Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

May be infected, Please look at log files Thanks


  • Please log in to reply
2 replies to this topic

#1 mega117832

mega117832

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:01 PM

Posted 27 February 2013 - 05:04 AM

DS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 9.0.8112.16464
Run by Tony at 2:02:08 on 2013-02-27
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8190.6012 [GMT -8:00]
.
AV: Kaspersky PURE 2.0 *Enabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
SP: Kaspersky PURE 2.0 *Enabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky PURE 2.0 *Enabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe
C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\SysWOW64\PnkBstrB.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Users\Tony\AppData\Roaming\Spotify\spotify.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe
C:\Program Files (x86)\Breakaway\breakaway.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files (x86)\Breakaway\breakaway.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\mmc.exe
C:\Windows\System32\msdtc.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files (x86)\SpeedFan\speedfan.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = about:blank
mWinlogon: Userinit = userinit.exe
BHO: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ievkbd.dll
BHO: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\klwtbbho.dll
uRun: [Spotify] "C:\Users\Tony\AppData\Roaming\Spotify\spotify.exe" /uri spotify:autostart
mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe"
mRun: [Breakaway] "C:\Program Files (x86)\Breakaway\breakaway.exe" force
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\speedfan.lnk - C:\Program Files (x86)\SpeedFan\speedfan.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:60
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ie_banner_deny.htm
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ievkbd.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\klwtbbho.dll
TCP: NameServer = 205.171.3.65 205.171.2.65
TCP: Interfaces\{5CB8D2EB-0CAF-4C0C-BAA5-6B4A1A6547E9} : DHCPNameServer = 205.171.3.65 205.171.2.65
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.97\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = about:blank
x64-BHO: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\ievkbd.dll
x64-BHO: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\klwtbbho.dll
x64-IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\ievkbd.dll
x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\klwtbbho.dll
x64-Notify: klogon - C:\Windows\System32\klogon.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 CSCrySec;InfoWatch Encrypt Sector Library driver;C:\Windows\System32\drivers\CSCrySec.sys [2013-2-26 85048]
R1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;C:\Windows\System32\drivers\CSVirtualDiskDrv.sys [2013-2-26 66104]
R1 kl2;kl2;C:\Windows\System32\drivers\kl2.sys [2011-10-20 13616]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2011-3-10 29488]
R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe [2012-8-30 202328]
R2 CSObjectsSrv;CryptoStorage control service;C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [2009-12-21 743992]
R3 EuMusDesignVirtualAudioCableWdm_lcs;Breakaway Pipeline (WDM);C:\Windows\System32\drivers\vaclcskd.sys [2009-12-5 66016]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2009-11-2 22544]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-12-29 412776]
R3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-2-26 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-2-26 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-2-26 30208]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-2-26 1255736]
.
=============== Created Last 30 ================
.
2013-02-27 08:59:09    163056    ----a-w-    C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10142.bin
2013-02-27 08:48:26    388096    ----a-r-    C:\Users\Tony\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-02-27 08:48:26    --------    d-----w-    C:\Program Files (x86)\Trend Micro
2013-02-27 08:24:09    996352    ----a-w-    C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-27 08:24:09    768000    ----a-w-    C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-27 07:44:59    --------    d-----w-    C:\Users\Tony\AppData\Local\ElevatedDiagnostics
2013-02-27 06:49:37    --------    d--h--w-    C:\Program Files (x86)\Common Files\EAInstaller
2013-02-27 06:49:06    189248    ----a-w-    C:\Windows\SysWow64\PnkBstrB.exe
2013-02-27 06:49:06    189248    ----a-w-    C:\Windows\SysWow64\PnkBstrB.ex0
2013-02-27 06:49:05    75136    ----a-w-    C:\Windows\SysWow64\PnkBstrA.exe
2013-02-27 06:48:46    519000    ----a-w-    C:\Windows\System32\d3dx10_40.dll
2013-02-27 06:48:46    452440    ----a-w-    C:\Windows\SysWow64\d3dx10_40.dll
2013-02-27 06:48:46    2605920    ----a-w-    C:\Windows\System32\D3DCompiler_40.dll
2013-02-27 06:48:46    2036576    ----a-w-    C:\Windows\SysWow64\D3DCompiler_40.dll
2013-02-27 06:48:45    5631312    ----a-w-    C:\Windows\System32\D3DX9_40.dll
2013-02-27 06:48:45    4379984    ----a-w-    C:\Windows\SysWow64\D3DX9_40.dll
2013-02-27 04:36:51    --------    d-----w-    C:\Users\Tony\AppData\Local\Adobe
2013-02-27 04:27:22    81920    ----a-w-    C:\Windows\System32\E_IBCBFJA.DLL
2013-02-27 04:27:22    118784    ----a-w-    C:\Windows\System32\E_ILMFJA.DLL
2013-02-27 04:27:18    --------    d-----w-    C:\ProgramData\EPSON
2013-02-27 04:23:50    --------    d-----w-    C:\ProgramData\4shared Desktop
2013-02-27 02:23:06    8199504    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2013-02-27 02:23:04    9162192    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{218013CD-35AF-4AB9-90FD-0C41684EEA1F}\mpengine.dll
2013-02-27 02:20:57    87040    ----a-w-    C:\Windows\System32\drivers\WUDFPf.sys
2013-02-27 02:20:57    198656    ----a-w-    C:\Windows\System32\drivers\WUDFRd.sys
2013-02-27 02:20:56    84992    ----a-w-    C:\Windows\System32\WUDFSvc.dll
2013-02-27 02:20:56    744448    ----a-w-    C:\Windows\System32\WUDFx.dll
2013-02-27 02:20:56    45056    ----a-w-    C:\Windows\System32\WUDFCoinstaller.dll
2013-02-27 02:20:56    229888    ----a-w-    C:\Windows\System32\WUDFHost.exe
2013-02-27 02:20:56    194048    ----a-w-    C:\Windows\System32\WUDFPlatform.dll
2013-02-27 02:17:59    6144    ---ha-w-    C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2013-02-27 02:16:54    503808    ----a-w-    C:\Windows\System32\srcore.dll
2013-02-27 02:16:54    43008    ----a-w-    C:\Windows\SysWow64\srclient.dll
2013-02-27 02:14:48    67072    ----a-w-    C:\Windows\splwow64.exe
2013-02-27 02:14:48    559104    ----a-w-    C:\Windows\System32\spoolsv.exe
2013-02-27 02:02:25    --------    d-----w-    C:\Windows\SysWow64\Wat
2013-02-27 02:02:25    --------    d-----w-    C:\Windows\System32\Wat
2013-02-27 01:55:13    --------    d-----w-    C:\Users\Tony\AppData\Local\WinZip
2013-02-27 01:52:59    83736    ----a-w-    C:\Windows\System32\xinput1_2.dll
2013-02-27 01:50:49    --------    d--h--w-    C:\Windows\msdownld.tmp
2013-02-27 01:50:49    --------    d-----w-    C:\Windows\SysWow64\directx
2013-02-27 01:48:41    --------    d-----w-    C:\Program Files (x86)\MSI Afterburner
2013-02-27 01:31:29    70656    ----a-w-    C:\Windows\SysWow64\fontsub.dll
2013-02-27 01:31:29    46080    ----a-w-    C:\Windows\System32\atmlib.dll
2013-02-27 01:31:29    367616    ----a-w-    C:\Windows\System32\atmfd.dll
2013-02-27 01:31:29    34304    ----a-w-    C:\Windows\SysWow64\atmlib.dll
2013-02-27 01:31:29    295424    ----a-w-    C:\Windows\SysWow64\atmfd.dll
2013-02-27 01:31:29    100864    ----a-w-    C:\Windows\System32\fontsub.dll
2013-02-27 01:30:33    81408    ----a-w-    C:\Windows\System32\imagehlp.dll
2013-02-27 01:30:33    5120    ----a-w-    C:\Windows\SysWow64\wmi.dll
2013-02-27 01:30:33    5120    ----a-w-    C:\Windows\System32\wmi.dll
2013-02-27 01:30:33    23408    ----a-w-    C:\Windows\System32\drivers\fs_rec.sys
2013-02-27 01:30:33    159232    ----a-w-    C:\Windows\SysWow64\imagehlp.dll
2013-02-27 01:26:59    75120    ----a-w-    C:\Windows\System32\drivers\partmgr.sys
2013-02-27 01:26:59    478208    ----a-w-    C:\Windows\System32\dpnet.dll
2013-02-27 01:26:59    376832    ----a-w-    C:\Windows\SysWow64\dpnet.dll
2013-02-27 01:22:22    --------    d-----w-    C:\Users\Tony\AppData\Roaming\Postbox
2013-02-27 01:22:22    --------    d-----w-    C:\Users\Tony\AppData\Local\Postbox
2013-02-27 01:22:18    --------    d-----w-    C:\Program Files (x86)\Postbox
2013-02-27 01:21:28    1731920    ----a-w-    C:\Windows\System32\ntdll.dll
2013-02-27 01:21:28    1292080    ----a-w-    C:\Windows\SysWow64\ntdll.dll
2013-02-27 01:21:20    1464320    ----a-w-    C:\Windows\System32\crypt32.dll
2013-02-27 01:21:19    184320    ----a-w-    C:\Windows\System32\cryptsvc.dll
2013-02-27 01:21:19    140288    ----a-w-    C:\Windows\SysWow64\cryptsvc.dll
2013-02-27 01:21:19    140288    ----a-w-    C:\Windows\System32\cryptnet.dll
2013-02-27 01:21:19    1159680    ----a-w-    C:\Windows\SysWow64\crypt32.dll
2013-02-27 01:21:19    103936    ----a-w-    C:\Windows\SysWow64\cryptnet.dll
2013-02-27 01:20:24    77312    ----a-w-    C:\Windows\System32\packager.dll
2013-02-27 01:20:24    67072    ----a-w-    C:\Windows\SysWow64\packager.dll
2013-02-27 01:20:18    --------    d-----w-    C:\Users\Tony\AppData\Roaming\Origin
2013-02-27 01:20:17    --------    d-----w-    C:\Program Files (x86)\Origin Games
2013-02-27 01:20:11    --------    d-----w-    C:\Users\Tony\AppData\Local\Origin
2013-02-27 01:18:43    --------    d-----w-    C:\ProgramData\Origin
2013-02-27 01:18:42    --------    d-----w-    C:\ProgramData\Electronic Arts
2013-02-27 01:18:30    --------    d-----w-    C:\Program Files (x86)\Origin
2013-02-27 01:07:21    --------    d-----w-    C:\Windows\SysWow64\RTCOM
2013-02-27 01:07:21    --------    d-----w-    C:\Program Files\Realtek
2013-02-27 01:00:53    --------    d-----w-    C:\Users\Tony\AppData\Local\Spotify
2013-02-27 01:00:39    --------    d-----w-    C:\Users\Tony\AppData\Roaming\Spotify
2013-02-27 00:48:42    --------    d-----w-    C:\Program Files (x86)\Breakaway
2013-02-27 00:46:28    --------    d-----w-    C:\Users\Tony\AppData\Local\Apple Computer
2013-02-27 00:46:19    33240    ----a-w-    C:\Windows\System32\drivers\GEARAspiWDM.sys
2013-02-27 00:46:11    --------    d-----w-    C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-02-27 00:46:11    --------    d-----w-    C:\Program Files\iTunes
2013-02-27 00:46:11    --------    d-----w-    C:\Program Files\iPod
2013-02-27 00:46:11    --------    d-----w-    C:\Program Files (x86)\iTunes
2013-02-27 00:43:51    --------    d-----w-    C:\Users\Tony\AppData\Local\Apple
2013-02-27 00:43:28    --------    d-----w-    C:\Program Files\Bonjour
2013-02-27 00:43:28    --------    d-----w-    C:\Program Files (x86)\Bonjour
2013-02-27 00:32:44    --------    d-----r-    C:\Backup
2013-02-27 00:29:29    --------    d-----w-    C:\NVIDIA
2013-02-27 00:28:20    877856    ----a-w-    C:\Windows\System32\nvvsvc.exe
2013-02-27 00:28:20    6393120    ----a-w-    C:\Windows\System32\nvcpl.dll
2013-02-27 00:28:20    63776    ----a-w-    C:\Windows\System32\nvshext.dll
2013-02-27 00:28:20    3472672    ----a-w-    C:\Windows\System32\nvsvc64.dll
2013-02-27 00:28:20    3035306    ----a-w-    C:\Windows\System32\nvcoproc.bin
2013-02-27 00:28:20    2557800    ----a-w-    C:\Windows\System32\nvsvcr.dll
2013-02-27 00:28:20    237856    ----a-w-    C:\Windows\System32\nvmctray.dll
2013-02-27 00:24:03    826880    ----a-w-    C:\Windows\SysWow64\rdpcore.dll
2013-02-27 00:24:03    23552    ----a-w-    C:\Windows\System32\drivers\tdtcp.sys
2013-02-27 00:24:03    1031680    ----a-w-    C:\Windows\System32\rdpcore.dll
2013-02-27 00:23:03    --------    d-----w-    C:\Users\Tony\AppData\Local\Google
.
==================== Find3M  ====================
.
2013-02-10 03:25:27    963776    ----a-w-    C:\Windows\SysWow64\nvumdshim.dll
2013-01-17 09:28:58    273840    ------w-    C:\Windows\System32\MpSigStub.exe
2013-01-13 21:17:03    9728    ---ha-w-    C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 21:17:02    2560    ---ha-w-    C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 21:16:42    10752    ---ha-w-    C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 21:12:46    3584    ---ha-w-    C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 21:11:21    4096    ---ha-w-    C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 21:11:08    5632    ---ha-w-    C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 21:11:07    5632    ---ha-w-    C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 21:11:07    3072    ---ha-w-    C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 21:11:07    3072    ---ha-w-    C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:35:31    9728    ---ha-w-    C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 20:35:31    2560    ---ha-w-    C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 20:35:18    10752    ---ha-w-    C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 20:32:07    3584    ---ha-w-    C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 20:31:48    4096    ---ha-w-    C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 20:31:41    5632    ---ha-w-    C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 20:31:40    5632    ---ha-w-    C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 20:31:40    3072    ---ha-w-    C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 20:31:40    3072    ---ha-w-    C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:31:00    1247744    ----a-w-    C:\Windows\SysWow64\DWrite.dll
2013-01-13 20:22:22    1988096    ----a-w-    C:\Windows\SysWow64\d3d10warp.dll
2013-01-13 20:20:31    293376    ----a-w-    C:\Windows\SysWow64\dxgi.dll
2013-01-13 20:09:00    249856    ----a-w-    C:\Windows\SysWow64\d3d10_1core.dll
2013-01-13 20:08:43    220160    ----a-w-    C:\Windows\SysWow64\d3d10core.dll
2013-01-13 20:08:35    1504768    ----a-w-    C:\Windows\SysWow64\d3d11.dll
2013-01-13 19:59:04    1643520    ----a-w-    C:\Windows\System32\DWrite.dll
2013-01-13 19:58:28    1175552    ----a-w-    C:\Windows\System32\FntCache.dll
2013-01-13 19:54:01    604160    ----a-w-    C:\Windows\SysWow64\d3d10level9.dll
2013-01-13 19:53:58    207872    ----a-w-    C:\Windows\SysWow64\WindowsCodecsExt.dll
2013-01-13 19:53:14    187392    ----a-w-    C:\Windows\SysWow64\UIAnimation.dll
2013-01-13 19:51:30    2565120    ----a-w-    C:\Windows\System32\d3d10warp.dll
2013-01-13 19:49:17    363008    ----a-w-    C:\Windows\System32\dxgi.dll
2013-01-13 19:48:47    161792    ----a-w-    C:\Windows\SysWow64\d3d10_1.dll
2013-01-13 19:46:25    1080832    ----a-w-    C:\Windows\SysWow64\d3d10.dll
2013-01-13 19:43:21    1230336    ----a-w-    C:\Windows\SysWow64\WindowsCodecs.dll
2013-01-13 19:38:39    333312    ----a-w-    C:\Windows\System32\d3d10_1core.dll
2013-01-13 19:38:32    1887232    ----a-w-    C:\Windows\System32\d3d11.dll
2013-01-13 19:38:21    296960    ----a-w-    C:\Windows\System32\d3d10core.dll
2013-01-13 19:37:57    3419136    ----a-w-    C:\Windows\SysWow64\d2d1.dll
2013-01-13 19:25:04    245248    ----a-w-    C:\Windows\System32\WindowsCodecsExt.dll
2013-01-13 19:24:33    648192    ----a-w-    C:\Windows\System32\d3d10level9.dll
2013-01-13 19:24:30    221184    ----a-w-    C:\Windows\System32\UIAnimation.dll
2013-01-13 19:20:42    194560    ----a-w-    C:\Windows\System32\d3d10_1.dll
2013-01-13 19:20:04    1238528    ----a-w-    C:\Windows\System32\d3d10.dll
2013-01-13 19:15:40    1424384    ----a-w-    C:\Windows\System32\WindowsCodecs.dll
2013-01-13 19:10:36    3928064    ----a-w-    C:\Windows\System32\d2d1.dll
2013-01-13 19:02:06    417792    ----a-w-    C:\Windows\SysWow64\WMPhoto.dll
2013-01-13 18:34:58    364544    ----a-w-    C:\Windows\SysWow64\XpsGdiConverter.dll
2013-01-13 18:32:43    465920    ----a-w-    C:\Windows\System32\WMPhoto.dll
2013-01-13 18:09:52    522752    ----a-w-    C:\Windows\System32\XpsGdiConverter.dll
2013-01-13 17:26:42    1158144    ----a-w-    C:\Windows\SysWow64\XpsPrint.dll
2013-01-13 17:05:09    1682432    ----a-w-    C:\Windows\System32\XpsPrint.dll
2013-01-05 05:53:43    5553512    ----a-w-    C:\Windows\System32\ntoskrnl.exe
2013-01-05 05:00:15    3967848    ----a-w-    C:\Windows\SysWow64\ntkrnlpa.exe
2013-01-05 05:00:11    3913064    ----a-w-    C:\Windows\SysWow64\ntoskrnl.exe
2013-01-04 06:11:21    2284544    ----a-w-    C:\Windows\SysWow64\msmpeg2vdec.dll
2013-01-04 06:11:13    2776576    ----a-w-    C:\Windows\System32\msmpeg2vdec.dll
2013-01-04 05:46:09    215040    ----a-w-    C:\Windows\System32\winsrv.dll
2013-01-04 04:51:16    5120    ----a-w-    C:\Windows\SysWow64\wow32.dll
2013-01-04 04:43:21    44032    ----a-w-    C:\Windows\apppatch\acwow64.dll
2013-01-04 03:26:48    3153408    ----a-w-    C:\Windows\System32\win32k.sys
2013-01-04 02:47:35    25600    ----a-w-    C:\Windows\SysWow64\setup16.exe
2013-01-04 02:47:34    7680    ----a-w-    C:\Windows\SysWow64\instnm.exe
2013-01-04 02:47:34    2048    ----a-w-    C:\Windows\SysWow64\user.exe
2013-01-04 02:47:33    14336    ----a-w-    C:\Windows\SysWow64\ntvdm64.dll
2013-01-03 06:00:54    1913192    ----a-w-    C:\Windows\System32\drivers\tcpip.sys
2013-01-03 06:00:42    288088    ----a-w-    C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-12-13 21:50:38    6112864    ----a-w-    C:\Windows\System32\usbaaplrc.dll
2012-12-13 21:50:36    54784    ----a-w-    C:\Windows\System32\drivers\usbaapl64.sys
2012-12-07 13:20:16    441856    ----a-w-    C:\Windows\System32\Wpc.dll
2012-12-07 13:15:31    2746368    ----a-w-    C:\Windows\System32\gameux.dll
2012-12-07 12:26:17    308736    ----a-w-    C:\Windows\SysWow64\Wpc.dll
2012-12-07 12:20:43    2576384    ----a-w-    C:\Windows\SysWow64\gameux.dll
2012-12-07 11:20:04    30720    ----a-w-    C:\Windows\System32\usk.rs
2012-12-07 11:20:03    43520    ----a-w-    C:\Windows\System32\csrr.rs
2012-12-07 11:20:03    23552    ----a-w-    C:\Windows\System32\oflc.rs
2012-12-07 11:20:01    45568    ----a-w-    C:\Windows\System32\oflc-nz.rs
2012-12-07 11:20:01    44544    ----a-w-    C:\Windows\System32\pegibbfc.rs
2012-12-07 11:20:01    20480    ----a-w-    C:\Windows\System32\pegi-fi.rs
2012-12-07 11:20:00    20480    ----a-w-    C:\Windows\System32\pegi-pt.rs
2012-12-07 11:19:59    20480    ----a-w-    C:\Windows\System32\pegi.rs
2012-12-07 11:19:58    46592    ----a-w-    C:\Windows\System32\fpb.rs
2012-12-07 11:19:57    40960    ----a-w-    C:\Windows\System32\cob-au.rs
2012-12-07 11:19:57    21504    ----a-w-    C:\Windows\System32\grb.rs
2012-12-07 11:19:57    15360    ----a-w-    C:\Windows\System32\djctq.rs
2012-12-07 11:19:56    55296    ----a-w-    C:\Windows\System32\cero.rs
2012-12-07 11:19:55    51712    ----a-w-    C:\Windows\System32\esrb.rs
2012-11-30 05:45:35    362496    ----a-w-    C:\Windows\System32\wow64win.dll
2012-11-30 05:45:35    243200    ----a-w-    C:\Windows\System32\wow64.dll
2012-11-30 05:45:35    13312    ----a-w-    C:\Windows\System32\wow64cpu.dll
2012-11-30 05:43:12    16384    ----a-w-    C:\Windows\System32\ntvdm64.dll
2012-11-30 05:41:07    424448    ----a-w-    C:\Windows\System32\KernelBase.dll
2012-11-30 04:53:59    274944    ----a-w-    C:\Windows\SysWow64\KernelBase.dll
2012-11-30 03:23:48    338432    ----a-w-    C:\Windows\System32\conhost.exe
2012-11-30 02:38:59    4608    ---ha-w-    C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 02:38:59    3584    ---ha-w-    C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 02:38:59    3072    ---ha-w-    C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
.
============= FINISH:  2:02:27.57 ===============
 
 
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:04:06 AM, on 2/27/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16464)
Boot mode: Normal
 
Running processes:
C:\Users\Tony\AppData\Roaming\Spotify\spotify.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe
C:\Program Files (x86)\Breakaway\breakaway.exe
C:\Program Files (x86)\Breakaway\breakaway.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files (x86)\SpeedFan\speedfan.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ievkbd.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\klwtbbho.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe"
O4 - HKLM\..\Run: [Breakaway] "C:\Program Files (x86)\Breakaway\breakaway.exe" force
O4 - HKCU\..\Run: [Spotify] "C:\Users\Tony\AppData\Roaming\Spotify\spotify.exe" /uri spotify:autostart
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: speedfan.lnk = C:\Program Files (x86)\SpeedFan\speedfan.exe
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ie_banner_deny.htm
O9 - Extra button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ievkbd.dll
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\klwtbbho.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe
O23 - Service: CryptoStorage control service (CSObjectsSrv) - Infowatch - C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
 
--
End of file - 6581 bytes
 


BC AdBot (Login to Remove)

 


#2 mega117832

mega117832
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:01 PM

Posted 27 February 2013 - 05:10 AM

I think there is a remote server connected to my computer

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 9.0.8112.16464
Run by Tony at 2:02:08 on 2013-02-27
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8190.6012 [GMT -8:00]
.
AV: Kaspersky PURE 2.0 *Enabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
SP: Kaspersky PURE 2.0 *Enabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky PURE 2.0 *Enabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe
C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\SysWOW64\PnkBstrB.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Users\Tony\AppData\Roaming\Spotify\spotify.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe
C:\Program Files (x86)\Breakaway\breakaway.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files (x86)\Breakaway\breakaway.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\mmc.exe
C:\Windows\System32\msdtc.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files (x86)\SpeedFan\speedfan.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = about:blank
mWinlogon: Userinit = userinit.exe
BHO: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ievkbd.dll
BHO: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\klwtbbho.dll
uRun: [Spotify] "C:\Users\Tony\AppData\Roaming\Spotify\spotify.exe" /uri spotify:autostart
mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe"
mRun: [Breakaway] "C:\Program Files (x86)\Breakaway\breakaway.exe" force
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\speedfan.lnk - C:\Program Files (x86)\SpeedFan\speedfan.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:60
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ie_banner_deny.htm
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ievkbd.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\klwtbbho.dll
TCP: NameServer = 205.171.3.65 205.171.2.65
TCP: Interfaces\{5CB8D2EB-0CAF-4C0C-BAA5-6B4A1A6547E9} : DHCPNameServer = 205.171.3.65 205.171.2.65
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.97\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = about:blank
x64-BHO: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\ievkbd.dll
x64-BHO: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\klwtbbho.dll
x64-IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\ievkbd.dll
x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\klwtbbho.dll
x64-Notify: klogon - C:\Windows\System32\klogon.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 CSCrySec;InfoWatch Encrypt Sector Library driver;C:\Windows\System32\drivers\CSCrySec.sys [2013-2-26 85048]
R1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;C:\Windows\System32\drivers\CSVirtualDiskDrv.sys [2013-2-26 66104]
R1 kl2;kl2;C:\Windows\System32\drivers\kl2.sys [2011-10-20 13616]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2011-3-10 29488]
R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe [2012-8-30 202328]
R2 CSObjectsSrv;CryptoStorage control service;C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [2009-12-21 743992]
R3 EuMusDesignVirtualAudioCableWdm_lcs;Breakaway Pipeline (WDM);C:\Windows\System32\drivers\vaclcskd.sys [2009-12-5 66016]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2009-11-2 22544]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-12-29 412776]
R3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-2-26 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-2-26 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-2-26 30208]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-2-26 1255736]
.
=============== Created Last 30 ================
.
2013-02-27 08:59:09    163056    ----a-w-    C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10142.bin
2013-02-27 08:48:26    388096    ----a-r-    C:\Users\Tony\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-02-27 08:48:26    --------    d-----w-    C:\Program Files (x86)\Trend Micro
2013-02-27 08:24:09    996352    ----a-w-    C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-27 08:24:09    768000    ----a-w-    C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-27 07:44:59    --------    d-----w-    C:\Users\Tony\AppData\Local\ElevatedDiagnostics
2013-02-27 06:49:37    --------    d--h--w-    C:\Program Files (x86)\Common Files\EAInstaller
2013-02-27 06:49:06    189248    ----a-w-    C:\Windows\SysWow64\PnkBstrB.exe
2013-02-27 06:49:06    189248    ----a-w-    C:\Windows\SysWow64\PnkBstrB.ex0
2013-02-27 06:49:05    75136    ----a-w-    C:\Windows\SysWow64\PnkBstrA.exe
2013-02-27 06:48:46    519000    ----a-w-    C:\Windows\System32\d3dx10_40.dll
2013-02-27 06:48:46    452440    ----a-w-    C:\Windows\SysWow64\d3dx10_40.dll
2013-02-27 06:48:46    2605920    ----a-w-    C:\Windows\System32\D3DCompiler_40.dll
2013-02-27 06:48:46    2036576    ----a-w-    C:\Windows\SysWow64\D3DCompiler_40.dll
2013-02-27 06:48:45    5631312    ----a-w-    C:\Windows\System32\D3DX9_40.dll
2013-02-27 06:48:45    4379984    ----a-w-    C:\Windows\SysWow64\D3DX9_40.dll
2013-02-27 04:36:51    --------    d-----w-    C:\Users\Tony\AppData\Local\Adobe
2013-02-27 04:27:22    81920    ----a-w-    C:\Windows\System32\E_IBCBFJA.DLL
2013-02-27 04:27:22    118784    ----a-w-    C:\Windows\System32\E_ILMFJA.DLL
2013-02-27 04:27:18    --------    d-----w-    C:\ProgramData\EPSON
2013-02-27 04:23:50    --------    d-----w-    C:\ProgramData\4shared Desktop
2013-02-27 02:23:06    8199504    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2013-02-27 02:23:04    9162192    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{218013CD-35AF-4AB9-90FD-0C41684EEA1F}\mpengine.dll
2013-02-27 02:20:57    87040    ----a-w-    C:\Windows\System32\drivers\WUDFPf.sys
2013-02-27 02:20:57    198656    ----a-w-    C:\Windows\System32\drivers\WUDFRd.sys
2013-02-27 02:20:56    84992    ----a-w-    C:\Windows\System32\WUDFSvc.dll
2013-02-27 02:20:56    744448    ----a-w-    C:\Windows\System32\WUDFx.dll
2013-02-27 02:20:56    45056    ----a-w-    C:\Windows\System32\WUDFCoinstaller.dll
2013-02-27 02:20:56    229888    ----a-w-    C:\Windows\System32\WUDFHost.exe
2013-02-27 02:20:56    194048    ----a-w-    C:\Windows\System32\WUDFPlatform.dll
2013-02-27 02:17:59    6144    ---ha-w-    C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2013-02-27 02:16:54    503808    ----a-w-    C:\Windows\System32\srcore.dll
2013-02-27 02:16:54    43008    ----a-w-    C:\Windows\SysWow64\srclient.dll
2013-02-27 02:14:48    67072    ----a-w-    C:\Windows\splwow64.exe
2013-02-27 02:14:48    559104    ----a-w-    C:\Windows\System32\spoolsv.exe
2013-02-27 02:02:25    --------    d-----w-    C:\Windows\SysWow64\Wat
2013-02-27 02:02:25    --------    d-----w-    C:\Windows\System32\Wat
2013-02-27 01:55:13    --------    d-----w-    C:\Users\Tony\AppData\Local\WinZip
2013-02-27 01:52:59    83736    ----a-w-    C:\Windows\System32\xinput1_2.dll
2013-02-27 01:50:49    --------    d--h--w-    C:\Windows\msdownld.tmp
2013-02-27 01:50:49    --------    d-----w-    C:\Windows\SysWow64\directx
2013-02-27 01:48:41    --------    d-----w-    C:\Program Files (x86)\MSI Afterburner
2013-02-27 01:31:29    70656    ----a-w-    C:\Windows\SysWow64\fontsub.dll
2013-02-27 01:31:29    46080    ----a-w-    C:\Windows\System32\atmlib.dll
2013-02-27 01:31:29    367616    ----a-w-    C:\Windows\System32\atmfd.dll
2013-02-27 01:31:29    34304    ----a-w-    C:\Windows\SysWow64\atmlib.dll
2013-02-27 01:31:29    295424    ----a-w-    C:\Windows\SysWow64\atmfd.dll
2013-02-27 01:31:29    100864    ----a-w-    C:\Windows\System32\fontsub.dll
2013-02-27 01:30:33    81408    ----a-w-    C:\Windows\System32\imagehlp.dll
2013-02-27 01:30:33    5120    ----a-w-    C:\Windows\SysWow64\wmi.dll
2013-02-27 01:30:33    5120    ----a-w-    C:\Windows\System32\wmi.dll
2013-02-27 01:30:33    23408    ----a-w-    C:\Windows\System32\drivers\fs_rec.sys
2013-02-27 01:30:33    159232    ----a-w-    C:\Windows\SysWow64\imagehlp.dll
2013-02-27 01:26:59    75120    ----a-w-    C:\Windows\System32\drivers\partmgr.sys
2013-02-27 01:26:59    478208    ----a-w-    C:\Windows\System32\dpnet.dll
2013-02-27 01:26:59    376832    ----a-w-    C:\Windows\SysWow64\dpnet.dll
2013-02-27 01:22:22    --------    d-----w-    C:\Users\Tony\AppData\Roaming\Postbox
2013-02-27 01:22:22    --------    d-----w-    C:\Users\Tony\AppData\Local\Postbox
2013-02-27 01:22:18    --------    d-----w-    C:\Program Files (x86)\Postbox
2013-02-27 01:21:28    1731920    ----a-w-    C:\Windows\System32\ntdll.dll
2013-02-27 01:21:28    1292080    ----a-w-    C:\Windows\SysWow64\ntdll.dll
2013-02-27 01:21:20    1464320    ----a-w-    C:\Windows\System32\crypt32.dll
2013-02-27 01:21:19    184320    ----a-w-    C:\Windows\System32\cryptsvc.dll
2013-02-27 01:21:19    140288    ----a-w-    C:\Windows\SysWow64\cryptsvc.dll
2013-02-27 01:21:19    140288    ----a-w-    C:\Windows\System32\cryptnet.dll
2013-02-27 01:21:19    1159680    ----a-w-    C:\Windows\SysWow64\crypt32.dll
2013-02-27 01:21:19    103936    ----a-w-    C:\Windows\SysWow64\cryptnet.dll
2013-02-27 01:20:24    77312    ----a-w-    C:\Windows\System32\packager.dll
2013-02-27 01:20:24    67072    ----a-w-    C:\Windows\SysWow64\packager.dll
2013-02-27 01:20:18    --------    d-----w-    C:\Users\Tony\AppData\Roaming\Origin
2013-02-27 01:20:17    --------    d-----w-    C:\Program Files (x86)\Origin Games
2013-02-27 01:20:11    --------    d-----w-    C:\Users\Tony\AppData\Local\Origin
2013-02-27 01:18:43    --------    d-----w-    C:\ProgramData\Origin
2013-02-27 01:18:42    --------    d-----w-    C:\ProgramData\Electronic Arts
2013-02-27 01:18:30    --------    d-----w-    C:\Program Files (x86)\Origin
2013-02-27 01:07:21    --------    d-----w-    C:\Windows\SysWow64\RTCOM
2013-02-27 01:07:21    --------    d-----w-    C:\Program Files\Realtek
2013-02-27 01:00:53    --------    d-----w-    C:\Users\Tony\AppData\Local\Spotify
2013-02-27 01:00:39    --------    d-----w-    C:\Users\Tony\AppData\Roaming\Spotify
2013-02-27 00:48:42    --------    d-----w-    C:\Program Files (x86)\Breakaway
2013-02-27 00:46:28    --------    d-----w-    C:\Users\Tony\AppData\Local\Apple Computer
2013-02-27 00:46:19    33240    ----a-w-    C:\Windows\System32\drivers\GEARAspiWDM.sys
2013-02-27 00:46:11    --------    d-----w-    C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-02-27 00:46:11    --------    d-----w-    C:\Program Files\iTunes
2013-02-27 00:46:11    --------    d-----w-    C:\Program Files\iPod
2013-02-27 00:46:11    --------    d-----w-    C:\Program Files (x86)\iTunes
2013-02-27 00:43:51    --------    d-----w-    C:\Users\Tony\AppData\Local\Apple
2013-02-27 00:43:28    --------    d-----w-    C:\Program Files\Bonjour
2013-02-27 00:43:28    --------    d-----w-    C:\Program Files (x86)\Bonjour
2013-02-27 00:32:44    --------    d-----r-    C:\Backup
2013-02-27 00:29:29    --------    d-----w-    C:\NVIDIA
2013-02-27 00:28:20    877856    ----a-w-    C:\Windows\System32\nvvsvc.exe
2013-02-27 00:28:20    6393120    ----a-w-    C:\Windows\System32\nvcpl.dll
2013-02-27 00:28:20    63776    ----a-w-    C:\Windows\System32\nvshext.dll
2013-02-27 00:28:20    3472672    ----a-w-    C:\Windows\System32\nvsvc64.dll
2013-02-27 00:28:20    3035306    ----a-w-    C:\Windows\System32\nvcoproc.bin
2013-02-27 00:28:20    2557800    ----a-w-    C:\Windows\System32\nvsvcr.dll
2013-02-27 00:28:20    237856    ----a-w-    C:\Windows\System32\nvmctray.dll
2013-02-27 00:24:03    826880    ----a-w-    C:\Windows\SysWow64\rdpcore.dll
2013-02-27 00:24:03    23552    ----a-w-    C:\Windows\System32\drivers\tdtcp.sys
2013-02-27 00:24:03    1031680    ----a-w-    C:\Windows\System32\rdpcore.dll
2013-02-27 00:23:03    --------    d-----w-    C:\Users\Tony\AppData\Local\Google
.
==================== Find3M  ====================
.
2013-02-10 03:25:27    963776    ----a-w-    C:\Windows\SysWow64\nvumdshim.dll
2013-01-17 09:28:58    273840    ------w-    C:\Windows\System32\MpSigStub.exe
2013-01-13 21:17:03    9728    ---ha-w-    C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 21:17:02    2560    ---ha-w-    C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 21:16:42    10752    ---ha-w-    C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 21:12:46    3584    ---ha-w-    C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 21:11:21    4096    ---ha-w-    C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 21:11:08    5632    ---ha-w-    C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 21:11:07    5632    ---ha-w-    C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 21:11:07    3072    ---ha-w-    C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 21:11:07    3072    ---ha-w-    C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:35:31    9728    ---ha-w-    C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 20:35:31    2560    ---ha-w-    C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 20:35:18    10752    ---ha-w-    C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 20:32:07    3584    ---ha-w-    C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 20:31:48    4096    ---ha-w-    C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 20:31:41    5632    ---ha-w-    C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 20:31:40    5632    ---ha-w-    C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 20:31:40    3072    ---ha-w-    C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 20:31:40    3072    ---ha-w-    C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:31:00    1247744    ----a-w-    C:\Windows\SysWow64\DWrite.dll
2013-01-13 20:22:22    1988096    ----a-w-    C:\Windows\SysWow64\d3d10warp.dll
2013-01-13 20:20:31    293376    ----a-w-    C:\Windows\SysWow64\dxgi.dll
2013-01-13 20:09:00    249856    ----a-w-    C:\Windows\SysWow64\d3d10_1core.dll
2013-01-13 20:08:43    220160    ----a-w-    C:\Windows\SysWow64\d3d10core.dll
2013-01-13 20:08:35    1504768    ----a-w-    C:\Windows\SysWow64\d3d11.dll
2013-01-13 19:59:04    1643520    ----a-w-    C:\Windows\System32\DWrite.dll
2013-01-13 19:58:28    1175552    ----a-w-    C:\Windows\System32\FntCache.dll
2013-01-13 19:54:01    604160    ----a-w-    C:\Windows\SysWow64\d3d10level9.dll
2013-01-13 19:53:58    207872    ----a-w-    C:\Windows\SysWow64\WindowsCodecsExt.dll
2013-01-13 19:53:14    187392    ----a-w-    C:\Windows\SysWow64\UIAnimation.dll
2013-01-13 19:51:30    2565120    ----a-w-    C:\Windows\System32\d3d10warp.dll
2013-01-13 19:49:17    363008    ----a-w-    C:\Windows\System32\dxgi.dll
2013-01-13 19:48:47    161792    ----a-w-    C:\Windows\SysWow64\d3d10_1.dll
2013-01-13 19:46:25    1080832    ----a-w-    C:\Windows\SysWow64\d3d10.dll
2013-01-13 19:43:21    1230336    ----a-w-    C:\Windows\SysWow64\WindowsCodecs.dll
2013-01-13 19:38:39    333312    ----a-w-    C:\Windows\System32\d3d10_1core.dll
2013-01-13 19:38:32    1887232    ----a-w-    C:\Windows\System32\d3d11.dll
2013-01-13 19:38:21    296960    ----a-w-    C:\Windows\System32\d3d10core.dll
2013-01-13 19:37:57    3419136    ----a-w-    C:\Windows\SysWow64\d2d1.dll
2013-01-13 19:25:04    245248    ----a-w-    C:\Windows\System32\WindowsCodecsExt.dll
2013-01-13 19:24:33    648192    ----a-w-    C:\Windows\System32\d3d10level9.dll
2013-01-13 19:24:30    221184    ----a-w-    C:\Windows\System32\UIAnimation.dll
2013-01-13 19:20:42    194560    ----a-w-    C:\Windows\System32\d3d10_1.dll
2013-01-13 19:20:04    1238528    ----a-w-    C:\Windows\System32\d3d10.dll
2013-01-13 19:15:40    1424384    ----a-w-    C:\Windows\System32\WindowsCodecs.dll
2013-01-13 19:10:36    3928064    ----a-w-    C:\Windows\System32\d2d1.dll
2013-01-13 19:02:06    417792    ----a-w-    C:\Windows\SysWow64\WMPhoto.dll
2013-01-13 18:34:58    364544    ----a-w-    C:\Windows\SysWow64\XpsGdiConverter.dll
2013-01-13 18:32:43    465920    ----a-w-    C:\Windows\System32\WMPhoto.dll
2013-01-13 18:09:52    522752    ----a-w-    C:\Windows\System32\XpsGdiConverter.dll
2013-01-13 17:26:42    1158144    ----a-w-    C:\Windows\SysWow64\XpsPrint.dll
2013-01-13 17:05:09    1682432    ----a-w-    C:\Windows\System32\XpsPrint.dll
2013-01-05 05:53:43    5553512    ----a-w-    C:\Windows\System32\ntoskrnl.exe
2013-01-05 05:00:15    3967848    ----a-w-    C:\Windows\SysWow64\ntkrnlpa.exe
2013-01-05 05:00:11    3913064    ----a-w-    C:\Windows\SysWow64\ntoskrnl.exe
2013-01-04 06:11:21    2284544    ----a-w-    C:\Windows\SysWow64\msmpeg2vdec.dll
2013-01-04 06:11:13    2776576    ----a-w-    C:\Windows\System32\msmpeg2vdec.dll
2013-01-04 05:46:09    215040    ----a-w-    C:\Windows\System32\winsrv.dll
2013-01-04 04:51:16    5120    ----a-w-    C:\Windows\SysWow64\wow32.dll
2013-01-04 04:43:21    44032    ----a-w-    C:\Windows\apppatch\acwow64.dll
2013-01-04 03:26:48    3153408    ----a-w-    C:\Windows\System32\win32k.sys
2013-01-04 02:47:35    25600    ----a-w-    C:\Windows\SysWow64\setup16.exe
2013-01-04 02:47:34    7680    ----a-w-    C:\Windows\SysWow64\instnm.exe
2013-01-04 02:47:34    2048    ----a-w-    C:\Windows\SysWow64\user.exe
2013-01-04 02:47:33    14336    ----a-w-    C:\Windows\SysWow64\ntvdm64.dll
2013-01-03 06:00:54    1913192    ----a-w-    C:\Windows\System32\drivers\tcpip.sys
2013-01-03 06:00:42    288088    ----a-w-    C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-12-13 21:50:38    6112864    ----a-w-    C:\Windows\System32\usbaaplrc.dll
2012-12-13 21:50:36    54784    ----a-w-    C:\Windows\System32\drivers\usbaapl64.sys
2012-12-07 13:20:16    441856    ----a-w-    C:\Windows\System32\Wpc.dll
2012-12-07 13:15:31    2746368    ----a-w-    C:\Windows\System32\gameux.dll
2012-12-07 12:26:17    308736    ----a-w-    C:\Windows\SysWow64\Wpc.dll
2012-12-07 12:20:43    2576384    ----a-w-    C:\Windows\SysWow64\gameux.dll
2012-12-07 11:20:04    30720    ----a-w-    C:\Windows\System32\usk.rs
2012-12-07 11:20:03    43520    ----a-w-    C:\Windows\System32\csrr.rs
2012-12-07 11:20:03    23552    ----a-w-    C:\Windows\System32\oflc.rs
2012-12-07 11:20:01    45568    ----a-w-    C:\Windows\System32\oflc-nz.rs
2012-12-07 11:20:01    44544    ----a-w-    C:\Windows\System32\pegibbfc.rs
2012-12-07 11:20:01    20480    ----a-w-    C:\Windows\System32\pegi-fi.rs
2012-12-07 11:20:00    20480    ----a-w-    C:\Windows\System32\pegi-pt.rs
2012-12-07 11:19:59    20480    ----a-w-    C:\Windows\System32\pegi.rs
2012-12-07 11:19:58    46592    ----a-w-    C:\Windows\System32\fpb.rs
2012-12-07 11:19:57    40960    ----a-w-    C:\Windows\System32\cob-au.rs
2012-12-07 11:19:57    21504    ----a-w-    C:\Windows\System32\grb.rs
2012-12-07 11:19:57    15360    ----a-w-    C:\Windows\System32\djctq.rs
2012-12-07 11:19:56    55296    ----a-w-    C:\Windows\System32\cero.rs
2012-12-07 11:19:55    51712    ----a-w-    C:\Windows\System32\esrb.rs
2012-11-30 05:45:35    362496    ----a-w-    C:\Windows\System32\wow64win.dll
2012-11-30 05:45:35    243200    ----a-w-    C:\Windows\System32\wow64.dll
2012-11-30 05:45:35    13312    ----a-w-    C:\Windows\System32\wow64cpu.dll
2012-11-30 05:43:12    16384    ----a-w-    C:\Windows\System32\ntvdm64.dll
2012-11-30 05:41:07    424448    ----a-w-    C:\Windows\System32\KernelBase.dll
2012-11-30 04:53:59    274944    ----a-w-    C:\Windows\SysWow64\KernelBase.dll
2012-11-30 03:23:48    338432    ----a-w-    C:\Windows\System32\conhost.exe
2012-11-30 02:38:59    4608    ---ha-w-    C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 02:38:59    3584    ---ha-w-    C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 02:38:59    3072    ---ha-w-    C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
.
============= FINISH:  2:02:27.57 ===============
 
 
 
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:04:06 AM, on 2/27/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16464)
Boot mode: Normal
 
Running processes:
C:\Users\Tony\AppData\Roaming\Spotify\spotify.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe
C:\Program Files (x86)\Breakaway\breakaway.exe
C:\Program Files (x86)\Breakaway\breakaway.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files (x86)\SpeedFan\speedfan.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ievkbd.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\klwtbbho.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe"
O4 - HKLM\..\Run: [Breakaway] "C:\Program Files (x86)\Breakaway\breakaway.exe" force
O4 - HKCU\..\Run: [Spotify] "C:\Users\Tony\AppData\Roaming\Spotify\spotify.exe" /uri spotify:autostart
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: speedfan.lnk = C:\Program Files (x86)\SpeedFan\speedfan.exe
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ie_banner_deny.htm
O9 - Extra button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ievkbd.dll
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\klwtbbho.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe
O23 - Service: CryptoStorage control service (CSObjectsSrv) - Infowatch - C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
 
--
End of file - 6581 bytes
 
 
 


#3 The Dark Knight

The Dark Knight

    The Magician


  • Security Colleague
  • 661 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Krypton
  • Local time:06:01 AM

Posted 01 March 2013 - 06:01 PM

Hello and welcome to BleepingComputer. I am The Dark Knight and will be assisting you. Please ask questions if anything is unclear. :welcome:

 

I think there is a remote server connected to my computer

What makes you say this? Have you seen some unusual things happening on your computer?

 

=====

 

Please follow these instructions to run ComboFix.exe. Please visit this webpage for download links and instructions for running this tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix (CF).

Please go here to see a list of programs that need to be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall.**

**Note 2: If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.**

Please include the C:\ComboFix.txt in your next reply for further review.

 

=====

 

Also, please download Malwarebytes Anti-Rootkit here.

  • Unzip the contents to a folder on the Desktop.
  • Open the folder where the contents were unzipped and run mbar.exe ( right-click and select Run as administrator for Vista and Windows 7).
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Please post the two logs produced.


Please note: This tool is still in BETA mode, so please ensure you have backed up any important files.

 

=====

 

In your reply I would like to see the contents of the following please:

  • ComboFix.txt.

  • Both MBAR logs.


If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!


If I have helped you please consider donating to the Neuroscience Research Institute.


Posted Image
Posted Image





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users