\sechost.dll
  0x77B30000 \Windows\System32\normaliz.dll
  0xFE100000 \Windows\System32\comctl32.dll
  0xFE090000 \Windows\System32\KernelBase.dll
  0xFE070000 \Windows\System32\devobj.dll
  0xFDF00000 \Windows\System32\crypt32.dll
  0xFDEC0000 \Windows\System32\cfgmgr32.dll
  0xFDE80000 \Windows\System32\wintrust.dll
  0xFDE70000 \Windows\System32\msasn1.dll
  0x77B20000 \Windows\SysWOW64\normaliz.dll

Processes (total 72):
       0 System Idle Process
       4 System
     372 C:\Windows\System32\smss.exe
     560 csrss.exe
     732 C:\Windows\System32\wininit.exe
     740 csrss.exe
     792 C:\Windows\System32\services.exe
     816 C:\Windows\System32\winlogon.exe
     844 C:\Windows\System32\lsass.exe
     852 C:\Windows\System32\lsm.exe
     960 C:\Windows\System32\svchost.exe
    1016 C:\Windows\System32\nvvsvc.exe
     136 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
     432 C:\Windows\System32\svchost.exe
     660 C:\Windows\System32\svchost.exe
     744 C:\Windows\System32\svchost.exe
     452 C:\Windows\System32\svchost.exe
    1072 C:\Windows\System32\audiodg.exe
    1144 C:\Windows\System32\svchost.exe
    1252 C:\Windows\System32\svchost.exe
    1444 C:\Windows\System32\spoolsv.exe
    1552 C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    1572 C:\Windows\System32\nvvsvc.exe
    1860 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    1880 C:\Program Files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe
    1968 C:\Windows\System32\taskeng.exe
    1208 C:\Windows\System32\dwm.exe
    1244 C:\Windows\System32\taskhost.exe
    1948 C:\Windows\explorer.exe
    1964 C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTSS.exe
    1924 C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
    2012 C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
    1036 C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe
    2136 C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe
    2172 C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
    2196 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
    2268 C:\Windows\System32\svchost.exe
    2304 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    2344 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    2484 C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    2496 C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
    2564 C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe
    2656 C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
    2680 C:\Program Files (x86)\Razer\Razer Lycosa\razerhid.exe
    2692 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    2716 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
    2892 C:\Program Files (x86)\Skype\Updater\Updater.exe
    2936 C:\Windows\System32\svchost.exe
    2976 C:\Program Files (x86)\Razer\Razer Lycosa\razertra.exe
    3032 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    2672 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    3196 C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    3592 WUDFHost.exe
    3956 C:\Windows\System32\SearchIndexer.exe
    3996 C:\Windows\System32\svchost.exe
    4044 C:\Windows\System32\SearchProtocolHost.exe
    1476 C:\Program Files (x86)\ASUS\AI Suite II\USB 3.0 Boost\U3BoostSvr64.exe
    3320 C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\iPhone Simulator\pnSvc.exe
    3660 C:\Windows\System32\SearchFilterHost.exe
    3192 C:\Program Files (x86)\Internet Explorer\iexplore.exe
    3928 C:\Program Files (x86)\Internet Explorer\iexplore.exe
    4184 C:\Program Files\Windows Media Player\wmpnetwk.exe
    4504 WmiPrvSE.exe
    5064 C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
    4896 C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
    5112 C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
    3940 C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
    2068 C:\Program Files (x86)\Internet Explorer\iexplore.exe
    4796 C:\Program Files (x86)\Internet Explorer\iexplore.exe
    5500 C:\Windows\System32\dllhost.exe
    1164 C:\MBRCheck.exe
    3544 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000  (NTFS)
\\.\D: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00  (NTFS)
\\.\E: --> \\.\PhysicalDrive2 at offset 0x00000000`00100000  (NTFS)
\\.\F: --> \\.\PhysicalDrive2 at offset 0x00000000`06500000  (NTFS)

PhysicalDrive0 Model Number: OCZ-VERTEX3, Rev: 2.15    
PhysicalDrive1 Model Number: ST380211AS, Rev: 3.AAE   
PhysicalDrive2 Model Number: ST31000528AS, Rev: CC35    

      Size  Device Name          MBR Status
  --------------------------------------------
    111 GB  \\.\PhysicalDrive0   Windows 7 MBR code detected
            SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
     74 GB  \\.\PhysicalDrive1   RE: Windows XP MBR code detected
            SHA1: 2C6D77F4F50AA9DE10FCE2024558166E9012FC6F
    931 GB  \\.\PhysicalDrive2   RE: Windows 7 MBR code detected
            SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


Done!

Edited by methows, 25 June 2012 - 09:33 AM.


BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:10:57 AM

Posted 25 June 2012 - 03:01 PM

Hi,

Please run the following:

download Farbar Recovery Scan Tool and save it to a flash drive.
(you need the 64bit version)

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to the disclaimer.
[*]Place a check next to List Drivers MD5 as well as the default check marks that are already there
[*]Press Scan button.
[*]type exit and reboot the computer normally
[*]FRST will make a log (FRST.txt) on the flash drive, please copy and paste the log in your reply.[/list]

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:10:57 AM

Posted 01 July 2012 - 03:17 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users