Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Antivirus Keeps Turning Off


  • This topic is locked This topic is locked
9 replies to this topic

#1 double_digitz

double_digitz

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:33 PM

Posted 02 November 2012 - 04:56 PM

Hi.
I'm currently having a problem with my computer. It was still fine last week. But then earlier this week the problem occured. There is a message from action center that tells me to turn on my antivirus. i tried repeatedly to enable my antivirus, but it didn't work. At first, i thought it was AVG problem. So i decided to uninstall it, and then i tried to install Kaspersky. But the same thing happens to Kaspersky too as i couldnt turn the antivirus back on.

I didnt install / change anything to the computer before the problem occur, as i didnt use the computer for approx 3 days. Then when i turned it on earlier this week, the problem occured by itself.

Thanks


Here is my DDS log
DDS (Ver_2012-10-19.01) - NTFS_x86
Internet Explorer: 9.0.8112.16421
Run by intel at 4:09:59 on 2012-11-03
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3582.2293 [GMT 7:00]
.
AV: Kaspersky Internet Security *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
SP: Kaspersky Internet Security *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\PnkBstrA.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Razer\Synapse\RzSynapse.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Users\intel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\intel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\intel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\intel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\intel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\intel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\intel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\intel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\intel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\intel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\intel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\intel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\intel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\intel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k secsvcs
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\contentblocker\ie_content_blocker_plugin.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\virtualkeyboard\ie_virtual_keyboard_plugin.dll
BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\onlinebanking\online_banking_bho.dll
BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\urladvisor\klwtbbho.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [ROC_ROC_NT] "c:\program files\avg secure search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT
mRun: [RTHDVCPL] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [Razer Synapse] "c:\program files\razer\synapse\RzSynapse.exe"
mRun: [ROC_roc_ssl_v12] "c:\program files\avg secure search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2013\avp.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\virtualkeyboard\ie_virtual_keyboard_plugin.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\urladvisor\klwtbbho.dll
TCP: NameServer = 8.8.8.8 61.247.0.4
TCP: Interfaces\{5A1C5BCE-0C5D-4A1F-8DB8-A058A6CD7699} : DHCPNameServer = 8.8.8.8 61.247.0.4
TCP: Interfaces\{5A1C5BCE-0C5D-4A1F-8DB8-A058A6CD7699}\3334F6D6 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{7E3B5D4B-8ED1-4124-A57C-25DDE0632106} : DHCPNameServer = 8.8.8.8 61.247.0.4
TCP: Interfaces\{AFF73D75-F369-4CCD-81AA-CBCCB23D9DCA} : DHCPNameServer = 8.8.8.8 61.247.0.4
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\intel\appdata\roaming\mozilla\firefox\profiles\wajsqbcg.default\
FF - plugin: c:\program files\common files\avg secure search\sitesafetyinstaller\12.2.6\npsitesafety.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\nokia\nokia suite\npNokiaSuiteEnabler.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\users\intel\appdata\local\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_287.dll
FF - ExtSQL: 2012-09-15 14:03; mozilla_cc@internetdownloadmanager.com; c:\users\intel\appdata\roaming\idm\idmmzcc5
FF - ExtSQL: 2012-09-15 14:20; avg@toolbar; c:\programdata\avg secure search\12.2.5.34
.
============= SERVICES / DRIVERS ===============
.
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2012-8-2 24408]
R1 kltdi;kltdi;c:\windows\system32\drivers\kltdi.sys [2012-6-8 43608]
R1 kneps;kneps;c:\windows\system32\drivers\kneps.sys [2012-8-13 144344]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-9-23 65192]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-11-3 399432]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-11-3 676936]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2012-8-30 382312]
R3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\system32\drivers\athrusb.sys [2008-7-29 904192]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\drivers\klkbdflt.sys [2012-5-25 25944]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2012-7-25 25944]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-11-3 22856]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2012-9-12 490088]
R3 rzdaendpt;Razer DeathAdder end point;c:\windows\system32\drivers\rzdaendpt.sys [2012-8-17 22400]
R3 rzendpt;rzendpt;c:\windows\system32\drivers\rzendpt.sys [2012-8-17 18944]
R3 rzudd;Razer Keyboard Driver;c:\windows\system32\drivers\rzudd.sys [2012-8-17 91776]
R3 rzvkeyboard;Razer Virtual Keyboard Driver;c:\windows\system32\drivers\rzvkeyboard.sys [2012-8-17 19840]
S2 AVP;Kaspersky Anti-Virus Service;c:\program files\kaspersky lab\kaspersky internet security 2013\avp.exe [2012-8-17 218880]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia update core\daemonu.exe [2012-9-18 1258856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-9-25 250808]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 62464]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-8-29 114144]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2012-1-9 137600]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2012-1-9 8576]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 15872]
S3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\Synth3dVsc.sys [2010-11-21 77184]
S3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 25600]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-21 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 27264]
S3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 112640]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2012-9-15 1343400]
.
=============== Created Last 30 ================
.
2012-11-02 20:46:46 -------- d-----w- c:\windows\system32\appmgmt
2012-11-02 19:19:15 -------- d-----w- c:\users\intel\appdata\roaming\Malwarebytes
2012-11-02 19:19:10 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-02 19:19:10 -------- d-----w- c:\programdata\Malwarebytes
2012-11-02 19:19:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-11-02 17:09:30 -------- d-----w- c:\windows\ELAMBKUP
2012-11-02 17:09:24 -------- d-----w- c:\programdata\Kaspersky Lab
2012-11-02 17:09:24 -------- d-----w- c:\program files\Kaspersky Lab
2012-11-02 17:09:10 75096 ----a-w- c:\windows\system32\drivers\klflt.sys
2012-11-02 15:52:43 -------- d-----w- c:\users\intel\appdata\local\Avg2013
2012-11-02 15:18:08 -------- d-sh--w- C:\found.001
2012-11-02 06:47:05 -------- d-----w- c:\users\intel\appdata\roaming\AVG2012
2012-11-02 06:19:31 -------- d-sh--w- C:\found.000
2012-11-02 03:20:20 6918632 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{a6c00bb6-d934-41c1-a092-620f3444c2a7}\mpengine.dll
2012-10-23 04:10:42 -------- d-----w- c:\programdata\AVG2012
2012-10-22 08:48:49 6918632 ----a-w- c:\programdata\microsoft\windows defender\definition updates\backup\mpengine.dll
2012-10-17 16:50:24 -------- dc----w- c:\users\intel\appdata\local\MigWiz
2012-10-12 13:14:30 -------- d-----w- c:\program files\MSXML 4.0
2012-10-12 12:39:08 -------- d-----w- c:\windows\system32\directx
2012-10-11 15:11:19 -------- d-----w- c:\users\intel\appdata\local\NokiaAccount
2012-10-11 15:06:51 -------- d-----w- c:\users\intel\appdata\local\Nokia
2012-10-11 15:06:27 -------- d-----w- c:\programdata\Nokia
2012-10-11 15:06:27 -------- d-----w- c:\program files\common files\Nokia
2012-10-11 15:06:05 19072 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2012-10-11 15:05:59 -------- d-----w- c:\program files\PC Connectivity Solution
2012-10-11 15:05:43 75264 ----a-w- c:\windows\system32\nmwcdcls.dll
2012-10-11 15:05:17 -------- d-----w- c:\programdata\NokiaInstallerCache
2012-10-11 15:05:17 -------- d-----w- c:\program files\Nokia
2012-10-10 15:48:54 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2012-10-10 15:48:54 1159680 ----a-w- c:\windows\system32\crypt32.dll
2012-10-10 15:48:54 103936 ----a-w- c:\windows\system32\cryptnet.dll
2012-10-10 15:48:51 1211760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-10-10 15:48:50 542208 ----a-w- c:\windows\system32\kerberos.dll
2012-10-10 15:48:49 3914096 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-10-10 15:48:48 3968880 ----a-w- c:\windows\system32\ntkrnlpa.exe
.
==================== Find3M ====================
.
2012-11-02 18:17:54 25944 ----a-w- c:\windows\system32\drivers\klmouflt.sys
2012-11-02 18:17:49 25944 ----a-w- c:\windows\system32\drivers\klkbdflt.sys
2012-10-10 16:39:31 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-10 16:39:31 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-21 03:25:33 139848 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2012-09-21 03:25:22 282696 ----a-w- c:\windows\system32\PnkBstrB.xtr
2012-09-21 03:25:22 282696 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-09-20 18:01:06 282696 ----a-w- c:\windows\system32\PnkBstrB.ex0
2012-09-18 03:11:25 76888 ----a-w- c:\windows\system32\PnkBstrA.exe
2012-09-14 18:28:53 2048 ----a-w- c:\windows\system32\tzres.dll
2012-08-30 19:13:00 888168 ----a-w- c:\windows\system32\nvdispgenco32.dll
2012-08-30 19:13:00 7626088 ----a-w- c:\windows\system32\nvcuda.dll
2012-08-30 19:13:00 6109032 ----a-w- c:\windows\system32\nvopencl.dll
2012-08-30 19:13:00 2573672 ----a-w- c:\windows\system32\nvcuvid.dll
2012-08-30 19:13:00 2422120 ----a-w- c:\windows\system32\nvapi.dll
2012-08-30 19:13:00 19828584 ----a-w- c:\windows\system32\nvoglv32.dll
2012-08-30 19:13:00 1866088 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-08-30 19:13:00 17559912 ----a-w- c:\windows\system32\nvcompiler.dll
2012-08-30 19:13:00 15291752 ----a-w- c:\windows\system32\nvd3dum.dll
2012-08-30 19:13:00 12465512 ----a-w- c:\windows\system32\nvwgf2um.dll
2012-08-30 19:13:00 10790760 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-08-30 19:13:00 1009512 ----a-w- c:\windows\system32\nvdispco32.dll
2012-08-30 15:57:55 645992 ----a-w- c:\windows\system32\nvvsvc.exe
2012-08-30 15:57:54 62312 ----a-w- c:\windows\system32\nvshext.dll
2012-08-30 15:57:54 108392 ----a-w- c:\windows\system32\nvmctray.dll
2012-08-30 15:57:32 3963240 ----a-w- c:\windows\system32\nvcpl.dll
2012-08-30 15:57:27 2836840 ----a-w- c:\windows\system32\nvsvc.dll
2012-08-30 03:40:14 429416 ----a-w- c:\windows\system32\nvStreaming.exe
2012-08-24 16:57:48 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-08-24 06:59:17 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-08-24 06:51:27 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 06:51:02 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-24 06:47:26 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-24 06:47:12 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-08-24 06:43:58 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-24 02:05:00 143360 ----a-w- c:\windows\system32\rztouchdll.dll
2012-08-24 02:04:58 592384 ----a-w- c:\windows\system32\rzdevicedll.dll
2012-08-24 02:04:56 165888 ----a-w- c:\windows\system32\rzaudiodll.dll
2012-08-22 17:16:54 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 17:16:46 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 17:16:46 240496 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 17:16:36 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 20:12:27 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-08-20 17:40:31 169984 ----a-w- c:\windows\system32\winsrv.dll
2012-08-20 17:40:01 293376 ----a-w- c:\windows\system32\KernelBase.dll
2012-08-20 17:37:58 271360 ----a-w- c:\windows\system32\conhost.exe
2012-08-20 15:33:28 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-08-20 15:33:28 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 15:33:28 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 15:33:28 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-08-17 06:46:20 3456 ----a-w- c:\windows\system32\drivers\rzkbdhid.sys
2012-08-17 06:46:20 22400 ----a-w- c:\windows\system32\drivers\rzdaendpt.sys
2012-08-17 06:46:20 19840 ----a-w- c:\windows\system32\drivers\rzvkeyboard.sys
2012-08-17 06:46:16 91776 ----a-w- c:\windows\system32\drivers\rzudd.sys
2012-08-17 06:46:16 18944 ----a-w- c:\windows\system32\drivers\rzendpt.sys
2012-08-13 09:49:44 144344 ----a-w- c:\windows\system32\drivers\kneps.sys
.
============= FINISH: 4:10:38.83 ===============

Attached Files


Edited by double_digitz, 02 November 2012 - 04:58 PM.


BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:08:33 AM

Posted 03 November 2012 - 12:27 PM

Please do the following:

Download the appropriate version for your system of the Farbar Recovery Scan Tool and save it to a flash drive.


Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to the disclaimer.
[*]Place a check next to List Drivers MD5 as well as the default check marks that are already there
[*]Press Scan button.
[*]type exit and reboot the computer normally
[*]FRST will make a log (FRST.txt) on the flash drive, please copy and paste the log in your reply.[/list]

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 double_digitz

double_digitz
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:33 PM

Posted 09 November 2012 - 08:35 AM

hi thanks CatByte. Sorry for the late reply.

i will do all the things that are mentioned above.

Edited by double_digitz, 09 November 2012 - 09:05 AM.


#4 double_digitz

double_digitz
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:33 PM

Posted 09 November 2012 - 09:14 AM

Hi CatByte, here is the log of FRST


Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-11-2012
Ran by SYSTEM at 09-11-2012 21:08:04
Running from F:\
Windows 7 Ultimate Service Pack 1 (X86) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [ROC_ROC_NT] "C:\Program Files\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT [x]
HKLM\...\Run: [] [x]
HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s [10996368 2012-06-10] (Realtek Semiconductor)
HKLM\...\Run: [Razer Synapse] "C:\Program Files\Razer\Synapse\RzSynapse.exe" [336304 2012-10-10] (Razer USA Ltd)
HKLM\...\Run: [ROC_roc_ssl_v12] "C:\Program Files\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12 [x]
HKLM\...\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe" [218880 2012-08-17] (Kaspersky Lab ZAO)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [926896 2012-09-23] (Adobe Systems Incorporated)
HKU\intel\...\Run: [] [x]
HKU\UpdatusUser\...\Run: [3COM] "C:\Program Files\3Com\3Com Wireless USB Utility\Wlan.exe" [733184 2006-05-08] (3Com)
HKU\UpdatusUser\...\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot [x]
HKU\UpdatusUser\...\Run: [Google Update] "C:\Users\intel\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-09-14] (Google Inc.)
HKU\UpdatusUser\...\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun [x]
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 61.247.0.4

==================== Services (Whitelisted) ===================

2 AVP; "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe" -r [218880 2012-08-17] (Kaspersky Lab ZAO)
2 MBAMScheduler; "C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe" [399432 2012-09-29] (Malwarebytes Corporation)
2 MBAMService; "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe" [676936 2012-09-29] (Malwarebytes Corporation)
2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76888 2012-09-17] ()

==================== Drivers (Whitelisted) ====================

0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [136024 2012-06-19] (Kaspersky Lab ZAO)
1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [587096 2012-11-02] (Kaspersky Lab)
1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [24408 2012-08-02] (Kaspersky Lab ZAO)
3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [25944 2012-11-02] (Kaspersky Lab)
3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [25944 2012-11-02] (Kaspersky Lab)
1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [43608 2012-06-07] (Kaspersky Lab)
1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [144344 2012-08-13] (Kaspersky Lab)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [22856 2012-09-29] (Malwarebytes Corporation)
3 nmwcdnsu; C:\Windows\System32\drivers\nmwcdnsu.sys [137600 2012-01-09] (Nokia)
3 nmwcdnsuc; C:\Windows\System32\drivers\nmwcdnsuc.sys [8576 2012-01-09] (Nokia)
3 rzdaendpt; C:\Windows\System32\DRIVERS\rzdaendpt.sys [22400 2012-08-16] (Razer USA Ltd)
3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [18944 2012-08-16] (Razer USA Ltd)
3 rzudd; C:\Windows\System32\DRIVERS\rzudd.sys [91776 2012-08-16] (Razer USA Ltd)
3 rzvkeyboard; C:\Windows\System32\DRIVERS\rzvkeyboard.sys [19840 2012-08-16] (Razer USA Ltd)
3 ZDPSp50; C:\Windows\System32\Drivers\ZDPSp50.sys [17664 2004-10-24] (Printing Communications Assoc., Inc. (PCAUSA))
0 ffldu; C:\Windows\System32\drivers\hqnigeol.sys [x]
3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2012-11-02 13:17 - 2012-11-02 13:17 - 316488892 ____A C:\Windows\MEMORY.DMP
2012-11-02 13:17 - 2012-11-02 13:17 - 00161680 ____A C:\Windows\Minidump\110312-28267-01.dmp
2012-11-02 13:17 - 2012-11-02 13:17 - 00000000 ____D C:\Windows\Minidump
2012-11-02 13:10 - 2012-11-02 13:10 - 00017862 ____A C:\Users\intel\Desktop\dds.txt
2012-11-02 13:10 - 2012-11-02 13:10 - 00010272 ____A C:\Users\intel\Desktop\attach.txt
2012-11-02 12:46 - 2012-11-02 12:46 - 00000000 ____D C:\Windows\System32\appmgmt
2012-11-02 12:29 - 2012-11-02 13:41 - 00000000 ____D C:\Users\intel\Downloads\Bleeping Computer
2012-11-02 12:28 - 2012-11-02 12:28 - 00001989 ____A C:\Users\Public\Desktop\Adobe Reader XI.lnk
2012-11-02 12:28 - 2012-11-02 12:28 - 00000000 ____D C:\Program Files\Common Files\Adobe
2012-11-02 12:28 - 2012-11-02 12:28 - 00000000 ____D C:\Program Files\Adobe
2012-11-02 12:18 - 2012-11-02 12:18 - 00000000 ____A C:\Users\intel\defogger_reenable
2012-11-02 12:02 - 2012-11-02 12:02 - 00003280 ____N C:\bootsqm.dat
2012-11-02 11:19 - 2012-11-02 11:19 - 00001067 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-11-02 11:19 - 2012-11-02 11:19 - 00000000 ____D C:\Users\intel\AppData\Roaming\Malwarebytes
2012-11-02 11:19 - 2012-11-02 11:19 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-11-02 11:19 - 2012-11-02 11:19 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2012-11-02 11:19 - 2012-09-29 04:54 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-11-02 09:09 - 2012-11-09 05:36 - 00000000 ____D C:\Users\All Users\Kaspersky Lab
2012-11-02 09:09 - 2012-11-02 10:17 - 00587096 ____A (Kaspersky Lab) C:\Windows\System32\Drivers\klif.sys
2012-11-02 09:09 - 2012-11-02 09:09 - 00000000 ____D C:\Windows\ELAMBKUP
2012-11-02 09:09 - 2012-11-02 09:09 - 00000000 ____D C:\Program Files\Kaspersky Lab
2012-11-02 09:09 - 2012-08-13 03:24 - 00075096 ____A (Kaspersky Lab) C:\Windows\System32\Drivers\klflt.sys
2012-11-02 07:52 - 2012-11-02 07:52 - 00000000 ____D C:\Users\intel\AppData\Local\Avg2013
2012-11-02 07:18 - 2012-11-02 07:18 - 00000000 __SHD C:\found.001
2012-11-01 22:47 - 2012-11-01 22:47 - 00000000 ____D C:\Users\intel\AppData\Roaming\AVG2012
2012-11-01 22:19 - 2012-11-01 22:19 - 00000000 __SHD C:\found.000
2012-10-22 20:10 - 2012-11-01 23:53 - 00000000 ____D C:\Users\All Users\AVG2012
2012-10-18 16:23 - 2012-10-18 16:23 - 00000000 ____D C:\Users\intel\Downloads\Expendables 2
2012-10-16 17:38 - 2012-10-16 17:38 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_WinUsb_01009.Wdf
2012-10-16 17:23 - 2012-10-16 17:23 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_rzdaendpt_01009.Wdf
2012-10-12 05:14 - 2012-10-12 05:14 - 00286076 ____A C:\Windows\msxml4-KB973688-enu.LOG
2012-10-12 05:14 - 2012-10-12 05:14 - 00279234 ____A C:\Windows\msxml4-KB954430-enu.LOG
2012-10-12 05:14 - 2012-10-12 05:14 - 00000000 ____D C:\Program Files\MSXML 4.0
2012-10-12 04:40 - 2012-10-12 04:40 - 00000900 ____A C:\Users\Public\Desktop\Borderlands 2.lnk
2012-10-12 04:39 - 2012-10-12 04:39 - 00000000 ____D C:\Windows\System32\directx
2012-10-12 04:27 - 2012-10-12 04:27 - 00000000 _RASH C:\MSDOS.SYS
2012-10-12 04:27 - 2012-10-12 04:27 - 00000000 _RASH C:\IO.SYS
2012-10-11 07:59 - 2012-10-11 07:59 - 00000000 ____D C:\Users\intel\AppData\Roaming\Nokia
2012-10-11 07:12 - 2012-10-11 07:12 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_ccdcmb_01009.Wdf
2012-10-11 07:11 - 2012-10-11 07:11 - 00000000 ____D C:\Users\intel\AppData\Local\NokiaAccount
2012-10-11 07:06 - 2012-10-11 07:16 - 00000000 ____D C:\Users\intel\AppData\Roaming\PC Suite
2012-10-11 07:06 - 2012-10-11 07:09 - 00000000 ____D C:\Users\intel\AppData\Local\Nokia
2012-10-11 07:06 - 2012-10-11 07:06 - 00002047 ____A C:\Users\Public\Desktop\Nokia Suite.lnk
2012-10-11 07:06 - 2012-10-11 07:06 - 00000000 ____D C:\Users\All Users\PC Suite
2012-10-11 07:06 - 2012-10-11 07:06 - 00000000 ____D C:\Users\All Users\Nokia
2012-10-11 07:06 - 2012-10-11 07:06 - 00000000 ____D C:\Program Files\DIFX
2012-10-11 07:06 - 2012-10-11 07:06 - 00000000 ____D C:\Program Files\Common Files\Nokia
2012-10-11 07:06 - 2012-06-27 00:18 - 00019072 ____A (Nokia) C:\Windows\System32\Drivers\pccsmcfd.sys
2012-10-11 07:05 - 2012-10-11 07:06 - 00000000 ____D C:\Program Files\Nokia
2012-10-11 07:05 - 2012-10-11 07:05 - 00000000 ____D C:\Users\All Users\NokiaInstallerCache
2012-10-11 07:05 - 2012-10-11 07:05 - 00000000 ____D C:\Program Files\PC Connectivity Solution
2012-10-11 07:05 - 2012-01-09 02:28 - 00075264 ____A (Nokia) C:\Windows\System32\nmwcdcls.dll
2012-10-10 07:49 - 2012-09-14 10:28 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2012-10-10 07:49 - 2012-08-24 08:57 - 00172544 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-10-10 07:49 - 2012-08-20 09:40 - 00868352 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2012-10-10 07:49 - 2012-08-20 09:40 - 00293376 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2012-10-10 07:49 - 2012-08-20 09:40 - 00169984 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2012-10-10 07:49 - 2012-08-20 09:37 - 00271360 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2012-10-10 07:49 - 2012-08-20 09:32 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2012-10-10 07:49 - 2012-08-20 09:32 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2012-10-10 07:49 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-10-10 07:49 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2012-10-10 07:49 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2012-10-10 07:49 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2012-10-10 07:49 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2012-10-10 07:49 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-10-10 07:49 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-10-10 07:49 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2012-10-10 07:49 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-10-10 07:49 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2012-10-10 07:49 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2012-10-10 07:49 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2012-10-10 07:49 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-10-10 07:49 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2012-10-10 07:49 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2012-10-10 07:49 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2012-10-10 07:49 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2012-10-10 07:49 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-10-10 07:49 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2012-10-10 07:49 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2012-10-10 07:49 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2012-10-10 07:49 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2012-10-10 07:49 - 2012-08-20 07:33 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2012-10-10 07:49 - 2012-08-20 07:33 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2012-10-10 07:49 - 2012-08-20 07:33 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2012-10-10 07:49 - 2012-08-20 07:33 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2012-10-10 07:48 - 2012-08-31 09:18 - 01211760 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2012-10-10 07:48 - 2012-08-30 09:12 - 03968880 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2012-10-10 07:48 - 2012-08-30 09:12 - 03914096 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-10-10 07:48 - 2012-08-10 15:56 - 00542208 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2012-10-10 07:48 - 2012-06-01 20:36 - 01159680 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-10-10 07:48 - 2012-06-01 20:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-10-10 07:48 - 2012-06-01 20:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll


==================== One Month Modified Files and Folders ========

2012-11-09 21:01 - 2012-11-09 21:01 - 00000000 ____D C:\FRST
2012-11-09 05:42 - 2012-09-12 11:15 - 01187190 ____A C:\Windows\WindowsUpdate.log
2012-11-09 05:42 - 2009-07-13 20:34 - 00026352 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-11-09 05:42 - 2009-07-13 20:34 - 00026352 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-11-09 05:41 - 2010-11-20 13:01 - 00778378 ____A C:\Windows\System32\PerfStringBackup.INI
2012-11-09 05:39 - 2012-09-24 20:25 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-11-09 05:36 - 2012-11-02 09:09 - 00000000 ____D C:\Users\All Users\Kaspersky Lab
2012-11-09 05:36 - 2012-09-11 21:40 - 00000000 ____D C:\Users\All Users\NVIDIA
2012-11-09 05:36 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-11-09 05:36 - 2009-07-13 20:39 - 00041320 ____A C:\Windows\setupact.log
2012-11-02 13:51 - 2012-09-14 22:36 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1958521461-1285927836-460733314-1000UA.job
2012-11-02 13:41 - 2012-11-02 12:29 - 00000000 ____D C:\Users\intel\Downloads\Bleeping Computer
2012-11-02 13:17 - 2012-11-02 13:17 - 316488892 ____A C:\Windows\MEMORY.DMP
2012-11-02 13:17 - 2012-11-02 13:17 - 00161680 ____A C:\Windows\Minidump\110312-28267-01.dmp
2012-11-02 13:17 - 2012-11-02 13:17 - 00000000 ____D C:\Windows\Minidump
2012-11-02 13:11 - 2012-08-28 21:36 - 00000000 ____D C:\Users\intel\AppData\Roaming\TeraCopy
2012-11-02 13:10 - 2012-11-02 13:10 - 00017862 ____A C:\Users\intel\Desktop\dds.txt
2012-11-02 13:10 - 2012-11-02 13:10 - 00010272 ____A C:\Users\intel\Desktop\attach.txt
2012-11-02 13:04 - 2010-11-20 13:48 - 00025592 ____A C:\Windows\PFRO.log
2012-11-02 12:50 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\DriverStore
2012-11-02 12:46 - 2012-11-02 12:46 - 00000000 ____D C:\Windows\System32\appmgmt
2012-11-02 12:28 - 2012-11-02 12:28 - 00001989 ____A C:\Users\Public\Desktop\Adobe Reader XI.lnk
2012-11-02 12:28 - 2012-11-02 12:28 - 00000000 ____D C:\Program Files\Common Files\Adobe
2012-11-02 12:28 - 2012-11-02 12:28 - 00000000 ____D C:\Program Files\Adobe
2012-11-02 12:28 - 2012-08-28 21:33 - 00000000 ____D C:\Users\All Users\Adobe
2012-11-02 12:23 - 2012-09-21 02:17 - 00000000 ____D C:\Users\intel\AppData\Roaming\uTorrent
2012-11-02 12:19 - 2012-09-12 21:43 - 00000000 ____D C:\Users\intel\AppData\Roaming\DMCache
2012-11-02 12:18 - 2012-11-02 12:18 - 00000000 ____A C:\Users\intel\defogger_reenable
2012-11-02 12:18 - 2012-08-28 21:22 - 00000000 ____D C:\users\intel
2012-11-02 12:02 - 2012-11-02 12:02 - 00003280 ____N C:\bootsqm.dat
2012-11-02 11:19 - 2012-11-02 11:19 - 00001067 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-11-02 11:19 - 2012-11-02 11:19 - 00000000 ____D C:\Users\intel\AppData\Roaming\Malwarebytes
2012-11-02 11:19 - 2012-11-02 11:19 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-11-02 11:19 - 2012-11-02 11:19 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2012-11-02 10:17 - 2012-11-02 09:09 - 00587096 ____A (Kaspersky Lab) C:\Windows\System32\Drivers\klif.sys
2012-11-02 10:17 - 2012-07-24 23:53 - 00025944 ____A (Kaspersky Lab) C:\Windows\System32\Drivers\klmouflt.sys
2012-11-02 10:17 - 2012-05-25 04:38 - 00025944 ____A (Kaspersky Lab) C:\Windows\System32\Drivers\klkbdflt.sys
2012-11-02 10:13 - 2012-09-15 00:21 - 00000000 ____D C:\Program Files\Razer
2012-11-02 10:13 - 2012-05-11 21:37 - 00000000 ____D C:\Users\intel\Downloads\Compressed
2012-11-02 10:13 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\wfp
2012-11-02 10:13 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\registration
2012-11-02 10:09 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\LogFiles
2012-11-02 09:09 - 2012-11-02 09:09 - 00000000 ____D C:\Windows\ELAMBKUP
2012-11-02 09:09 - 2012-11-02 09:09 - 00000000 ____D C:\Program Files\Kaspersky Lab
2012-11-02 09:03 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\rescache
2012-11-02 07:57 - 2012-09-14 23:17 - 00000000 ____D C:\Users\All Users\AVG2013
2012-11-02 07:57 - 2012-09-14 23:07 - 00000000 ____D C:\Users\All Users\MFAData
2012-11-02 07:52 - 2012-11-02 07:52 - 00000000 ____D C:\Users\intel\AppData\Local\Avg2013
2012-11-02 07:19 - 2009-07-13 20:53 - 00032570 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-11-02 07:18 - 2012-11-02 07:18 - 00000000 __SHD C:\found.001
2012-11-01 23:53 - 2012-10-22 20:10 - 00000000 ____D C:\Users\All Users\AVG2012
2012-11-01 22:47 - 2012-11-01 22:47 - 00000000 ____D C:\Users\intel\AppData\Roaming\AVG2012
2012-11-01 22:19 - 2012-11-01 22:19 - 00000000 __SHD C:\found.000
2012-11-01 21:54 - 2012-09-14 22:36 - 00000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1958521461-1285927836-460733314-1000Core.job
2012-10-22 20:10 - 2012-09-14 23:16 - 00000000 ____D C:\Program Files\AVG
2012-10-22 18:56 - 2012-09-24 05:43 - 00000000 ____D C:\Users\intel\Downloads\Borderlands 2
2012-10-18 16:23 - 2012-10-18 16:23 - 00000000 ____D C:\Users\intel\Downloads\Expendables 2
2012-10-16 17:38 - 2012-10-16 17:38 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_WinUsb_01009.Wdf
2012-10-16 17:23 - 2012-10-16 17:23 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_rzdaendpt_01009.Wdf
2012-10-16 07:44 - 2012-09-24 05:43 - 00000702 ____A C:\Users\intel\Documents\profile.bin
2012-10-16 04:16 - 2012-09-24 05:43 - 00000364 ____A C:\Users\intel\Downloads\profile.bin
2012-10-12 05:14 - 2012-10-12 05:14 - 00286076 ____A C:\Windows\msxml4-KB973688-enu.LOG
2012-10-12 05:14 - 2012-10-12 05:14 - 00279234 ____A C:\Windows\msxml4-KB954430-enu.LOG
2012-10-12 05:14 - 2012-10-12 05:14 - 00000000 ____D C:\Program Files\MSXML 4.0
2012-10-12 04:40 - 2012-10-12 04:40 - 00000900 ____A C:\Users\Public\Desktop\Borderlands 2.lnk
2012-10-12 04:39 - 2012-10-12 04:39 - 00000000 ____D C:\Windows\System32\directx
2012-10-12 04:27 - 2012-10-12 04:27 - 00000000 _RASH C:\MSDOS.SYS
2012-10-12 04:27 - 2012-10-12 04:27 - 00000000 _RASH C:\IO.SYS
2012-10-11 07:59 - 2012-10-11 07:59 - 00000000 ____D C:\Users\intel\AppData\Roaming\Nokia
2012-10-11 07:53 - 2012-08-28 21:34 - 00002445 ____A C:\Users\intel\Desktop\Google Chrome.lnk
2012-10-11 07:16 - 2012-10-11 07:06 - 00000000 ____D C:\Users\intel\AppData\Roaming\PC Suite
2012-10-11 07:12 - 2012-10-11 07:12 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_ccdcmb_01009.Wdf
2012-10-11 07:11 - 2012-10-11 07:11 - 00000000 ____D C:\Users\intel\AppData\Local\NokiaAccount
2012-10-11 07:09 - 2012-10-11 07:06 - 00000000 ____D C:\Users\intel\AppData\Local\Nokia
2012-10-11 07:06 - 2012-10-11 07:06 - 00002047 ____A C:\Users\Public\Desktop\Nokia Suite.lnk
2012-10-11 07:06 - 2012-10-11 07:06 - 00000000 ____D C:\Users\All Users\PC Suite
2012-10-11 07:06 - 2012-10-11 07:06 - 00000000 ____D C:\Users\All Users\Nokia
2012-10-11 07:06 - 2012-10-11 07:06 - 00000000 ____D C:\Program Files\DIFX
2012-10-11 07:06 - 2012-10-11 07:06 - 00000000 ____D C:\Program Files\Common Files\Nokia
2012-10-11 07:06 - 2012-10-11 07:05 - 00000000 ____D C:\Program Files\Nokia
2012-10-11 07:06 - 2012-09-15 00:31 - 00068030 ____A C:\Windows\DPINST.LOG
2012-10-11 07:05 - 2012-10-11 07:05 - 00000000 ____D C:\Users\All Users\NokiaInstallerCache
2012-10-11 07:05 - 2012-10-11 07:05 - 00000000 ____D C:\Program Files\PC Connectivity Solution
2012-10-10 10:12 - 2012-09-14 21:53 - 62968832 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-10-10 08:39 - 2012-09-24 20:25 - 00696760 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-10-10 08:39 - 2012-09-24 20:25 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl


==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-11-01 21:33:31
Restore point made on: 2012-11-01 21:38:03
Restore point made on: 2012-11-01 21:45:33
Restore point made on: 2012-11-01 21:45:50
Restore point made on: 2012-11-01 22:03:39
Restore point made on: 2012-11-01 22:06:16
Restore point made on: 2012-11-01 22:38:08
Restore point made on: 2012-11-01 22:38:24
Restore point made on: 2012-11-01 23:49:27
Restore point made on: 2012-11-01 23:51:41
Restore point made on: 2012-11-02 00:10:38
Restore point made on: 2012-11-02 00:10:55
Restore point made on: 2012-11-02 07:45:59
Restore point made on: 2012-11-02 07:52:58
Restore point made on: 2012-11-02 12:46:37

==================== Memory info ===========================

Percentage of memory in use: 11%
Total physical RAM: 4094.49 MB
Available physical RAM: 3633.8 MB
Total Pagefile: 4092.78 MB
Available Pagefile: 3626.98 MB
Total Virtual: 2047.88 MB
Available Virtual: 1971.19 MB

==================== Partitions =============================

1 Drive c: () (Fixed) (Total:97.65 GB) (Free:61.27 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (data) (Fixed) (Total:135.22 GB) (Free:97.24 GB) NTFS
4 Drive f: () (Removable) (Total:1.91 GB) (Free:1.14 GB) FAT
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 232 GB 8 MB
Disk 1 Online 1960 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 97 GB 31 KB
Partition 0 Extended 135 GB 97 GB
Partition 2 Logical 135 GB 97 GB

=========================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C NTFS Partition 97 GB Healthy

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D data NTFS Partition 135 GB Healthy

=========================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1960 MB 56 KB

=========================================================

Disk: 1
Partition 1
Type : 06
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F FAT Removable 1960 MB Healthy

=========================================================

Last Boot: 2012-11-02 02:07

==================== End Of Log ============================

#5 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:08:33 AM

Posted 09 November 2012 - 04:59 PM

Please do the following:


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
HKLM\...\Run: [] [x]
HKU\intel\...\Run: [] [x]
0 ffldu; C:\Windows\System32\drivers\hqnigeol.sys [x]
end

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options then select Command Prompt

Run FRST (or FRST64 if you have the 64bit version) and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Reboot Normally.



NEXT



Refer to the ComboFix User's Guide

  • Download ComboFix from the following location:

    Link

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#6 double_digitz

double_digitz
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:33 PM

Posted 11 November 2012 - 12:09 PM

Hi CatByte.


Here is my fixlog

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 07-11-2012
Ran by SYSTEM at 2012-11-10 10:10:25 Run:1
Running from F:\

==============================================

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ Default Value restored successfully.
ffldu service deleted successfully.

==== End of Fixlog ====


Here is my ComboFix log

ComboFix 12-11-09.02 - intel 10-Nov-12 10:26:24.1.4 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3582.2784 [GMT 7:00]
Running from: c:\users\intel\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
FW: Kaspersky Internet Security *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
SP: Kaspersky Internet Security *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-10-10 to 2012-11-10 )))))))))))))))))))))))))))))))
.
.
2012-11-10 05:01 . 2012-11-10 05:01 -------- d-----w- C:\FRST
2012-11-10 03:37 . 2012-11-10 03:37 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-11-10 03:37 . 2012-11-10 03:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-02 20:28 . 2012-11-02 20:28 -------- d-----w- c:\program files\Common Files\Adobe
2012-11-02 19:19 . 2012-11-02 19:19 -------- d-----w- c:\users\intel\AppData\Roaming\Malwarebytes
2012-11-02 19:19 . 2012-11-02 19:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-11-02 19:19 . 2012-11-02 19:19 -------- d-----w- c:\programdata\Malwarebytes
2012-11-02 19:19 . 2012-09-29 12:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-02 17:09 . 2012-11-02 17:09 -------- d-----w- c:\windows\ELAMBKUP
2012-11-02 17:09 . 2012-11-10 03:11 -------- d-----w- c:\programdata\Kaspersky Lab
2012-11-02 17:09 . 2012-11-02 17:09 -------- d-----w- c:\program files\Kaspersky Lab
2012-11-02 17:09 . 2012-08-13 11:24 75096 ----a-w- c:\windows\system32\drivers\klflt.sys
2012-11-02 15:52 . 2012-11-02 15:52 -------- d-----w- c:\users\intel\AppData\Local\Avg2013
2012-11-02 15:18 . 2012-11-02 15:18 -------- d-----w- C:\found.001
2012-11-02 06:47 . 2012-11-02 06:47 -------- d-----w- c:\users\intel\AppData\Roaming\AVG2012
2012-11-02 06:19 . 2012-11-02 06:19 -------- d-----w- C:\found.000
2012-11-02 03:20 . 2012-10-16 19:32 6918632 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A6C00BB6-D934-41C1-A092-620F3444C2A7}\mpengine.dll
2012-10-23 04:10 . 2012-11-02 07:53 -------- d-----w- c:\programdata\AVG2012
2012-10-17 16:50 . 2012-10-17 16:52 -------- dc----w- c:\users\intel\AppData\Local\MigWiz
2012-10-12 13:14 . 2012-10-12 13:14 -------- d-----w- c:\program files\MSXML 4.0
2012-10-11 15:59 . 2012-10-11 15:59 -------- d-----w- c:\users\intel\AppData\Roaming\Nokia
2012-10-11 15:06 . 2012-10-11 15:09 -------- d-----w- c:\users\intel\AppData\Local\Nokia
2012-10-11 15:06 . 2012-10-11 15:16 -------- d-----w- c:\users\intel\AppData\Roaming\PC Suite
2012-10-11 15:06 . 2012-10-11 15:06 -------- d-----w- c:\programdata\PC Suite
2012-10-11 15:06 . 2012-10-11 15:06 -------- d-----w- c:\programdata\Nokia
2012-10-11 15:06 . 2012-10-11 15:06 -------- d-----w- c:\program files\Common Files\Nokia
2012-10-11 15:06 . 2012-10-11 15:06 -------- d-----w- c:\program files\DIFX
2012-10-11 15:06 . 2012-06-27 08:18 19072 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2012-10-11 15:06 . 2012-10-11 15:06 -------- dc----w- c:\windows\system32\DRVSTORE
2012-10-11 15:05 . 2012-10-11 15:05 -------- d-----w- c:\program files\PC Connectivity Solution
2012-10-11 15:05 . 2012-01-09 10:28 75264 ----a-w- c:\windows\system32\nmwcdcls.dll
2012-10-11 15:05 . 2012-10-11 15:06 -------- d-----w- c:\program files\Nokia
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-02 18:17 . 2012-07-25 07:53 25944 ----a-w- c:\windows\system32\drivers\klmouflt.sys
2012-11-02 18:17 . 2012-05-25 12:38 25944 ----a-w- c:\windows\system32\drivers\klkbdflt.sys
2012-10-10 16:39 . 2012-09-25 04:25 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-10 16:39 . 2012-09-25 04:25 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-21 03:25 . 2012-09-18 03:12 139848 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2012-09-21 03:25 . 2012-09-18 03:11 282696 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-09-21 03:25 . 2012-09-18 03:11 282696 ----a-w- c:\windows\system32\PnkBstrB.xtr
2012-09-20 18:01 . 2012-09-18 03:11 282696 ----a-w- c:\windows\system32\PnkBstrB.ex0
2012-09-18 03:11 . 2012-09-18 03:11 76888 ----a-w- c:\windows\system32\PnkBstrA.exe
2012-09-15 05:47 . 2012-09-15 05:47 86528 ----a-w- c:\windows\system32\iesysprep.dll
2012-09-15 05:47 . 2012-09-15 05:47 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-09-15 05:47 . 2012-09-15 05:47 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-09-15 05:47 . 2012-09-15 05:47 74752 ----a-w- c:\windows\system32\iesetup.dll
2012-09-15 05:47 . 2012-09-15 05:47 63488 ----a-w- c:\windows\system32\tdc.ocx
2012-09-15 05:47 . 2012-09-15 05:47 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-09-15 05:47 . 2012-09-15 05:47 367104 ----a-w- c:\windows\system32\html.iec
2012-09-15 05:47 . 2012-09-15 05:47 35840 ----a-w- c:\windows\system32\imgutil.dll
2012-09-15 05:47 . 2012-09-15 05:47 23552 ----a-w- c:\windows\system32\licmgr10.dll
2012-09-15 05:47 . 2012-09-15 05:47 161792 ----a-w- c:\windows\system32\msls31.dll
2012-09-15 05:47 . 2012-09-15 05:47 152064 ----a-w- c:\windows\system32\wextract.exe
2012-09-15 05:47 . 2012-09-15 05:47 150528 ----a-w- c:\windows\system32\iexpress.exe
2012-09-15 05:47 . 2012-09-15 05:47 11776 ----a-w- c:\windows\system32\mshta.exe
2012-09-15 05:47 . 2012-09-15 05:47 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-09-15 05:47 . 2012-09-15 05:47 101888 ----a-w- c:\windows\system32\admparse.dll
2012-09-14 18:28 . 2012-10-10 15:49 2048 ----a-w- c:\windows\system32\tzres.dll
2012-08-31 17:18 . 2012-10-10 15:48 1211760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-08-30 19:13 . 2012-09-18 15:55 888168 ----a-w- c:\windows\system32\nvdispgenco32.dll
2012-08-30 19:13 . 2012-09-18 15:55 7626088 ----a-w- c:\windows\system32\nvcuda.dll
2012-08-30 19:13 . 2012-09-18 15:55 6109032 ----a-w- c:\windows\system32\nvopencl.dll
2012-08-30 19:13 . 2012-09-18 15:55 2573672 ----a-w- c:\windows\system32\nvcuvid.dll
2012-08-30 19:13 . 2012-09-18 15:55 19828584 ----a-w- c:\windows\system32\nvoglv32.dll
2012-08-30 19:13 . 2012-09-18 15:55 1866088 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-08-30 19:13 . 2012-09-18 15:55 17559912 ----a-w- c:\windows\system32\nvcompiler.dll
2012-08-30 19:13 . 2012-09-18 15:55 10790760 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-08-30 19:13 . 2012-09-12 05:39 1009512 ----a-w- c:\windows\system32\nvdispco32.dll
2012-08-30 19:13 . 2012-09-12 05:39 2422120 ----a-w- c:\windows\system32\nvapi.dll
2012-08-30 19:13 . 2012-09-12 05:39 15291752 ----a-w- c:\windows\system32\nvd3dum.dll
2012-08-30 19:13 . 2009-07-13 22:09 12465512 ----a-w- c:\windows\system32\nvwgf2um.dll
2012-08-30 17:12 . 2012-10-10 15:48 3914096 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-30 17:12 . 2012-10-10 15:48 3968880 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-08-30 15:57 . 2012-09-12 05:40 645992 ----a-w- c:\windows\system32\nvvsvc.exe
2012-08-30 15:57 . 2012-09-12 05:40 62312 ----a-w- c:\windows\system32\nvshext.dll
2012-08-30 15:57 . 2012-09-12 05:40 108392 ----a-w- c:\windows\system32\nvmctray.dll
2012-08-30 15:57 . 2012-09-12 05:40 3963240 ----a-w- c:\windows\system32\nvcpl.dll
2012-08-30 15:57 . 2012-09-12 05:40 2836840 ----a-w- c:\windows\system32\nvsvc.dll
2012-08-30 03:40 . 2012-08-30 03:40 429416 ----a-w- c:\windows\system32\nvStreaming.exe
2012-08-24 16:57 . 2012-10-10 15:49 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-08-24 06:59 . 2012-09-24 10:08 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-08-24 06:51 . 2012-09-24 10:08 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 06:51 . 2012-09-24 10:08 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-24 06:47 . 2012-09-24 10:08 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-24 06:47 . 2012-09-24 10:08 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-08-24 06:43 . 2012-09-24 10:08 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-24 02:05 . 2012-08-24 02:05 143360 ----a-w- c:\windows\system32\rztouchdll.dll
2012-08-24 02:04 . 2012-08-24 02:04 592384 ----a-w- c:\windows\system32\rzdevicedll.dll
2012-08-24 02:04 . 2012-08-24 02:04 165888 ----a-w- c:\windows\system32\rzaudiodll.dll
2012-08-22 17:16 . 2012-09-15 05:41 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 17:16 . 2012-09-15 05:41 240496 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 17:16 . 2012-09-15 05:40 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 17:16 . 2012-09-15 05:41 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 20:12 . 2012-09-26 05:07 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-08-20 17:40 . 2012-10-10 15:49 169984 ----a-w- c:\windows\system32\winsrv.dll
2012-08-20 17:40 . 2012-10-10 15:49 293376 ----a-w- c:\windows\system32\KernelBase.dll
2012-08-20 17:37 . 2012-10-10 15:49 271360 ----a-w- c:\windows\system32\conhost.exe
2012-08-20 17:32 . 2012-10-10 15:49 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 15:49 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 15:49 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 15:49 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 15:49 4096 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 15:49 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 15:49 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 15:49 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 15:49 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 15:49 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 15:49 3584 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 15:49 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 15:49 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 15:49 3072 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 15:49 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 15:49 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 15:49 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 15:49 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 15:49 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 15:49 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 15:49 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 15:49 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 15:49 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 15:49 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2012-08-20 15:33 . 2012-10-10 15:49 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-08-20 15:33 . 2012-10-10 15:49 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 15:33 . 2012-10-10 15:49 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 15:33 . 2012-10-10 15:49 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-08-17 06:46 . 2012-08-17 06:46 3456 ----a-w- c:\windows\system32\drivers\rzkbdhid.sys
2012-08-17 06:46 . 2012-08-17 06:46 22400 ----a-w- c:\windows\system32\drivers\rzdaendpt.sys
2012-08-17 06:46 . 2012-08-17 06:46 19840 ----a-w- c:\windows\system32\drivers\rzvkeyboard.sys
2012-08-17 06:46 . 2012-08-17 06:46 91776 ----a-w- c:\windows\system32\drivers\rzudd.sys
2012-08-17 06:46 . 2012-08-17 06:46 18944 ----a-w- c:\windows\system32\drivers\rzendpt.sys
2012-08-13 09:49 . 2012-08-13 09:49 144344 ----a-w- c:\windows\system32\drivers\kneps.sys
2012-09-15 06:43 . 2012-08-29 05:34 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2012-06-11 10996368]
"Razer Synapse"="c:\program files\Razer\Synapse\RzSynapse.exe" [2012-10-11 336304]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe" [2012-08-17 218880]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-23 926896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\3COM]
2006-05-09 03:08 733184 ----a-w- c:\program files\3Com\3Com Wireless USB Utility\Wlan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-09-23 13:43 926896 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2012-09-15 06:36 116648 ----atw- c:\users\intel\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 17:47 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaSuite.exe]
2012-08-03 09:06 1086376 ----a-w- c:\program files\Nokia\Nokia Suite\NokiaSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2012-09-15 08:09 1353080 ----a-w- c:\program files\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2010-01-13 22:44 37888 ----a-w- c:\program files\Winamp\winampa.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\system32\DRIVERS\athrusb.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [x]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [x]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys [x]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S3 rzdaendpt;Razer DeathAdder end point;c:\windows\system32\DRIVERS\rzdaendpt.sys [x]
S3 rzendpt;rzendpt;c:\windows\system32\DRIVERS\rzendpt.sys [x]
S3 rzudd;Razer Keyboard Driver;c:\windows\system32\DRIVERS\rzudd.sys [x]
S3 rzvkeyboard;Razer Virtual Keyboard Driver;c:\windows\system32\DRIVERS\rzvkeyboard.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-25 16:39]
.
2012-11-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1958521461-1285927836-460733314-1000Core.job
- c:\users\intel\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-15 06:36]
.
2012-11-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1958521461-1285927836-460733314-1000UA.job
- c:\users\intel\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-15 06:36]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\intel\AppData\Roaming\Mozilla\Firefox\Profiles\wajsqbcg.default\
FF - ExtSQL: 2012-09-15 14:03; mozilla_cc@internetdownloadmanager.com; c:\users\intel\AppData\Roaming\IDM\idmmzcc5
FF - ExtSQL: 2012-09-15 14:20; avg@toolbar; c:\programdata\AVG Secure Search\12.2.5.34
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-ROC_ROC_NT - c:\program files\AVG Secure Search\ROC_ROC_NT.exe
HKLM-Run-ROC_roc_ssl_v12 - c:\program files\AVG Secure Search\ROC_roc_ssl_v12.exe
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe
MSConfigStartUp-DAEMON Tools Lite - c:\program files\DAEMON Tools Lite\DTLite.exe
MSConfigStartUp-IDMan - c:\program files\Internet Download Manager\IDMan.exe
AddRemove-{6D87CAD9-9B94-4421-A439-B25F8DE14575} - c:\program files (x86)\InstallShield Installation Information\{6D87CAD9-9B94-4421-A439-B25F8DE14575}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-11-10 10:53:44
ComboFix-quarantined-files.txt 2012-11-10 03:53
.
Pre-Run: 65,474,957,312 bytes free
Post-Run: 65,050,992,640 bytes free
.
- - End Of File - - 22B919AAEE3BC5A4569F208BF74BC17A

Edited by double_digitz, 11 November 2012 - 12:09 PM.


#7 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:08:33 AM

Posted 11 November 2012 - 01:30 PM

Please do the following:

  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#8 double_digitz

double_digitz
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:33 PM

Posted 14 November 2012 - 04:25 AM

Thanks for all your help CatByte,

but unfortunately my computer now refuses to boot into windows.

i will just bring it to technician.

Thanks a lot.

#9 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:08:33 AM

Posted 14 November 2012 - 06:57 PM

when did this happen?

do you recall what happened before the system crashed?

Are you able to boot to FRST and post a new log?

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#10 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:08:33 AM

Posted 21 November 2012 - 09:35 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users