Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Random browser popups, slow pc


  • This topic is locked This topic is locked
22 replies to this topic

#1 Muki010

Muki010

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:49 PM

Posted 24 November 2012 - 10:19 AM

Hi, I'm getting random browser pop up block from avast trying to connect to some strange website and also my processor is working at 100% almost.
I was trying to run different antimalway, antivirus test, nothing found... please help,


here is my DDS log:

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16455 BrowserJavaVersion: 10.9.2
Run by Muki at 16:13:12 on 2012-11-24
#Option MBR scan is disabled.
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.421.1051.18.3572.1751 [GMT 1:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: COMODO Defense+ *Enabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_d511891fb5bff1e2\STacSV.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_d511891fb5bff1e2\aestsrv.exe
C:\apache\bin\httpd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\mysql\bin\mysqld-nt.exe
C:\Windows\system32\spool\DRIVERS\W32X86\3\OPHNLDCS.EXE
C:\Program Files\Iomega Storage Manager\pCloudd.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Spyware Terminator\st_rsser.exe
C:\Program Files\Synology\Assistant\UsbClientService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Dell\Ambient Light Sensor\AlsSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Windows\explorer.exe
C:\apache\bin\httpd.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\STOPzilla!\SZServer.exe
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\Windows\system32\taskeng.exe
C:\Users\Muki\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\System32\svchost.exe -k WerSvcGroup
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uWindow Title = Internet Explorer provided by Dell
mStart Page = hxxp://www.google.com
mDefault_Page_URL = hxxp://www1.euro.dell.com/content/default.aspx?c=uk&l=en&s=gen
uProxyServer = socks=
uProxyOverride = plimus.com,www.plimus.com,regnow.com,www.regnow.com,;*.local
uURLSearchHooks: QIPBHO Class: {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - c:\users\muki\appdata\roaming\microsoft\internet explorer\qipsearchbar.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: QIPBHO Class: {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - c:\users\muki\appdata\roaming\microsoft\internet explorer\qipsearchbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
uRun: [Google Update] "c:\users\muki\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,Start
mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [SpywareTerminatorShield] c:\program files\spyware terminator\SpywareTerminatorShield.exe
mRun: [SpywareTerminatorUpdater] c:\program files\spyware terminator\SpywareTerminatorUpdate.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
LSP: mswsock.dll
DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} - hxxp://i.dell.com/images/global/js/scanner/SysProExe.cab
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxp://support.dell.com/systemprofiler/SysProExe.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} - hxxps://plugins.valueactive.eu/flashax/iefax.cab
TCP: NameServer = 10.0.1.1
TCP: Interfaces\{3CC4FFB3-FB83-4D8B-98FA-FF2FA85839F0} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{E3F8F9CC-EF85-43F6-8D77-12AC99FC1052} : NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{FF383397-824C-4DD0-9985-32A9AF756BEA} : NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{FF383397-824C-4DD0-9985-32A9AF756BEA} : DHCPNameServer = 10.0.1.1
TCP: Interfaces\{FF383397-824C-4DD0-9985-32A9AF756BEA}\2656C6B696E6534376 : NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{FF383397-824C-4DD0-9985-32A9AF756BEA}\2656C6B696E6534376 : DHCPNameServer = 192.168.2.1 10.0.0.138
TCP: Interfaces\{FF383397-824C-4DD0-9985-32A9AF756BEA}\27262747B64786579637 : NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{FF383397-824C-4DD0-9985-32A9AF756BEA}\27262747B64786579637 : DHCPNameServer = 192.168.2.254
TCP: Interfaces\{FF383397-824C-4DD0-9985-32A9AF756BEA}\44560205F6F62747024556271637 : NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{FF383397-824C-4DD0-9985-32A9AF756BEA}\44560205F6F62747024556271637 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{FF383397-824C-4DD0-9985-32A9AF756BEA}\44560205F6F6274702745756374737 : NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{FF383397-824C-4DD0-9985-32A9AF756BEA}\44560205F6F6274702745756374737 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{FF383397-824C-4DD0-9985-32A9AF756BEA}\45162716260294E63747964757475602823656C6C6162792 : NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{FF383397-824C-4DD0-9985-32A9AF756BEA}\45162716260294E63747964757475602823656C6C6162792 : DHCPNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= c:\windows\system32\guard32.dll
SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\muki\appdata\roaming\mozilla\firefox\profiles\bb3i2u7o.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Search
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://searchfunmoods.com/?f=1&a=download&chnl=download&cd=2XzuyEtN2Y1L1QzutDtDtBtCyBtD0A0FyE0DyBzzyCyEtD0BtN0D0Tzu0CtAtByBtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1004707416&q=
FF - component: c:\users\muki\appdata\roaming\mozilla\firefox\profiles\bb3i2u7o.default\extensions\{32a1fd71-835e-4b11-8e54-886fda0b4c89}\components\qippipe.dll
FF - component: c:\users\muki\appdata\roaming\mozilla\firefox\profiles\bb3i2u7o.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nprpplugin.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
FF - plugin: c:\program files\tvuplayer\npTVUAx.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\users\muki\appdata\local\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\users\muki\appdata\locallow\square enix\nprun3d.dll
FF - plugin: c:\users\muki\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\muki\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1168638.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_287.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - plugin: c:\windows\system32\wat\npWatWeb.dll
FF - ExtSQL: 2012-10-07 02:12; {c45c406e-ab73-11d8-be73-000a95be3b12}; c:\users\muki\appdata\roaming\mozilla\firefox\profiles\bb3i2u7o.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi
FF - ExtSQL: 2012-10-22 10:54; {0153E448-190B-4987-BDE1-F256CADA672F}; c:\programdata\real\realplayer\browserrecordplugin\firefox\Ext
FF - ExtSQL: 2012-10-23 16:47; {FCAB6FDD-5585-425b-95C1-5ED856F3FD08}; c:\users\muki\appdata\roaming\mozilla\firefox\profiles\bb3i2u7o.default\extensions\{FCAB6FDD-5585-425b-95C1-5ED856F3FD08}.xpi
FF - ExtSQL: 2012-10-23 16:47; {635abd67-4fe9-1b23-4f01-e679fa7484c1}; c:\users\muki\appdata\roaming\mozilla\firefox\profiles\bb3i2u7o.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - ExtSQL: 2012-10-25 16:18; {23fcfd51-4958-4f00-80a3-ae97e717ed8b}; c:\program files\divx\divx plus web player\firefox\DivXHTML5
FF - ExtSQL: 2012-11-15 19:12; firefile@strebitzer.at; c:\users\muki\appdata\roaming\mozilla\firefox\profiles\bb3i2u7o.default\extensions\firefile@strebitzer.at.xpi
FF - ExtSQL: 2012-11-17 13:17; webmaster@keep-tube.com; c:\users\muki\appdata\roaming\mozilla\firefox\profiles\bb3i2u7o.default\extensions\webmaster@keep-tube.com.xpi
FF - ExtSQL: 2012-11-23 04:57; wrc@avast.com; c:\program files\alwil software\avast5\webrep\FF
FF - ExtSQL: 2012-11-24 15:31; ffxtlbr@funmoods.com; c:\users\muki\appdata\roaming\mozilla\firefox\profiles\bb3i2u7o.default\extensions\ffxtlbr@funmoods.com
FF - ExtSQL: !HIDDEN! 2010-01-28 21:48; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - ExtSQL: !HIDDEN! 2010-12-29 21:00; quickstores@quickstores.de; c:\program files\mozilla firefox\extensions\quickstores@quickstores.de
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: security.csp.enable - false
.
FF - user.js: extensions.funmoods.hmpg - true
FF - user.js: extensions.funmoods.hmpgUrl - hxxp://searchfunmoods.com/?f=1&a=download&chnl=download&cd=2XzuyEtN2Y1L1QzutDtDtBtCyBtD0A0FyE0DyBzzyCyEtD0BtN0D0Tzu0CtAtByBtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1004707416
FF - user.js: extensions.funmoods.dfltSrch - true
FF - user.js: extensions.funmoods.srchPrvdr - Search
FF - user.js: extensions.funmoods.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - true
FF - user.js: extensions.funmoods.newTabUrl - hxxp://searchfunmoods.com/?f=2&a=download&chnl=download&cd=2XzuyEtN2Y1L1QzutDtDtBtCyBtD0A0FyE0DyBzzyCyEtD0BtN0D0Tzu0CtAtByBtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1004707416
FF - user.js: extensions.funmoods.tlbrSrchUrl - hxxp://searchfunmoods.com/?f=3&a=download&chnl=download&cd=2XzuyEtN2Y1L1QzutDtDtBtCyBtD0A0FyE0DyBzzyCyEtD0BtN0D0Tzu0CtAtByBtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1004707416&q=
FF - user.js: extensions.funmoods.id - 002170AF4D78640B
FF - user.js: extensions.funmoods.instlDay - 15667
FF - user.js: extensions.funmoods.vrsn - 1.5.23.22
FF - user.js: extensions.funmoods.vrsni - 1.5.23.22
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.225:46:36
FF - user.js: extensions.funmoods.prtnrId - funmoods
FF - user.js: extensions.funmoods.prdct - funmoods
FF - user.js: extensions.funmoods.aflt - download
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods.tlbrId - base
FF - user.js: extensions.funmoods.instlRef - download
FF - user.js: extensions.funmoods.dfltLng -
FF - user.js: extensions.funmoods.excTlbr - false
FF - user.js: extensions.funmoods.autoRvrt - false
FF - user.js: extensions.funmoods.envrmnt - production
FF - user.js: extensions.funmoods.isdcmntcmplt - true
FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0
.
============= SERVICES / DRIVERS ===============
.
R0 SscRdBus;Virtual bus device (SuperSpeed LLC);c:\windows\system32\drivers\SscRdBus.sys [2007-12-19 62488]
R0 szkg5;szkg5;c:\windows\system32\drivers\SZKG.sys [2012-3-20 99728]
R0 szkgfs;szkgfs;c:\windows\system32\drivers\SZKGFS.sys [2012-5-4 73008]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-5-13 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2009-5-7 361032]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2010-9-10 491816]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2010-9-10 39640]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-12-2 214024]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R1 sp_rsdrv2;Spyware Terminator 2012 Realtime Shield Driver;c:\windows\system32\drivers\sp_rsdrv2.sys [2012-11-24 32768]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2012-7-11 116608]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_x86_neutral_d511891fb5bff1e2\AEstSrv.exe [2010-1-28 81920]
R2 alssvc;Ambient Light Sensor;c:\program files\dell\ambient light sensor\AlsSvc.exe [2010-1-25 382232]
R2 Angelnt;Angelnt;c:\windows\system32\drivers\ANGELNT.SYS [2011-7-14 51072]
R2 Apache2.2;Apache2.2;c:\apache\bin\httpd.exe [2008-1-17 24635]
R2 ASFAgent;ASF Agent;c:\program files\intel\asf agent\ASFAgent.exe [2010-1-25 133968]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-5-7 21256]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-1-25 58680]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2012-11-22 44808]
R2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\dell\dell controlpoint\DCPButtonSvc.exe [2010-1-25 386328]
R2 MySQLa;MySQLa;"c:\mysql\bin\mysqld-nt" --defaults-file="c:\mysql\my.ini" mysqla --> c:\mysql\bin\mysqld-nt [?]
R2 OKI OPHN DCS Loader;OKI OPHN DCS Loader;c:\windows\system32\spool\drivers\w32x86\3\OPHNLDCS.EXE [2010-10-13 24576]
R2 PCloudd;PCloudd;c:\program files\iomega storage manager\pCloudd.exe [2011-2-17 206336]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2012-11-24 77816]
R2 ST2012_Svc;Spyware Terminator 2012 Realtime Shield Service;c:\program files\spyware terminator\st_rsser.exe [2012-11-24 587472]
R2 UsbClientService;UsbClientService;c:\program files\synology\assistant\UsbClientService.exe [2011-2-18 245760]
R3 busenum;Synology Virtual USB Hub;c:\windows\system32\drivers\busenum.sys [2011-2-18 46304]
R3 cvusbdrv;Dell ControlVault;c:\windows\system32\drivers\cvusbdrv.sys [2009-6-26 33832]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y6032.sys [2008-12-3 224384]
R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys [2012-3-20 99728]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
S3 acpials;ALS Sensor Filter;c:\windows\system32\drivers\acpials.sys [2009-7-14 7680]
S3 AsfAlrt;AsfAlrt Service;c:\windows\system32\drivers\Asfalrt.sys [2007-4-19 42832]
S3 AteksoftAudio;WebCamera Plus Audio;c:\windows\system32\drivers\ateksoftaudio.sys [2011-9-12 12288]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 BEHRINGER_2902;usb-audio.de driver for BEHRINGER USB AUDIO;c:\windows\system32\drivers\BUSB2902.sys [2010-5-14 384576]
S3 BUSB_AUDIO_WDM;BEHRINGER USB WDM AUDIO;c:\windows\system32\drivers\busbwdm.sys [2010-5-14 39488]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2012-10-21 49664]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2012-9-12 1512448]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2010-12-22 13352]
S3 KMWDFILTERx86;HIDServiceDesc;c:\windows\system32\drivers\KMWDFILTER.sys [2009-4-29 25088]
S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2008-12-2 79880]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2008-12-2 35272]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2008-12-2 34216]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2008-12-2 40552]
S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2009-7-14 20992]
S3 prwntdrv;prwntdrv;c:\windows\system32\prwntdrv.sys [2011-2-5 13704]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-11-22 14848]
S3 SscRdCls;SscRdCls;c:\windows\system32\drivers\SscRdCls.sys [2007-12-19 40984]
S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2012-11-22 49664]
S3 vNICdrv;Iomega Virtual Miniport;c:\windows\system32\drivers\vNICdrv.sys [2011-1-20 17464]
S3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\wat\WatAdminSvc.exe [2010-5-24 1343400]
.
=============== File Associations ===============
.
FileExt: .js: Applications\wordpad.exe="c:\program files\windows nt\accessories\WORDPAD.EXE" "%1" [UserChoice]
.
=============== Created Last 30 ================
.
2012-11-24 14:41:36 77816 ----a-r- c:\windows\system32\drivers\sbapifs.sys
2012-11-24 14:41:10 42864 ------w- c:\windows\system32\SBBD.EXE
2012-11-24 14:40:36 -------- d-----w- c:\program files\STOPzilla!
2012-11-24 14:40:33 -------- d-----w- c:\programdata\STOPzilla!
2012-11-24 10:28:20 -------- d-----w- c:\users\muki\appdata\roaming\SUPERAntiSpyware.com
2012-11-24 10:27:49 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-11-24 10:27:49 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-11-24 10:21:28 32768 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2012-11-24 10:21:28 -------- d-----w- c:\users\muki\appdata\roaming\Spyware Terminator
2012-11-24 10:21:28 -------- d-----w- c:\programdata\Spyware Terminator
2012-11-24 10:20:22 -------- d-----w- c:\program files\Spyware Terminator
2012-11-24 09:55:26 388096 ----a-r- c:\users\muki\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2012-11-24 09:42:18 -------- d-----w- c:\users\muki\appdata\roaming\Malwarebytes
2012-11-24 09:42:03 -------- d-----w- c:\programdata\Malwarebytes
2012-11-24 09:42:00 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-24 09:42:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-11-24 09:37:11 -------- d-----w- c:\program files\Apache Group
2012-11-23 22:30:00 -------- d-----w- c:\users\muki\appdata\roaming\NCH Software
2012-11-23 22:30:00 -------- d-----w- c:\programdata\NCH Software
2012-11-22 20:57:13 44784 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-11-22 17:13:18 12288 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2012-11-22 17:13:15 14848 ----a-w- c:\windows\system32\drivers\rdpvideominiport.sys
2012-11-22 17:13:11 13312 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2012-11-22 17:13:10 12800 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
2012-11-22 17:13:03 49664 ----a-w- c:\windows\system32\drivers\TsUsbFlt.sys
2012-11-22 17:12:49 37376 ----a-w- c:\windows\system32\tsgqec.dll
2012-11-22 17:12:49 16896 ----a-w- c:\windows\system32\wksprtPS.dll
2012-11-22 17:12:48 46592 ----a-w- c:\windows\system32\MsRdpWebAccess.dll
2012-11-22 17:12:48 32768 ----a-w- c:\windows\system32\TsUsbGDCoInstaller.dll
2012-11-22 17:12:46 56320 ----a-w- c:\windows\system32\TSWbPrxy.exe
2012-11-22 17:12:46 269312 ----a-w- c:\windows\system32\aaclient.dll
2012-11-22 17:12:44 221184 ----a-w- c:\windows\system32\rdpudd.dll
2012-11-22 17:12:44 192000 ----a-w- c:\windows\system32\rdpendp_winip.dll
2012-11-22 17:12:43 317440 ----a-w- c:\windows\system32\wksprt.exe
2012-11-22 17:12:42 1048064 ----a-w- c:\windows\system32\mstsc.exe
2012-11-22 17:12:41 2739712 ----a-w- c:\windows\system32\rdpcorets.dll
2012-11-22 17:12:38 4916224 ----a-w- c:\windows\system32\mstscax.dll
2012-11-22 17:11:17 247808 ----a-w- c:\windows\system32\schannel.dll
2012-11-22 17:11:16 369856 ----a-w- c:\windows\system32\drivers\cng.sys
2012-11-22 17:11:16 136560 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-11-22 17:11:15 220160 ----a-w- c:\windows\system32\ncrypt.dll
2012-11-22 17:11:15 1039360 ----a-w- c:\windows\system32\lsasrv.dll
2012-11-22 17:11:03 514560 ----a-w- c:\windows\system32\qdvd.dll
2012-11-17 16:29:21 -------- d-----w- c:\windows\system32\Adobe
2012-11-16 13:17:03 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-11-15 17:41:56 -------- d-----w- c:\users\muki\appdata\local\Geckofx
2012-11-15 17:41:45 -------- d-----w- c:\users\muki\appdata\local\Xenocode
2012-11-15 17:35:54 -------- d-----w- c:\users\muki\appdata\local\Skybound
2012-11-14 08:59:16 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-11-14 08:59:16 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-11-14 08:59:16 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-11-14 08:58:06 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-11-14 08:58:06 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-11-14 08:58:03 73216 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-11-14 08:58:01 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-11-13 22:25:58 78336 ----a-w- c:\windows\system32\synceng.dll
2012-11-13 22:25:51 156672 ----a-w- c:\windows\system32\ncsi.dll
2012-11-13 22:25:51 1293680 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-11-13 22:25:50 499712 ----a-w- c:\windows\system32\iphlpsvc.dll
2012-11-13 22:25:50 175104 ----a-w- c:\windows\system32\netcorehc.dll
2012-11-13 22:25:49 242176 ----a-w- c:\windows\system32\nlasvc.dll
2012-11-13 22:25:48 35328 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2012-11-13 22:25:47 52224 ----a-w- c:\windows\system32\nlaapi.dll
2012-11-13 22:25:46 18944 ----a-w- c:\windows\system32\netevent.dll
2012-11-13 22:25:32 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-11-13 22:25:22 193536 ----a-w- c:\windows\system32\dhcpcore6.dll
2012-11-13 22:25:21 44032 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-10-31 12:55:55 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-10-27 08:53:27 -------- d-----w- c:\program files\Tibetan Calendar
2012-10-26 14:09:06 -------- d-----w- c:\programdata\Synology
2012-10-26 14:08:39 -------- d-----w- c:\program files\Synology
.
==================== Find3M ====================
.
2012-10-30 22:51:58 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-30 22:51:57 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-10-30 22:51:07 41224 ----a-w- c:\windows\avastSS.scr
2012-10-24 07:16:38 23416 ----a-r- c:\windows\system32\SZIO5.dll
2012-10-24 07:16:26 681848 ----a-r- c:\windows\system32\SZComp5.dll
2012-10-24 07:16:22 509816 ----a-r- c:\windows\system32\SZBase5.dll
2012-10-22 08:53:36 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-10-22 08:53:35 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-10-11 08:06:36 29048 ----a-r- c:\windows\system32\IS3XDat5.dll
2012-10-11 08:06:36 231288 ----a-r- c:\windows\system32\IS3Win325.dll
2012-10-11 08:06:34 391032 ----a-r- c:\windows\system32\IS3UI5.dll
2012-10-11 08:06:32 100216 ----a-r- c:\windows\system32\IS3Svc5.dll
2012-10-11 08:06:26 132984 ----a-r- c:\windows\system32\IS3HTUI5.dll
2012-10-11 08:06:26 104312 ----a-r- c:\windows\system32\IS3Inet5.dll
2012-10-11 08:06:24 67448 ----a-r- c:\windows\system32\IS3Hks5.dll
2012-10-11 08:06:24 460664 ----a-r- c:\windows\system32\IS3DBA5.dll
2012-10-11 08:06:22 817016 ----a-r- c:\windows\system32\IS3Base5.dll
2012-10-09 21:59:30 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-09 21:59:30 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-08 07:56:24 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-10-08 07:48:03 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-10-08 07:47:44 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-10-08 07:44:05 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-10-08 07:43:21 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-10-08 07:40:56 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-09-14 18:28:53 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-12 14:07:44 58368 ----a-w- c:\windows\system32\sirenacm.dll
2012-09-12 13:58:44 49664 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2012-09-12 13:57:44 322048 ----a-w- c:\windows\WLXPGSS.SCR
2012-09-08 12:27:06 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-09-08 12:27:06 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-31 17:18:09 1211760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-08-30 17:12:02 3968880 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-08-30 17:12:02 3914096 ----a-w- c:\windows\system32\ntoskrnl.exe
.
============= FINISH: 16:14:59,04 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Muki010

Muki010
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:49 PM

Posted 24 November 2012 - 11:21 AM

-In addition there is the apache httpd service...taking 50% of the memory and can't kill the process.
the windows defender can't be turned on, also the windows firewall is not possible to runt on.
I checked the comodo firewall logs... and i installed a "media pack" that probably is a source of problem...

in the attachmed is the log from comodo...the file is called tmpdc69.exe ...Attached File  comodo_log.html   41.77KB   2 downloads

#3 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:08:49 AM

Posted 24 November 2012 - 11:40 AM

Please do the following:

Download the appropriate version for your system of the Farbar Recovery Scan Tool and save it to a flash drive. (Choose the correct version depending on which architecture operating system you are using, 32bit (x86) or 64 (x64) bit)

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to the disclaimer.
[*]Place a check next to List Drivers MD5 as well as the default check marks that are already there
[*]Press Scan button.
[*]FRST will let you know when the scan is complete and has written the FRST.txt to file, close out this message, then type the following into the search box:
services.exe
[*]now press the search button
[*]when the search is complete, search.txt will also be written to your USB
[*]type exit and reboot the computer normally
[*]please copy and paste both logs in your reply.(FRST.txt and Search.txt)[/list]

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#4 Muki010

Muki010
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:49 PM

Posted 24 November 2012 - 12:28 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-11-2012
Ran by SYSTEM at 24-11-2012 17:55:04
Running from F:\
Windows 7 Ultimate (X86) OS Language: 041B
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe [196608 2008-07-02] (Alps Electric Co., Ltd.)
HKLM\...\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-02-11] (Intel Corporation)
HKLM\...\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui [4297136 2012-10-30] (AVAST Software)
HKLM\...\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h [6749512 2012-03-11] (COMODO)
HKLM\...\Run: [nwiz] nwiz.exe /installquiet [x]
HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup [13838952 2010-05-12] (NVIDIA Corporation)
HKLM\...\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start [92776 2010-05-12] (NVIDIA Corporation)
HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe [495708 2010-03-09] (IDT, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM\...\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1259376 2011-07-29] ()
HKLM\...\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot [296096 2012-10-22] (RealNetworks, Inc.)
HKLM\...\Run: [SpywareTerminatorShield] C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe [2777296 2012-11-09] (Crawler.com)
HKLM\...\Run: [SpywareTerminatorUpdater] C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe [3673808 2012-11-09] (Crawler.com)
HKU\Muki\...\Run: [Google Update] "C:\Users\Muki\AppData\Local\Google\Update\GoogleUpdate.exe" /c [133104 2009-05-01] (Google Inc.)
HKU\Muki\...\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler [218032 2006-09-11] (Macrovision Corporation)
HKU\Muki\...\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [4763008 2012-11-24] (SUPERAntiSpyware.com)
Tcpip\Parameters: [DhcpNameServer] 10.0.1.1
AppInit_DLLs: C:\Windows\system32\guard32.dll
Tcpip\..\Interfaces\{E3F8F9CC-EF85-43F6-8D77-12AC99FC1052}: [NameServer]8.26.56.26,156.154.70.22
Tcpip\..\Interfaces\{FF383397-824C-4DD0-9985-32A9AF756BEA}: [NameServer]8.26.56.26,156.154.70.22

==================== Services (Whitelisted) ===================

2 !SASCORE; "C:\Program Files\SUPERAntiSpyware\SASCORE.EXE" [116608 2012-07-11] (SUPERAntiSpyware.com)
2 alssvc; "C:\Program Files\Dell\Ambient Light Sensor\AlsSvc.exe" [382232 2008-06-03] (Dell Inc.)
2 ASFAgent; C:\Program Files\Intel\ASF Agent\ASFAgent.exe [133968 2007-04-19] (Intel Corporation)
2 avast! Antivirus; "C:\Program Files\Alwil Software\Avast5\AvastSvc.exe" [44808 2012-10-30] (AVAST Software)
2 buttonsvc32; "C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe" [386328 2008-06-03] (Dell Inc.)
2 Capture Device Service; "C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe" [198168 2007-03-06] (InterVideo Inc.)
2 cmdAgent; "C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe" [1983232 2012-03-11] (COMODO)
3 MozillaMaintenance; "C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe" [115168 2012-10-30] (Mozilla Foundation)
2 OKI OPHN DCS Loader; C:\Windows\system32\spool\DRIVERS\W32X86\3\OPHNLDCS.EXE [24576 2008-11-13] (Oki Data Corporation)
2 PCloudd; C:\Program Files\Iomega Storage Manager\pCloudd.exe [206336 2011-02-17] (Iomega Corp)
2 RegSrvc; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [0 2008-10-02] ()
3 SPTISRV; "C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe" [69718 2005-08-30] (Sony Corporation)
2 ST2012_Svc; "C:\Program Files\Spyware Terminator\st_rsser.exe" [587472 2012-11-09] (Crawler.com)
2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_d511891fb5bff1e2\STacSV.exe [229458 2010-03-09] (IDT, Inc.)
2 UsbClientService; C:\Program Files\Synology\Assistant\UsbClientService.exe [245760 2011-02-18] ()
3 nosGetPlusHelper; C:\Program Files\NOS\bin\getPlus_Helper_3004.dll [x]

==================== Drivers (Whitelisted) ====================

3 acpials; C:\Windows\System32\DRIVERS\acpials.sys [7680 2009-07-14] (Microsoft Corporation)
2 Angelnt; C:\Windows\System32\Drivers\ANGELNT.SYS [51072 2011-07-14] (Identcode Ltd.)
3 AsfAlrt; \??\C:\Windows\system32\Drivers\AsfAlrt.sys [42832 2007-04-19] (Intel Corporation)
2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [21256 2012-10-30] (AVAST Software)
2 aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [58680 2012-10-30] (AVAST Software)
1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [44784 2012-10-15] (AVAST Software)
1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [738504 2012-10-30] (AVAST Software)
1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [361032 2012-10-30] (AVAST Software)
1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [54232 2012-10-30] (AVAST Software)
3 AteksoftAudio; C:\Windows\System32\drivers\ateksoftaudio.sys [12288 2009-07-26] (Ateksoft)
3 Bcim; C:\Windows\System32\DRIVERS\bcim.sys [226560 2009-11-05] ()
3 BEHRINGER_2902; C:\Windows\System32\Drivers\BUSB2902.sys [384576 2009-10-30] (BEHRINGER)
3 BUSB_AUDIO_WDM; C:\Windows\System32\drivers\busbwdm.sys [39488 2009-10-30] (BEHRINGER)
3 busenum; C:\Windows\System32\DRIVERS\busenum.sys [46304 2011-02-18] (Windows ® Win 7 DDK provider)
1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [491816 2012-03-11] ()
1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [39640 2012-03-11] (COMODO)
3 cvusbdrv; C:\Windows\System32\Drivers\cvusbdrv.sys [33832 2009-06-26] (Broadcom Corporation)
1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [26024 2009-12-17] (Elaborate Bytes AG)
3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [82400 2011-12-19] (COMODO)
3 KMWDFILTERx86; C:\Windows\System32\DRIVERS\KMWDFILTER.sys [25088 2009-04-29] (Windows ® Codename Longhorn DDK provider)
3 MarvinBus; C:\Windows\System32\DRIVERS\MarvinBus.sys [171520 2005-09-23] (Pinnacle Systems GmbH)
3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [79880 2009-03-25] (McAfee, Inc.)
3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [35272 2009-03-25] (McAfee, Inc.)
1 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [214024 2009-03-25] (McAfee, Inc.)
3 mferkdk; C:\Windows\System32\drivers\mferkdk.sys [34216 2009-03-25] (McAfee, Inc.)
3 mfesmfk; C:\Windows\System32\drivers\mfesmfk.sys [40552 2009-03-25] (McAfee, Inc.)
2 MySQLa; "C:\mysql\bin\mysqld-nt" --defaults-file="C:\mysql\my.ini" MySQLa [8854 2009-04-29] ()
3 PAC7302; C:\Windows\System32\DRIVERS\PAC7302.SYS [458752 2007-11-08] (PixArt Imaging Inc.)
3 prwntdrv; \??\C:\Windows\system32\prwntdrv.sys [13704 2010-08-25] ()
1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
0 sptd; C:\Windows\System32\Drivers\sptd.sys [721904 2009-06-03] (Duplex Secure Ltd.)
1 sp_rsdrv2; \??\C:\Windows\system32\drivers\sp_rsdrv2.sys [32768 2011-06-21] ()
0 SscRdBus; C:\Windows\System32\DRIVERS\SscRdBus.sys [62488 2007-12-19] (SuperSpeed LLC)
3 SscRdCls; C:\Windows\system32\DRIVERS\SscRdCls.sys [40984 2007-12-19] (SuperSpeed LLC)
3 vNICdrv; C:\Windows\System32\DRIVERS\vNICdrv.sys [17464 2011-01-20] (Iomega Corporation)
3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [172416 2010-11-20] (Microsoft Corporation)
1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [48128 2010-11-20] (Microsoft Corporation)
3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2010-11-20] (Microsoft Corporation)
1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [296064 2010-11-20] (Microsoft Corporation)
3 CCIDFILTER; [x]
0 PBADRV; C:\Windows\System32\DRIVERS\PBADRV.sys [x]
2 sbapifs; C:\Windows\System32\DRIVERS\sbapifs.sys [x]
3 Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [x]
3 tsusbhub; C:\Windows\System32\drivers\tsusbhub.sys [x]
3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2012-11-24 17:51 - 2012-11-24 17:51 - 00000000 ____D C:\apache - kópia
2012-11-24 17:50 - 2012-11-24 17:51 - 23405361 ____A C:\Users\Muki\Downloads\php-5.4.9-Win32-VC9-x86.zip
2012-11-24 17:45 - 2012-11-24 17:46 - 00907994 ____A (Farbar) C:\Users\Muki\Downloads\FRST.exe
2012-11-24 17:42 - 2012-11-24 17:43 - 11156354 ____A C:\Users\Muki\Downloads\httpd-2.4.3-win32-ssl_0.9.8.zip
2012-11-24 17:42 - 2012-11-24 17:43 - 04995416 ____A (Microsoft Corporation) C:\Users\Muki\Downloads\vcredist_x86.exe
2012-11-24 17:36 - 2012-11-24 17:36 - 00000000 ____D C:\Users\Muki\Desktop\conf
2012-11-24 17:15 - 2012-11-24 17:15 - 00042768 ____A C:\Users\Muki\Desktop\comodo_log.html
2012-11-24 17:02 - 2012-11-24 17:02 - 00007940 ____A C:\Windows\setupact.log
2012-11-24 17:02 - 2012-11-24 17:02 - 00000000 ____A C:\Windows\setuperr.log
2012-11-24 17:01 - 2012-11-24 17:01 - 00000310 ____A C:\Windows\PFRO.log
2012-11-24 16:59 - 2012-11-24 16:59 - 06360576 ____A C:\Users\Muki\Downloads\httpd-2.2.22-win32-x86-openssl-0.9.8t.msi
2012-11-24 16:43 - 2012-11-24 16:43 - 00050688 ____A (Atribune.org) C:\Users\Muki\Downloads\ATF-Cleaner.exe
2012-11-24 16:33 - 2012-11-24 16:33 - 00000000 ____D C:\Users\Muki\AppData\Roaming\KillProcess
2012-11-24 16:31 - 2012-11-24 16:31 - 01906954 ____A C:\Users\Muki\Downloads\KillProcessSetup.exe
2012-11-24 16:31 - 2012-11-24 16:31 - 00001003 ____A C:\Users\Muki\Desktop\KillProcess.lnk
2012-11-24 16:31 - 2012-11-24 16:31 - 00000000 ____D C:\Program Files\KillProcess
2012-11-24 16:30 - 2012-11-24 16:30 - 00614264 ____A C:\Users\Muki\Downloads\cbsidlm-tr1_8-KillProcess-ORG2-10497771.exe
2012-11-24 16:24 - 2012-11-24 16:24 - 00002249 ____A C:\Users\Muki\Desktop\Chrome.lnk
2012-11-24 16:15 - 2012-11-24 16:17 - 00019640 ____A C:\Users\Muki\Desktop\attach.txt
2012-11-24 16:15 - 2012-11-24 16:14 - 00031521 ____A C:\Users\Muki\Desktop\dds.txt
2012-11-24 16:00 - 2012-11-24 16:01 - 00688992 ____R (Swearware) C:\Users\Muki\Desktop\dds.com
2012-11-24 15:46 - 2012-11-24 15:47 - 04732416 ____A (AVAST Software) C:\Users\Muki\Desktop\aswMBR.exe
2012-11-24 15:46 - 2012-11-24 15:46 - 05005971 ____A (Swearware) C:\Users\Muki\Desktop\ComboFix.exe
2012-11-24 15:45 - 2012-11-24 15:45 - 02213976 ____A (Kaspersky Lab ZAO) C:\Users\Muki\Desktop\tdsskiller.exe
2012-11-24 15:38 - 2012-11-24 15:38 - 00707664 ____A (iS3, Inc.) C:\Users\Muki\Downloads\SZSetup_AID10121_AV(1).exe
2012-11-24 15:37 - 2012-11-24 15:38 - 00707664 ____A (iS3, Inc.) C:\Users\Muki\Downloads\SZSetup_AID10121_AV.exe
2012-11-24 15:22 - 2012-11-24 15:22 - 01140848 ____A (TGMDev ) C:\Users\Muki\Downloads\KillProcess31_Setup.exe
2012-11-24 11:28 - 2012-11-24 14:22 - 00000508 ____A C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 5c4dd828-6a1c-4900-ad42-3bc50618f591.job
2012-11-24 11:28 - 2012-11-24 14:22 - 00000508 ____A C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 519070b7-bf12-46b2-8532-51cd5397004f.job
2012-11-24 11:28 - 2012-11-24 11:28 - 00000000 ____D C:\Users\Muki\AppData\Roaming\SUPERAntiSpyware.com
2012-11-24 11:27 - 2012-11-24 11:30 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2012-11-24 11:27 - 2012-11-24 11:27 - 21492072 ____A (SUPERAntiSpyware.com) C:\Users\Muki\Downloads\SUPERAntiSpyware (1).exe
2012-11-24 11:27 - 2012-11-24 11:27 - 00001963 ____A C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2012-11-24 11:27 - 2012-11-24 11:27 - 00000000 ____D C:\Users\All Users\SUPERAntiSpyware.com
2012-11-24 11:21 - 2012-11-24 16:09 - 00000000 ____D C:\Users\All Users\Spyware Terminator
2012-11-24 11:21 - 2012-11-24 11:21 - 00001010 ____A C:\Users\Public\Desktop\Spyware Terminator 2012.lnk
2012-11-24 11:21 - 2012-11-24 11:21 - 00000000 ____D C:\Users\Muki\AppData\Roaming\Spyware Terminator
2012-11-24 11:21 - 2011-06-21 11:24 - 00032768 ____A C:\Windows\System32\Drivers\sp_rsdrv2.sys
2012-11-24 11:20 - 2012-11-24 11:21 - 00000000 ____D C:\Program Files\Spyware Terminator
2012-11-24 11:17 - 2012-11-24 11:20 - 21492072 ____A (SUPERAntiSpyware.com) C:\Users\Muki\Downloads\SUPERAntiSpyware.exe
2012-11-24 11:17 - 2012-11-24 11:17 - 00937232 ____A (Crawler.com ) C:\Users\Muki\Downloads\SpywareTerminatorSetup (1).exe
2012-11-24 11:15 - 2012-11-24 11:15 - 00937232 ____A (Crawler.com ) C:\Users\Muki\Downloads\SpywareTerminatorSetup.exe
2012-11-24 10:57 - 2012-11-24 10:57 - 00011113 ____A C:\Users\Muki\Desktop\hijackthis.log
2012-11-24 10:55 - 2012-11-24 10:55 - 01402880 ____A C:\Users\Muki\Downloads\HiJackThis (1).msi
2012-11-24 10:55 - 2012-11-24 10:55 - 00002959 ____A C:\Users\Muki\Desktop\HiJackThis.lnk
2012-11-24 10:54 - 2012-11-24 10:54 - 01402880 ____A C:\Users\Muki\Downloads\HiJackThis.msi
2012-11-24 10:45 - 2012-11-24 10:45 - 00001069 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-11-24 10:42 - 2012-11-24 10:45 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2012-11-24 10:42 - 2012-11-24 10:42 - 00000349 ____A C:\Users\Public\Documents\PCLECHAL.INI
2012-11-24 10:42 - 2012-11-24 10:42 - 00000000 ____D C:\Users\Muki\AppData\Roaming\Malwarebytes
2012-11-24 10:42 - 2012-11-24 10:42 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-11-24 10:42 - 2012-09-29 19:54 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-11-24 10:39 - 2012-11-24 10:40 - 09435312 ____A (Malwarebytes Corporation ) C:\Users\Muki\Downloads\mbam-setup-1.51.0.1200.exe
2012-11-24 10:37 - 2012-11-24 10:37 - 00000000 ____D C:\Program Files\Apache Group
2012-11-24 10:34 - 2012-11-24 10:34 - 05740032 ____A C:\Users\Muki\Downloads\httpd-2.0.64-win32-x86-openssl-0.9.8o.msi
2012-11-23 23:30 - 2012-11-23 23:30 - 00000000 ____D C:\Users\Muki\AppData\Roaming\NCH Software
2012-11-23 23:30 - 2012-11-23 23:30 - 00000000 ____D C:\Users\All Users\NCH Software
2012-11-23 05:47 - 2012-11-24 16:31 - 00000000 ____D C:\Users\Muki\Documents\KillProcess Kill Lists
2012-11-23 05:46 - 2012-11-23 05:46 - 04590392 ____A (PC Cleaners) C:\Users\Muki\Downloads\PC_Cleaner_Pro.exe
2012-11-22 22:23 - 2012-11-22 22:40 - 280573952 ____A C:\Users\Muki\Downloads\South.Park.S16E14.720p.HDTV.x264-IMMERSE_arc.avi
2012-11-22 21:57 - 2012-10-15 17:59 - 00044784 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
2012-11-22 18:13 - 2012-08-23 15:44 - 00014848 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpvideominiport.sys
2012-11-22 18:13 - 2012-08-23 15:40 - 00049664 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\TsUsbFlt.sys
2012-11-22 18:13 - 2012-08-23 15:10 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
2012-11-22 18:13 - 2012-08-23 15:10 - 00012288 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe
2012-11-22 18:13 - 2012-08-23 14:52 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\RdpGroupPolicyExtension.dll
2012-11-22 18:12 - 2012-08-23 15:48 - 00221184 ____A (Microsoft Corporation) C:\Windows\System32\rdpudd.dll
2012-11-22 18:12 - 2012-08-23 14:47 - 00046592 ____A (Microsoft Corporation) C:\Windows\System32\MsRdpWebAccess.dll
2012-11-22 18:12 - 2012-08-23 14:46 - 00016896 ____A (Microsoft Corporation) C:\Windows\System32\wksprtPS.dll
2012-11-22 18:12 - 2012-08-23 14:32 - 00032768 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbGDCoInstaller.dll
2012-11-22 18:12 - 2012-08-23 14:18 - 00037376 ____A (Microsoft Corporation) C:\Windows\System32\tsgqec.dll
2012-11-22 18:12 - 2012-08-23 12:40 - 00056320 ____A (Microsoft Corporation) C:\Windows\System32\TSWbPrxy.exe
2012-11-22 18:12 - 2012-08-23 12:32 - 00317440 ____A (Microsoft Corporation) C:\Windows\System32\wksprt.exe
2012-11-22 18:12 - 2012-08-23 12:15 - 00269312 ____A (Microsoft Corporation) C:\Windows\System32\aaclient.dll
2012-11-22 18:12 - 2012-08-23 12:12 - 00192000 ____A (Microsoft Corporation) C:\Windows\System32\rdpendp_winip.dll
2012-11-22 18:12 - 2012-08-23 11:39 - 01048064 ____A (Microsoft Corporation) C:\Windows\System32\mstsc.exe
2012-11-22 18:12 - 2012-08-23 11:08 - 02739712 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll
2012-11-22 18:12 - 2012-08-23 09:19 - 04916224 ____A (Microsoft Corporation) C:\Windows\System32\mstscax.dll
2012-11-22 18:11 - 2012-08-24 18:05 - 00136560 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-11-22 18:11 - 2012-08-24 18:02 - 00369856 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-11-22 18:11 - 2012-08-24 17:57 - 00247808 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-11-22 18:11 - 2012-08-24 17:57 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-11-22 18:11 - 2012-08-24 17:56 - 01039360 ____A (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2012-11-22 18:11 - 2012-05-04 10:59 - 00514560 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
2012-11-22 09:27 - 2012-11-22 09:27 - 00000000 ____D C:\Users\Muki\Desktop\movies tibet
2012-11-17 17:29 - 2012-11-17 17:29 - 00000000 ____D C:\Windows\System32\Adobe
2012-11-16 14:17 - 2012-09-24 23:16 - 00093672 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll
2012-11-16 14:17 - 2012-09-24 23:08 - 00174056 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2012-11-16 14:17 - 2012-09-24 23:07 - 00174056 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2012-11-16 14:16 - 2012-11-16 14:17 - 00004107 ____A C:\Windows\System32\jupdate-1.7.0_09-b05.log
2012-11-15 18:41 - 2012-11-15 18:41 - 00000000 ____D C:\Users\Muki\AppData\Local\Xenocode
2012-11-15 18:35 - 2012-11-15 18:35 - 00000000 ____D C:\Users\Muki\AppData\Local\Skybound
2012-11-15 14:53 - 2012-11-17 22:24 - 00000000 ____D C:\Users\Muki\Desktop\udwebsite implement
2012-11-15 14:44 - 2012-11-18 13:22 - 07502140 ____A C:\Users\Muki\Desktop\TarabMenueChange.psd
2012-11-14 09:59 - 2012-07-26 04:39 - 00526952 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\Wdf01000.sys
2012-11-14 09:59 - 2012-07-26 04:39 - 00047720 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WdfLdr.sys
2012-11-14 09:59 - 2012-07-26 03:46 - 00009728 ____A (Microsoft Corporation) C:\Windows\System32\Wdfres.dll
2012-11-14 09:59 - 2012-06-02 15:34 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2012-11-14 09:58 - 2012-07-26 04:20 - 00172032 ____A (Microsoft Corporation) C:\Windows\System32\WUDFPlatform.dll
2012-11-14 09:58 - 2012-07-26 04:20 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\WUDFSvc.dll
2012-11-14 09:58 - 2012-07-26 03:33 - 00066560 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFPf.sys
2012-11-14 09:58 - 2012-07-26 03:32 - 00155136 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFRd.sys
2012-11-14 09:57 - 2012-10-08 09:28 - 12320768 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-11-14 09:57 - 2012-10-08 09:02 - 09738240 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-11-14 09:57 - 2012-10-08 08:56 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-11-14 09:57 - 2012-10-08 08:48 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-11-14 09:57 - 2012-10-08 08:48 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-11-14 09:57 - 2012-10-08 08:47 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-11-14 09:57 - 2012-10-08 08:46 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-11-14 09:57 - 2012-10-08 08:45 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-11-14 09:57 - 2012-10-08 08:44 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-11-14 09:57 - 2012-10-08 08:43 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-11-14 09:57 - 2012-10-08 08:43 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-11-14 09:57 - 2012-10-08 08:42 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-11-14 09:57 - 2012-10-08 08:41 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-11-14 09:57 - 2012-10-08 08:41 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-11-14 09:57 - 2012-10-08 08:40 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-11-14 09:57 - 2012-10-08 08:37 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-11-14 09:57 - 2012-07-26 04:21 - 00196608 ____A (Microsoft Corporation) C:\Windows\System32\WUDFHost.exe
2012-11-14 09:57 - 2012-07-26 04:20 - 00613888 ____A (Microsoft Corporation) C:\Windows\System32\WUDFx.dll
2012-11-14 09:57 - 2012-07-26 04:20 - 00038912 ____A (Microsoft Corporation) C:\Windows\System32\WUDFCoinstaller.dll
2012-11-14 09:57 - 2012-06-02 15:57 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2012-11-13 23:25 - 2012-10-18 18:59 - 02345984 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-11-13 23:25 - 2012-10-09 18:40 - 00193536 ____A (Microsoft Corporation) C:\Windows\System32\dhcpcore6.dll
2012-11-13 23:25 - 2012-10-09 18:40 - 00044032 ____A (Microsoft Corporation) C:\Windows\System32\dhcpcsvc6.dll
2012-11-13 23:25 - 2012-10-03 17:58 - 01293680 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-11-13 23:25 - 2012-10-03 17:42 - 00242176 ____A (Microsoft Corporation) C:\Windows\System32\nlasvc.dll
2012-11-13 23:25 - 2012-10-03 17:42 - 00175104 ____A (Microsoft Corporation) C:\Windows\System32\netcorehc.dll
2012-11-13 23:25 - 2012-10-03 17:42 - 00156672 ____A (Microsoft Corporation) C:\Windows\System32\ncsi.dll
2012-11-13 23:25 - 2012-10-03 17:42 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\nlaapi.dll
2012-11-13 23:25 - 2012-10-03 17:42 - 00018944 ____A (Microsoft Corporation) C:\Windows\System32\netevent.dll
2012-11-13 23:25 - 2012-10-03 17:40 - 00499712 ____A (Microsoft Corporation) C:\Windows\System32\iphlpsvc.dll
2012-11-13 23:25 - 2012-10-03 16:21 - 00035328 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpipreg.sys
2012-11-13 23:25 - 2012-09-25 23:47 - 00078336 ____A (Microsoft Corporation) C:\Windows\System32\synceng.dll
2012-11-11 23:37 - 2012-11-11 23:37 - 00000000 ____D C:\Users\Public\Recorded TV
2012-11-11 13:49 - 2012-11-24 11:32 - 00000000 ____D C:\Users\Muki\Downloads\ANGLICTINA DO UCHA - COPY
2012-11-06 18:49 - 2012-11-23 15:29 - 00000000 ____D C:\Users\Muki\Desktop\scriptures
2012-11-06 12:54 - 2012-11-06 12:55 - 00000000 ____D C:\Users\Muki\Desktop\Tibetske slovniky
2012-11-02 17:04 - 2012-11-02 17:04 - 00020992 ____A C:\Users\Muki\Downloads\UD - Events.xls
2012-11-01 00:45 - 2012-11-01 00:45 - 00000000 ____D C:\Users\Default\AppData\LocalGoogle
2012-11-01 00:45 - 2012-11-01 00:45 - 00000000 ____D C:\Users\Default User\AppData\LocalGoogle
2012-11-01 00:44 - 2012-11-01 00:44 - 00000000 ____D C:\Users\Default\AppData\Local\Google
2012-11-01 00:44 - 2012-11-01 00:44 - 00000000 ____D C:\Users\Default User\AppData\Local\Google
2012-10-31 13:55 - 2012-08-21 13:01 - 00026840 ____A (GEAR Software Inc.) C:\Windows\System32\Drivers\GEARAspiWDM.sys
2012-10-31 13:51 - 2012-10-31 13:51 - 00000000 ____D C:\Program Files\Apple Software Update
2012-10-30 22:44 - 2012-10-30 22:45 - 00000000 ____D C:\Users\Muki\AppData\Roaming\dvdcss
2012-10-30 21:07 - 2012-11-22 11:24 - 00000000 ____D C:\Program Files\Mozilla Firefox
2012-10-30 15:52 - 2012-10-31 14:35 - 00000000 ____D C:\Users\Muki\Desktop\1998, 01, Munich, TTR, W2
2012-10-30 08:11 - 2012-10-30 08:11 - 00057539 ____A C:\Users\Muki\AppData\Roaming\Doxillion.dmp
2012-10-29 23:47 - 2012-10-29 23:47 - 00000000 ____D C:\Users\Muki\Desktop\dhammadipa
2012-10-27 09:53 - 2012-10-27 09:53 - 00000000 ____D C:\Program Files\Tibetan Calendar
2012-10-26 15:09 - 2012-10-26 15:09 - 00000000 ____D C:\Users\All Users\Synology
2012-10-26 15:08 - 2012-10-26 15:08 - 00000000 ____D C:\Program Files\Synology
2012-10-26 09:26 - 2012-10-26 09:26 - 00577536 ____A C:\Users\Muki\Downloads\dictionary JB.xls
2012-10-26 08:06 - 2012-10-26 08:06 - 00001068 ____A C:\Users\Public\Desktop\Express Scribe.lnk
2012-10-25 12:35 - 2012-11-04 18:56 - 00000000 ___RD C:\Users\Muki\Dropbox
2012-10-25 12:29 - 2012-11-24 09:17 - 00000000 ____D C:\Users\Muki\AppData\Roaming\Dropbox


==================== One Month Modified Files and Folders ========

2012-11-24 17:54 - 2012-11-24 17:54 - 00000000 ____D C:\FRST
2012-11-24 17:51 - 2012-11-24 17:51 - 00000000 ____D C:\apache - kópia
2012-11-24 17:51 - 2012-11-24 17:50 - 23405361 ____A C:\Users\Muki\Downloads\php-5.4.9-Win32-VC9-x86.zip
2012-11-24 17:49 - 2010-01-28 22:33 - 00736922 ____A C:\Windows\System32\PerfStringBackup.INI
2012-11-24 17:46 - 2012-11-24 17:45 - 00907994 ____A (Farbar) C:\Users\Muki\Downloads\FRST.exe
2012-11-24 17:43 - 2012-11-24 17:42 - 11156354 ____A C:\Users\Muki\Downloads\httpd-2.4.3-win32-ssl_0.9.8.zip
2012-11-24 17:43 - 2012-11-24 17:42 - 04995416 ____A (Microsoft Corporation) C:\Users\Muki\Downloads\vcredist_x86.exe
2012-11-24 17:43 - 2010-05-10 14:45 - 00000920 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-11-24 17:40 - 2009-04-29 08:46 - 00000000 ____D C:\apache
2012-11-24 17:36 - 2012-11-24 17:36 - 00000000 ____D C:\Users\Muki\Desktop\conf
2012-11-24 17:24 - 2011-02-16 17:33 - 00007600 ____A C:\Users\Muki\AppData\Local\resmon.resmoncfg
2012-11-24 17:15 - 2012-11-24 17:15 - 00042768 ____A C:\Users\Muki\Desktop\comodo_log.html
2012-11-24 17:13 - 2010-01-28 21:31 - 00010512 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-11-24 17:13 - 2010-01-28 21:31 - 00010512 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-11-24 17:08 - 2010-02-25 07:56 - 00000942 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1909993876-2207161717-92866128-1000UA1cab5e7a8b3c243.job
2012-11-24 17:02 - 2012-11-24 17:02 - 00007940 ____A C:\Windows\setupact.log
2012-11-24 17:02 - 2012-11-24 17:02 - 00000000 ____A C:\Windows\setuperr.log
2012-11-24 17:02 - 2010-05-10 14:45 - 00000916 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-11-24 17:02 - 2009-07-14 05:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-11-24 17:02 - 2009-06-03 08:48 - 00000416 ____A C:\Windows\Tasks\PCConfidential.job
2012-11-24 17:01 - 2012-11-24 17:01 - 00000310 ____A C:\Windows\PFRO.log
2012-11-24 17:00 - 2009-06-30 21:42 - 00001018 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1909993876-2207161717-92866128-1000UA.job
2012-11-24 16:59 - 2012-11-24 16:59 - 06360576 ____A C:\Users\Muki\Downloads\httpd-2.2.22-win32-x86-openssl-0.9.8t.msi
2012-11-24 16:59 - 2012-08-16 12:57 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-11-24 16:49 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\LogFiles
2012-11-24 16:43 - 2012-11-24 16:43 - 00050688 ____A (Atribune.org) C:\Users\Muki\Downloads\ATF-Cleaner.exe
2012-11-24 16:33 - 2012-11-24 16:33 - 00000000 ____D C:\Users\Muki\AppData\Roaming\KillProcess
2012-11-24 16:31 - 2012-11-24 16:31 - 01906954 ____A C:\Users\Muki\Downloads\KillProcessSetup.exe
2012-11-24 16:31 - 2012-11-24 16:31 - 00001003 ____A C:\Users\Muki\Desktop\KillProcess.lnk
2012-11-24 16:31 - 2012-11-24 16:31 - 00000000 ____D C:\Program Files\KillProcess
2012-11-24 16:31 - 2012-11-23 05:47 - 00000000 ____D C:\Users\Muki\Documents\KillProcess Kill Lists
2012-11-24 16:30 - 2012-11-24 16:30 - 00614264 ____A C:\Users\Muki\Downloads\cbsidlm-tr1_8-KillProcess-ORG2-10497771.exe
2012-11-24 16:24 - 2012-11-24 16:24 - 00002249 ____A C:\Users\Muki\Desktop\Chrome.lnk
2012-11-24 16:24 - 2010-01-25 10:58 - 00000000 ____D C:\Program Files\Google
2012-11-24 16:17 - 2012-11-24 16:15 - 00019640 ____A C:\Users\Muki\Desktop\attach.txt
2012-11-24 16:14 - 2012-11-24 16:15 - 00031521 ____A C:\Users\Muki\Desktop\dds.txt
2012-11-24 16:09 - 2012-11-24 11:21 - 00000000 ____D C:\Users\All Users\Spyware Terminator
2012-11-24 16:01 - 2012-11-24 16:00 - 00688992 ____R (Swearware) C:\Users\Muki\Desktop\dds.com
2012-11-24 15:47 - 2012-11-24 15:46 - 04732416 ____A (AVAST Software) C:\Users\Muki\Desktop\aswMBR.exe
2012-11-24 15:46 - 2012-11-24 15:46 - 05005971 ____A (Swearware) C:\Users\Muki\Desktop\ComboFix.exe
2012-11-24 15:45 - 2012-11-24 15:45 - 02213976 ____A (Kaspersky Lab ZAO) C:\Users\Muki\Desktop\tdsskiller.exe
2012-11-24 15:38 - 2012-11-24 15:38 - 00707664 ____A (iS3, Inc.) C:\Users\Muki\Downloads\SZSetup_AID10121_AV(1).exe
2012-11-24 15:38 - 2012-11-24 15:37 - 00707664 ____A (iS3, Inc.) C:\Users\Muki\Downloads\SZSetup_AID10121_AV.exe
2012-11-24 15:22 - 2012-11-24 15:22 - 01140848 ____A (TGMDev ) C:\Users\Muki\Downloads\KillProcess31_Setup.exe
2012-11-24 14:57 - 2009-06-30 21:42 - 00000966 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1909993876-2207161717-92866128-1000Core.job
2012-11-24 14:22 - 2012-11-24 11:28 - 00000508 ____A C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 5c4dd828-6a1c-4900-ad42-3bc50618f591.job
2012-11-24 14:22 - 2012-11-24 11:28 - 00000508 ____A C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 519070b7-bf12-46b2-8532-51cd5397004f.job
2012-11-24 11:32 - 2012-11-11 13:49 - 00000000 ____D C:\Users\Muki\Downloads\ANGLICTINA DO UCHA - COPY
2012-11-24 11:32 - 2010-12-23 13:05 - 00000000 ____D C:\Users\Muki\AppData\Roaming\uTorrent
2012-11-24 11:30 - 2012-11-24 11:27 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2012-11-24 11:28 - 2012-11-24 11:28 - 00000000 ____D C:\Users\Muki\AppData\Roaming\SUPERAntiSpyware.com
2012-11-24 11:27 - 2012-11-24 11:27 - 21492072 ____A (SUPERAntiSpyware.com) C:\Users\Muki\Downloads\SUPERAntiSpyware (1).exe
2012-11-24 11:27 - 2012-11-24 11:27 - 00001963 ____A C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2012-11-24 11:27 - 2012-11-24 11:27 - 00000000 ____D C:\Users\All Users\SUPERAntiSpyware.com
2012-11-24 11:21 - 2012-11-24 11:21 - 00001010 ____A C:\Users\Public\Desktop\Spyware Terminator 2012.lnk
2012-11-24 11:21 - 2012-11-24 11:21 - 00000000 ____D C:\Users\Muki\AppData\Roaming\Spyware Terminator
2012-11-24 11:21 - 2012-11-24 11:20 - 00000000 ____D C:\Program Files\Spyware Terminator
2012-11-24 11:20 - 2012-11-24 11:17 - 21492072 ____A (SUPERAntiSpyware.com) C:\Users\Muki\Downloads\SUPERAntiSpyware.exe
2012-11-24 11:17 - 2012-11-24 11:17 - 00937232 ____A (Crawler.com ) C:\Users\Muki\Downloads\SpywareTerminatorSetup (1).exe
2012-11-24 11:15 - 2012-11-24 11:15 - 00937232 ____A (Crawler.com ) C:\Users\Muki\Downloads\SpywareTerminatorSetup.exe
2012-11-24 11:08 - 2010-02-25 07:56 - 00000890 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1909993876-2207161717-92866128-1000Core1cab5e7a8886be1.job
2012-11-24 10:57 - 2012-11-24 10:57 - 00011113 ____A C:\Users\Muki\Desktop\hijackthis.log
2012-11-24 10:55 - 2012-11-24 10:55 - 01402880 ____A C:\Users\Muki\Downloads\HiJackThis (1).msi
2012-11-24 10:55 - 2012-11-24 10:55 - 00002959 ____A C:\Users\Muki\Desktop\HiJackThis.lnk
2012-11-24 10:54 - 2012-11-24 10:54 - 01402880 ____A C:\Users\Muki\Downloads\HiJackThis.msi
2012-11-24 10:45 - 2012-11-24 10:45 - 00001069 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-11-24 10:45 - 2012-11-24 10:42 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2012-11-24 10:42 - 2012-11-24 10:42 - 00000349 ____A C:\Users\Public\Documents\PCLECHAL.INI
2012-11-24 10:42 - 2012-11-24 10:42 - 00000000 ____D C:\Users\Muki\AppData\Roaming\Malwarebytes
2012-11-24 10:42 - 2012-11-24 10:42 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-11-24 10:42 - 2011-02-27 18:06 - 00000000 ____D C:\Users\Public\Documents\Pinnacle
2012-11-24 10:40 - 2012-11-24 10:39 - 09435312 ____A (Malwarebytes Corporation ) C:\Users\Muki\Downloads\mbam-setup-1.51.0.1200.exe
2012-11-24 10:37 - 2012-11-24 10:37 - 00000000 ____D C:\Program Files\Apache Group
2012-11-24 10:34 - 2012-11-24 10:34 - 05740032 ____A C:\Users\Muki\Downloads\httpd-2.0.64-win32-x86-openssl-0.9.8o.msi
2012-11-24 09:17 - 2012-10-25 12:29 - 00000000 ____D C:\Users\Muki\AppData\Roaming\Dropbox
2012-11-23 23:30 - 2012-11-23 23:30 - 00000000 ____D C:\Users\Muki\AppData\Roaming\NCH Software
2012-11-23 23:30 - 2012-11-23 23:30 - 00000000 ____D C:\Users\All Users\NCH Software
2012-11-23 22:55 - 2010-01-26 11:32 - 00000000 ___RD C:\Users\Muki\Desktop\Shortcuts
2012-11-23 19:22 - 2010-01-28 21:32 - 00000000 ____D C:\users\Muki
2012-11-23 19:22 - 2010-01-25 10:38 - 00000000 ____D C:\Users\Muki\AppData\Roaming\Apple Computer
2012-11-23 19:21 - 2010-01-25 13:26 - 00000000 ____D C:\Users\All Users\Dell
2012-11-23 19:15 - 2010-04-11 19:29 - 00000000 ____D C:\Program Files\NCH Software
2012-11-23 19:10 - 2010-10-13 11:53 - 00000000 ____D C:\Program Files\Okidata
2012-11-23 19:10 - 2010-01-25 11:00 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2012-11-23 15:31 - 2010-01-25 10:54 - 00000000 ____D C:\Program Files\Common Files\Apple
2012-11-23 15:29 - 2012-11-06 18:49 - 00000000 ____D C:\Users\Muki\Desktop\scriptures
2012-11-23 15:28 - 2010-01-26 11:30 - 00000000 ___RD C:\Users\Muki\Desktop\UD
2012-11-23 08:44 - 2010-01-28 22:24 - 00000450 _RASH C:\Users\All Users\ntuser.pol
2012-11-23 08:36 - 2009-07-14 05:52 - 00000000 ____D C:\Windows\Performance
2012-11-23 06:30 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\rescache
2012-11-23 05:46 - 2012-11-23 05:46 - 04590392 ____A (PC Cleaners) C:\Users\Muki\Downloads\PC_Cleaner_Pro.exe
2012-11-23 03:16 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\sk-SK
2012-11-23 03:16 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\DriverStore
2012-11-22 22:40 - 2012-11-22 22:23 - 280573952 ____A C:\Users\Muki\Downloads\South.Park.S16E14.720p.HDTV.x264-IMMERSE_arc.avi
2012-11-22 22:10 - 2010-01-25 10:41 - 00000000 ____D C:\Users\Muki\Tracing
2012-11-22 21:57 - 2009-07-14 03:04 - 00002620 ____A C:\Windows\System32\config.nt
2012-11-22 21:42 - 2010-01-25 10:37 - 00000000 ____D C:\Users\Muki\AppData\Roaming\FileZilla
2012-11-22 21:11 - 2010-10-22 20:02 - 00000000 ____D C:\Users\Muki\AppData\Local\Windows Live
2012-11-22 11:24 - 2012-10-30 21:07 - 00000000 ____D C:\Program Files\Mozilla Firefox
2012-11-22 09:27 - 2012-11-22 09:27 - 00000000 ____D C:\Users\Muki\Desktop\movies tibet
2012-11-22 09:26 - 2012-07-07 12:40 - 00000000 ____D C:\Users\Muki\Desktop\plocha
2012-11-22 00:13 - 2010-01-25 10:38 - 00000000 ____D C:\Users\Muki\AppData\Roaming\Skype
2012-11-22 00:06 - 2009-05-07 16:39 - 00015136 ____A C:\Windows\System32\BIN_STRSBW.SPT
2012-11-22 00:05 - 2010-01-25 11:26 - 00000000 ____D C:\Program Files\CCleaner
2012-11-21 12:13 - 2011-09-20 12:46 - 02721792 __ASH C:\Users\Muki\Desktop\Thumbs.db
2012-11-21 10:41 - 2012-10-20 11:45 - 00000000 ___SD C:\Users\Muki\Disk Google
2012-11-20 15:00 - 2009-10-14 20:08 - 00000452 ____A C:\Windows\Tasks\PC Optimizer Pro.job
2012-11-20 10:57 - 2009-04-29 08:49 - 00000000 ____D C:\server_root
2012-11-20 10:51 - 2010-01-25 10:38 - 00000000 ____D C:\Users\Muki\AppData\Roaming\MySQL
2012-11-19 20:44 - 2011-01-08 12:34 - 00000000 ____D C:\Users\Muki\AppData\Roaming\vlc
2012-11-18 13:22 - 2012-11-15 14:44 - 07502140 ____A C:\Users\Muki\Desktop\TarabMenueChange.psd
2012-11-17 22:24 - 2012-11-15 14:53 - 00000000 ____D C:\Users\Muki\Desktop\udwebsite implement
2012-11-17 17:29 - 2012-11-17 17:29 - 00000000 ____D C:\Windows\System32\Adobe
2012-11-16 14:17 - 2012-11-16 14:16 - 00004107 ____A C:\Windows\System32\jupdate-1.7.0_09-b05.log
2012-11-16 14:17 - 2010-01-25 10:55 - 00000000 ____D C:\Program Files\Java
2012-11-16 12:57 - 2010-01-25 10:37 - 00000000 ____D C:\Users\Muki\AppData\Roaming\Adobe
2012-11-15 18:41 - 2012-11-15 18:41 - 00000000 ____D C:\Users\Muki\AppData\Local\Xenocode
2012-11-15 18:35 - 2012-11-15 18:35 - 00000000 ____D C:\Users\Muki\AppData\Local\Skybound
2012-11-15 17:14 - 2011-03-11 20:00 - 00000000 ____D C:\Users\Muki\AppData\Local\PMB Files
2012-11-15 17:13 - 2011-03-11 20:00 - 00000000 ____D C:\Users\All Users\PMB Files
2012-11-15 16:20 - 2009-08-25 10:45 - 00000564 ____A C:\Windows\WORDPAD.INI
2012-11-14 11:25 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\Microsoft.NET
2012-11-14 10:43 - 2009-07-14 05:33 - 04606712 ____A C:\Windows\System32\FNTCACHE.DAT
2012-11-14 10:00 - 2010-02-15 15:06 - 64010424 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-11-12 22:36 - 2012-10-24 22:33 - 00000000 ____D C:\Users\Muki\Documents\My Received Files
2012-11-11 23:37 - 2012-11-11 23:37 - 00000000 ____D C:\Users\Public\Recorded TV
2012-11-11 23:37 - 2009-07-14 03:37 - 00000000 ___RD C:\users\Public
2012-11-06 12:55 - 2012-11-06 12:54 - 00000000 ____D C:\Users\Muki\Desktop\Tibetske slovniky
2012-11-04 19:01 - 2010-10-14 23:32 - 00000000 ____D C:\Windows\pss
2012-11-04 18:56 - 2012-10-25 12:35 - 00000000 ___RD C:\Users\Muki\Dropbox
2012-11-04 18:53 - 2012-10-23 15:47 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2012-11-02 17:04 - 2012-11-02 17:04 - 00020992 ____A C:\Users\Muki\Downloads\UD - Events.xls
2012-11-02 09:29 - 2010-01-25 10:38 - 00000000 ____D C:\Users\Muki\AppData\Roaming\Mozilla
2012-11-01 00:45 - 2012-11-01 00:45 - 00000000 ____D C:\Users\Default\AppData\LocalGoogle
2012-11-01 00:45 - 2012-11-01 00:45 - 00000000 ____D C:\Users\Default User\AppData\LocalGoogle
2012-11-01 00:44 - 2012-11-01 00:44 - 00000000 ____D C:\Users\Default\AppData\Local\Google
2012-11-01 00:44 - 2012-11-01 00:44 - 00000000 ____D C:\Users\Default User\AppData\Local\Google
2012-10-31 14:35 - 2012-10-30 15:52 - 00000000 ____D C:\Users\Muki\Desktop\1998, 01, Munich, TTR, W2
2012-10-31 13:54 - 2010-01-25 13:26 - 00000000 ____D C:\Users\All Users\Apple Computer
2012-10-31 13:51 - 2012-10-31 13:51 - 00000000 ____D C:\Program Files\Apple Software Update
2012-10-30 23:51 - 2011-05-13 16:38 - 00738504 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2012-10-30 23:51 - 2010-07-13 19:37 - 00041224 ____A (AVAST Software) C:\Windows\avastSS.scr
2012-10-30 23:51 - 2010-01-25 11:25 - 00058680 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2012-10-30 23:51 - 2009-05-07 16:39 - 00361032 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2012-10-30 23:51 - 2009-05-07 16:39 - 00054232 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2012-10-30 23:51 - 2009-05-07 16:39 - 00021256 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
2012-10-30 23:50 - 2009-05-07 16:39 - 00227648 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
2012-10-30 22:45 - 2012-10-30 22:44 - 00000000 ____D C:\Users\Muki\AppData\Roaming\dvdcss
2012-10-30 08:11 - 2012-10-30 08:11 - 00057539 ____A C:\Users\Muki\AppData\Roaming\Doxillion.dmp
2012-10-29 23:47 - 2012-10-29 23:47 - 00000000 ____D C:\Users\Muki\Desktop\dhammadipa
2012-10-27 11:45 - 2010-01-25 11:27 - 00000000 ____D C:\Program Files\Bonjour
2012-10-27 09:53 - 2012-10-27 09:53 - 00000000 ____D C:\Program Files\Tibetan Calendar
2012-10-26 15:09 - 2012-10-26 15:09 - 00000000 ____D C:\Users\All Users\Synology
2012-10-26 15:08 - 2012-10-26 15:08 - 00000000 ____D C:\Program Files\Synology
2012-10-26 09:26 - 2012-10-26 09:26 - 00577536 ____A C:\Users\Muki\Downloads\dictionary JB.xls
2012-10-26 08:06 - 2012-10-26 08:06 - 00001068 ____A C:\Users\Public\Desktop\Express Scribe.lnk
2012-10-25 15:24 - 2010-04-27 22:09 - 00000000 ____D C:\Users\All Users\DivX
2012-10-25 15:18 - 2010-01-25 11:19 - 00000000 ____D C:\Program Files\DivX
2012-10-25 15:17 - 2010-01-25 10:49 - 00000000 ____D C:\Program Files\Common Files\DivX Shared

==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-11-24 10:36:54
Restore point made on: 2012-11-24 10:48:57
Restore point made on: 2012-11-24 10:55:11
Restore point made on: 2012-11-24 15:39:44
Restore point made on: 2012-11-24 16:40:33
Restore point made on: 2012-11-24 17:37:41

==================== Memory info ===========================

Percentage of memory in use: 11%
Total physical RAM: 4083.91 MB
Available physical RAM: 3597.32 MB
Total Pagefile: 4082.19 MB
Available Pagefile: 3599.02 MB
Total Virtual: 2047.88 MB
Available Virtual: 1962.3 MB

==================== Partitions =============================

1 Drive c: (OS) (Fixed) (Total:101.66 GB) (Free:28.57 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (RECOVERY) (Fixed) (Total:5.26 GB) (Free:0.55 GB) NTFS
4 Drive f: () (Removable) (Total:3.74 GB) (Free:1.68 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 111 GB 1024 KB
Disk 1 Online 3835 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 133 MB 31 KB
Partition 2 Primary 5382 MB 134 MB
Partition 0 Extended 4857 MB 5516 MB
Partition 4 Logical 4592 MB 5517 MB
Partition 5 Logical 264 MB 9 GB
Partition 3 Primary 101 GB 10 GB

=========================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 FAT Partition 133 MB Healthy Hidden

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 D RECOVERY NTFS Partition 5382 MB Healthy

=========================================================

Disk: 0
Partition 4
Type : 83
Hidden: Yes
Active: No

There is no volume associated with this partition.

=========================================================

Disk: 0
Partition 5
Type : 82
Hidden: Yes
Active: No

There is no volume associated with this partition.

=========================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 101 GB Healthy

=========================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3827 MB 19 KB

=========================================================

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F FAT32 Removable 3827 MB Healthy

=========================================================

Last Boot: 2012-11-15 21:30

==================== End Of Log ============================

Farbar Recovery Scan Tool (x86) Version: 23-11-2012
Ran by SYSTEM at 2012-11-24 18:08:05
Running from F:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe
[2009-07-14 00:11] - [2009-07-14 02:14] - 0259072 ____A (Microsoft Corporation) 5F1B6A9C35D3D5CA72D6D6FDEF9747D6

C:\Windows\System32\services.exe
[2009-07-14 00:11] - [2009-07-14 02:14] - 0259072 ____A (Microsoft Corporation) 5F1B6A9C35D3D5CA72D6D6FDEF9747D6

=== End Of Search ===

Attached Files



#5 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:08:49 AM

Posted 24 November 2012 - 12:44 PM

Please run the following:

Please download Malwarebytes Anti-Rootkit and save it to your desktop.
  • Be sure to print out and follow the instructions provided on that same page for performing a scan.
  • Caution: This is a beta version so also read the disclaimer and back up all your data before using.
  • When the scan completes, click on the Cleanup button to remove any threats found and reboot the computer if prompted to do so.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • If there are problems with Internet access, Windows Update, Windows Firewall or other system issues, run the fixdamage tool located in the folder Malwarebytes Anti-Rootkit was run from and reboot your computer.
  • Two files (mbar-log-YYYY-MM-DD, system-log.txt) will be created and saved within that same folder.
  • Copy and paste the contents of these two log files in your next reply.
Note: Further documentation can be found in the ReadMe.rtf file which is located in the Malwarebytes Anti-Rootkit folder.


NEXT



Refer to the ComboFix User's Guide

  • Download ComboFix from the following location:

    Link

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#6 Muki010

Muki010
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:49 PM

Posted 24 November 2012 - 03:56 PM

Ok, after doing the malwarebyte antirooktit it restarted the pc and wont start again. only in safe mode. In normal mod it logs in but doesnt allow to run explorer.exe. so the screen is blank. I run the malwarebyte antirootkit in safe mode , the fidamage as well. and the the combofix. combofix saying there is a Rootkit.zero.access in the tcp/ip stack. after restarting nothing changes. i run the test again and it is the same. the restore points of windows doesnt work. In te uninstal folder there is a file that cannot be recovered. it is corupted. That is one of the malware files thta Malwarebyte found but didnt remove after restart.

any ideas?

Attached Files



#7 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:08:49 AM

Posted 24 November 2012 - 04:06 PM

please run ComboFix in safemode and post the log

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#8 Muki010

Muki010
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:49 PM

Posted 24 November 2012 - 04:21 PM

Here it is:

Attached Files



#9 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:08:49 AM

Posted 24 November 2012 - 04:28 PM

it doesn't appear as though explorer.exe is infected, so it may just need to be started again

please reboot and boot into normal mode

press ctrl + alt + del to bring up task manager

click on File > New task > type explorer.exe > press OK

your desktop should now load


NEXT please run the following:


Please download Junkware Removal Tool to your desktop.
  • Shutdown your antivirus to avoid any conflicts.
  • Right-mouse click JRT.exe and select Run as administrator
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message


NEXT



Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#10 Muki010

Muki010
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:49 PM

Posted 24 November 2012 - 04:33 PM

The explorer doesnt starts. I will to run all that in safemode

#11 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:08:49 AM

Posted 24 November 2012 - 04:36 PM

ok

let's search for explorer, make sure it's where it should be

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:

    :filefind
    *explorer*
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

Edited by CatByte, 24 November 2012 - 04:37 PM.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#12 Muki010

Muki010
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:49 PM

Posted 24 November 2012 - 04:42 PM

I managed to run explorer exe. in task manager /add task, browse... i had to run it as administrator..even tough i'm logged in as admin. going to run the other tools.

#13 Muki010

Muki010
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:49 PM

Posted 24 November 2012 - 08:18 PM

I was unable to run the junkware. It gives me an error. Even i managed to run the explorer, im loged in a funny mode, almost like safe mode, only few programs and services run and i have no rights to access desktop...

the eset scan in the attachment

Attached Files



#14 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:08:49 AM

Posted 24 November 2012 - 08:24 PM

this strange behaviour occurred after running MBAR?

Please try running the fixdamage tool located in the folder Malwarebytes Anti-Rootkit was run from and reboot your computer.

see if that improves the behaviour

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#15 Muki010

Muki010
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:49 PM

Posted 25 November 2012 - 09:31 AM

hi after restart i had problems to log in, my user account dissapeared. i have no access to that..even the all the file are there in c:/users/username

i had to activate the admistrator account through command line (net user administrator /active:yes)
i logged in and run the junkware removal tools, malwarebytes and combofix after that.
log files in attachment.

Still i have no access to my account. trying to solve this out.
and the administrator account has strange behaviour, runs really slow.

Attached Files






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users