Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hit with UKash virus and removed it, but still problems!!


  • Please log in to reply
4 replies to this topic

#1 eriefairy

eriefairy

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:16 PM

Posted 03 March 2013 - 05:57 PM

Hello,

 

I am new to this forum so please forgive me if I miss something or do not give all the right information. I do not speak "techese" so a lot of these posts are greek to me, and I have been searching on here for hours to find a solution to my problem.

 

Last night my laptop was hit with the Ukash virus. I fortunately have an old laptop and was able to look up a solution. I unlocked my computer and restored it to a previous date. Then I installed Malwarebytes, CCleaner, ran AVG scan, and Hijack This. Found malware and threats and removed them. I can logon and access program files but any interet application runs really really slowly. I know the internet connection is ok based on how it's working on my old laptop.

 

I do not want to have to restore my computer to the Factory Default Settings. Anyone have suggestions??

 

Thank you so much!!

 

My specs are:

 

Windows 7, Processor: U4100 @1.30 GHz, RAM: 3.00 GB, and 64-bit OS



BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:16 PM

Posted 03 March 2013 - 05:59 PM

  • Please download TDSSKiller from here and save it to your Desktop
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters




  • Check Loaded Modules  and Detect TDLFS file systemDo not check Verify file digital signatures (even though it is checked in the example)
  • If you are asked to reboot because an "Extended Monitoring Driver is required" please click Reboot now




  • Click Start Scan and allow the scan process to run

  • If threats are detected select Skip for all of them unless I instruct you otherwise
  • Click Continue




  • Click Reboot computer
  • Please post the contents of  TDSSKiller.[Version]_[Date]_[Time]_log.txt found in your root directory (typically c:\)in your reply


===================================================


aswMBR

--------------------

  • Download aswMBR and save it to your desktop.
  • Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily. They will interfere and may cause unexpected results.
  • If you need help to disable your protection programs see here and here.
  • Double click the aswMBR.exe file to run it. Please allow when you are asked to download AVAST antivirus engine defs.
  • Wait until the AV update is done, then click on the Scan button to start. The program will launch a scan.



  • When done, you will see Scan finished successfully. Please click on Save log and save the file to your desktop.



  • Please post the contents of the log in your next reply.

NOTE:  aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.


===================================================


ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan  This process may may take several hours, that is normal

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the   button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.

  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:

    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Copy and paste the information in your next reply.   Note:  If no malware was found you will not get a log.
  • Click the Back button.
  • Click the Finish button.


===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • TDSSKiller log
  • aswMBR log
  • ESET results

 



#3 eriefairy

eriefairy
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:16 PM

Posted 03 March 2013 - 07:29 PM

Ok, unfortunately I was not able to run the ESET online virus scanner.  Internet applications on my infected laptop are barely working, and after waiting fifteen minutes for the page to load (which it still hadn't) and trying the same thing in safe mode I gave up.  I have been putting files on an external hard drive and transferring them to my infected lap top (such as malware programs and the ones above) as that is the only way I can get anywhere. Unfortunately all internet applications are very slow and almost non-functional on that laptop.

 

Here is the TDSSKiller log:

 

18:34:15.0736 4624  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
18:34:16.0189 4624  ============================================================
18:34:16.0189 4624  Current date / time: 2013/03/03 18:34:16.0189
18:34:16.0189 4624  SystemInfo:
18:34:16.0189 4624 
18:34:16.0189 4624  OS Version: 6.1.7601 ServicePack: 1.0
18:34:16.0189 4624  Product type: Workstation
18:34:16.0189 4624  ComputerName: ERIEFAIRY
18:34:16.0189 4624  UserName: Chris
18:34:16.0189 4624  Windows directory: C:\Windows
18:34:16.0189 4624  System windows directory: C:\Windows
18:34:16.0189 4624  Running under WOW64
18:34:16.0189 4624  Processor architecture: Intel x64
18:34:16.0189 4624  Number of processors: 2
18:34:16.0189 4624  Page size: 0x1000
18:34:16.0189 4624  Boot type: Normal boot
18:34:16.0189 4624  ============================================================
18:34:17.0156 4624  BG loaded
18:34:17.0624 4624  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:34:17.0624 4624  Drive \Device\Harddisk1\DR1 - Size: 0xEF000000 (3.73 Gb), SectorSize: 0x200, Cylinders: 0x1E7, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
18:34:17.0624 4624  ============================================================
18:34:17.0624 4624  \Device\Harddisk0\DR0:
18:34:17.0624 4624  MBR partitions:
18:34:17.0624 4624  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1800800, BlocksNum 0x32000
18:34:17.0624 4624  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1832800, BlocksNum 0x23BFBAB0
18:34:17.0624 4624  \Device\Harddisk1\DR1:
18:34:17.0624 4624  MBR partitions:
18:34:17.0624 4624  \Device\Harddisk1\DR1\Partition1: MBR, Type 0xB, StartLBA 0x8, BlocksNum 0x777FF8
18:34:17.0624 4624  ============================================================
18:34:17.0655 4624  C: <-> \Device\Harddisk0\DR0\Partition2
18:34:17.0655 4624  ============================================================
18:34:17.0655 4624  Initialize success
18:34:17.0655 4624  ============================================================
18:36:24.0288 5100  ============================================================
18:36:24.0288 5100  Scan started
18:36:24.0288 5100  Mode: Manual;
18:36:24.0288 5100  ============================================================
18:36:25.0240 5100  ================ Scan system memory ========================
18:36:25.0240 5100  System memory - ok
18:36:25.0240 5100  ================ Scan services =============================
18:36:25.0505 5100  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
18:36:25.0505 5100  1394ohci - ok
18:36:25.0568 5100  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
18:36:25.0568 5100  ACPI - ok
18:36:25.0599 5100  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
18:36:25.0599 5100  AcpiPmi - ok
18:36:25.0770 5100  [ 9942DC4CC265CDA00486504444EF521D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
18:36:25.0770 5100  AdobeFlashPlayerUpdateSvc - ok
18:36:25.0833 5100  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
18:36:25.0848 5100  adp94xx - ok
18:36:25.0895 5100  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
18:36:25.0895 5100  adpahci - ok
18:36:25.0926 5100  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
18:36:25.0926 5100  adpu320 - ok
18:36:25.0958 5100  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
18:36:25.0958 5100  AeLookupSvc - ok
18:36:26.0036 5100  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
18:36:26.0036 5100  AFD - ok
18:36:26.0098 5100  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
18:36:26.0098 5100  agp440 - ok
18:36:26.0114 5100  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
18:36:26.0114 5100  ALG - ok
18:36:26.0160 5100  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
18:36:26.0160 5100  aliide - ok
18:36:26.0176 5100  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
18:36:26.0176 5100  amdide - ok
18:36:26.0223 5100  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
18:36:26.0223 5100  AmdK8 - ok
18:36:26.0238 5100  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
18:36:26.0238 5100  AmdPPM - ok
18:36:26.0301 5100  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
18:36:26.0301 5100  amdsata - ok
18:36:26.0348 5100  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
18:36:26.03



#4 eriefairy

eriefairy
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:16 PM

Posted 03 March 2013 - 07:36 PM

18:34:15.0736 4624  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
18:34:16.0189 4624  ============================================================
18:34:16.0189 4624  Current date / time: 2013/03/03 18:34:16.0189
18:34:16.0189 4624  SystemInfo:
18:34:16.0189 4624 
18:34:16.0189 4624  OS Version: 6.1.7601 ServicePack: 1.0
18:34:16.0189 4624  Product type: Workstation
18:34:16.0189 4624  ComputerName: ERIEFAIRY
18:34:16.0189 4624  UserName: Chris
18:34:16.0189 4624  Windows directory: C:\Windows
18:34:16.0189 4624  System windows directory: C:\Windows
18:34:16.0189 4624  Running under WOW64
18:34:16.0189 4624  Processor architecture: Intel x64
18:34:16.0189 4624  Number of processors: 2
18:34:16.0189 4624  Page size: 0x1000
18:34:16.0189 4624  Boot type: Normal boot
18:34:16.0189 4624  ============================================================
18:34:17.0156 4624  BG loaded
18:34:17.0624 4624  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:34:17.0624 4624  Drive \Device\Harddisk1\DR1 - Size: 0xEF000000 (3.73 Gb), SectorSize: 0x200, Cylinders: 0x1E7, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
18:34:17.0624 4624  ============================================================
18:34:17.0624 4624  \Device\Harddisk0\DR0:
18:34:17.0624 4624  MBR partitions:
18:34:17.0624 4624  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1800800, BlocksNum 0x32000
18:34:17.0624 4624  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1832800, BlocksNum 0x23BFBAB0
18:34:17.0624 4624  \Device\Harddisk1\DR1:
18:34:17.0624 4624  MBR partitions:
18:34:17.0624 4624  \Device\Harddisk1\DR1\Partition1: MBR, Type 0xB, StartLBA 0x8, BlocksNum 0x777FF8
18:34:17.0624 4624  ============================================================
18:34:17.0655 4624  C: <-> \Device\Harddisk0\DR0\Partition2
18:34:17.0655 4624  ============================================================
18:34:17.0655 4624  Initialize success
18:34:17.0655 4624  ============================================================
18:36:24.0288 5100  ============================================================
18:36:24.0288 5100  Scan started
18:36:24.0288 5100  Mode: Manual;
18:36:24.0288 5100  ============================================================
18:36:25.0240 5100  ================ Scan system memory ========================
18:36:25.0240 5100  System memory - ok
18:36:25.0240 5100  ================ Scan services =============================
18:36:25.0505 5100  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
18:36:25.0505 5100  1394ohci - ok
18:36:25.0568 5100  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
18:36:25.0568 5100  ACPI - ok
18:36:25.0599 5100  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
18:36:25.0599 5100  AcpiPmi - ok
18:36:25.0770 5100  [ 9942DC4CC265CDA00486504444EF521D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
18:36:25.0770 5100  AdobeFlashPlayerUpdateSvc - ok
18:36:25.0833 5100  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
18:36:25.0848 5100  adp94xx - ok
18:36:25.0895 5100  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
18:36:25.0895 5100  adpahci - ok
18:36:25.0926 5100  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
18:36:25.0926 5100  adpu320 - ok
18:36:25.0958 5100  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
18:36:25.0958 5100  AeLookupSvc - ok
18:36:26.0036 5100  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
18:36:26.0036 5100  AFD - ok
18:36:26.0098 5100  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
18:36:26.0098 5100  agp440 - ok
18:36:26.0114 5100  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
18:36:26.0114 5100  ALG - ok
18:36:26.0160 5100  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
18:36:26.0160 5100  aliide - ok
18:36:26.0176 5100  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
18:36:26.0176 5100  amdide - ok
18:36:26.0223 5100  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
18:36:26.0223 5100  AmdK8 - ok
18:36:26.0238 5100  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
18:36:26.0238 5100  AmdPPM - ok
18:36:26.0301 5100  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
18:36:26.0301 5100  amdsata - ok
18:36:26.0348 5100  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
18:36:26.0348 5100  amdsbs - ok
18:36:26.0363 5100  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
18:36:26.0363 5100  amdxata - ok
18:36:26.0441 5100  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
18:36:26.0441 5100  AppID - ok
18:36:26.0472 5100  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
18:36:26.0472 5100  AppIDSvc - ok
18:36:26.0504 5100  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
18:36:26.0504 5100  Appinfo - ok
18:36:26.0660 5100  [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:36:26.0675 5100  Apple Mobile Device - ok
18:36:26.0738 5100  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
18:36:26.0738 5100  arc - ok
18:36:26.0753 5100  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
18:36:26.0753 5100  arcsas - ok
18:36:26.0800 5100  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
18:36:26.0800 5100  AsyncMac - ok
18:36:26.0831 5100  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
18:36:26.0831 5100  atapi - ok
18:36:26.0894 5100  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:36:26.0909 5100  AudioEndpointBuilder - ok
18:36:26.0972 5100  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
18:36:26.0972 5100  AudioSrv - ok
18:36:27.0065 5100  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
18:36:27.0065 5100  AxInstSV - ok
18:36:27.0128 5100  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
18:36:27.0128 5100  b06bdrv - ok
18:36:27.0174 5100  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
18:36:27.0190 5100  b57nd60a - ok
18:36:27.0238 5100  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
18:36:27.0238 5100  BDESVC - ok
18:36:27.0300 5100  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
18:36:27.0300 5100  Beep - ok
18:36:27.0394 5100  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
18:36:27.0394 5100  BFE - ok
18:36:27.0456 5100  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
18:36:27.0472 5100  BITS - ok
18:36:27.0519 5100  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
18:36:27.0519 5100  blbdrive - ok
18:36:27.0659 5100  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
18:36:27.0659 5100  Bonjour Service - ok
18:36:27.0721 5100  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
18:36:27.0721 5100  bowser - ok
18:36:27.0784 5100  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:36:27.0784 5100  BrFiltLo - ok
18:36:27.0799 5100  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:36:27.0799 5100  BrFiltUp - ok
18:36:27.0846 5100  [ C711ED965009BDCFF9AA62CEB6FF1AAD ] Brother XP spl Service C:\Windows\SysWOW64\brsvc01a.exe
18:36:27.0862 5100  Brother XP spl Service - ok
18:36:27.0877 5100  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
18:36:27.0893 5100  Browser - ok
18:36:27.0909 5100  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
18:36:27.0924 5100  Brserid - ok
18:36:27.0940 5100  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
18:36:27.0940 5100  BrSerWdm - ok
18:36:27.0955 5100  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
18:36:27.0955 5100  BrUsbMdm - ok
18:36:27.0971 5100  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
18:36:27.0971 5100  BrUsbSer - ok
18:36:28.0018 5100  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
18:36:28.0018 5100  BTHMODEM - ok
18:36:28.0049 5100  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
18:36:28.0049 5100  bthserv - ok
18:36:28.0096 5100  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
18:36:28.0096 5100  cdfs - ok
18:36:28.0159 5100  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\drivers\cdrom.sys
18:36:28.0159 5100  cdrom - ok
18:36:28.0206 5100  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
18:36:28.0206 5100  CertPropSvc - ok
18:36:28.0237 5100  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
18:36:28.0237 5100  circlass - ok
18:36:28.0253 5100  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
18:36:28.0268 5100  CLFS - ok
18:36:28.0378 5100  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:36:28.0378 5100  clr_optimization_v2.0.50727_32 - ok
18:36:28.0424 5100  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:36:28.0440 5100  clr_optimization_v2.0.50727_64 - ok
18:36:28.0518 5100  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:36:28.0518 5100  clr_optimization_v4.0.30319_32 - ok
18:36:28.0534 5100  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:36:28.0549 5100  clr_optimization_v4.0.30319_64 - ok
18:36:28.0580 5100  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
18:36:28.0596 5100  CmBatt - ok
18:36:28.0612 5100  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
18:36:28.0612 5100  cmdide - ok
18:36:28.0643 5100  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
18:36:28.0658 5100  CNG - ok
18:36:28.0721 5100  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
18:36:28.0721 5100  Compbatt - ok
18:36:28.0768 5100  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
18:36:28.0783 5100  CompositeBus - ok
18:36:28.0799 5100  COMSysApp - ok
18:36:28.0830 5100  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
18:36:28.0830 5100  crcdisk - ok
18:36:28.0877 5100  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
18:36:28.0892 5100  CryptSvc - ok
18:36:29.0002 5100  [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc          C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
18:36:29.0002 5100  cvhsvc - ok
18:36:29.0048 5100  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
18:36:29.0064 5100  DcomLaunch - ok
18:36:29.0095 5100  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
18:36:29.0095 5100  defragsvc - ok
18:36:29.0158 5100  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
18:36:29.0158 5100  DfsC - ok
18:36:29.0204 5100  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
18:36:29.0204 5100  Dhcp - ok
18:36:29.0251 5100  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
18:36:29.0251 5100  discache - ok
18:36:29.0298 5100  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
18:36:29.0298 5100  Disk - ok
18:36:29.0392 5100  [ D5BCB77BE83CF99F508943945D46343D ] DKbFltr         C:\Windows\SysWOW64\Drivers\DKbFltr.sys
18:36:29.0392 5100  DKbFltr - ok
18:36:29.0407 5100  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
18:36:29.0407 5100  Dnscache - ok
18:36:29.0438 5100  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
18:36:29.0438 5100  dot3svc - ok
18:36:29.0470 5100  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
18:36:29.0470 5100  DPS - ok
18:36:29.0516 5100  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
18:36:29.0516 5100  drmkaud - ok
18:36:29.0594 5100  [ EDF7343ACAAB182C082F26EA97706E83 ] DsiWMIService   C:\Program Files (x86)\Launch Manager\dsiwmis.exe
18:36:29.0594 5100  DsiWMIService - ok
18:36:29.0641 5100  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
18:36:29.0657 5100  DXGKrnl - ok
18:36:29.0782 5100  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
18:36:29.0782 5100  EapHost - ok
18:36:29.0891 5100  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
18:36:29.0922 5100  ebdrv - ok
18:36:29.0953 5100  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
18:36:29.0953 5100  EFS - ok
18:36:30.0062 5100  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
18:36:30.0078 5100  ehRecvr - ok
18:36:30.0109 5100  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
18:36:30.0109 5100  ehSched - ok
18:36:30.0156 5100  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
18:36:30.0156 5100  elxstor - ok
18:36:30.0250 5100  [ 3C07BC9529507A6FF3C336B5DADCA2C6 ] ePowerSvc       C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
18:36:30.0250 5100  ePowerSvc - ok
18:36:30.0265 5100  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
18:36:30.0265 5100  ErrDev - ok
18:36:30.0374 5100  esgiguard - ok
18:36:30.0484 5100  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
18:36:30.0484 5100  EventSystem - ok
18:36:30.0515 5100  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
18:36:30.0515 5100  exfat - ok
18:36:30.0530 5100  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
18:36:30.0530 5100  fastfat - ok
18:36:30.0608 5100  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
18:36:30.0608 5100  Fax - ok
18:36:30.0640 5100  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
18:36:30.0640 5100  fdc - ok
18:36:30.0671 5100  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
18:36:30.0671 5100  fdPHost - ok
18:36:30.0686 5100  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
18:36:30.0686 5100  FDResPub - ok
18:36:30.0702 5100  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
18:36:30.0718 5100  FileInfo - ok
18:36:30.0733 5100  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
18:36:30.0733 5100  Filetrace - ok
18:36:30.0749 5100  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
18:36:30.0749 5100  flpydisk - ok
18:36:30.0811 5100  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
18:36:30.0811 5100  FltMgr - ok
18:36:30.0874 5100  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\Windows\system32\FntCache.dll
18:36:30.0889 5100  FontCache - ok
18:36:30.0936 5100  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:36:30.0936 5100  FontCache3.0.0.0 - ok
18:36:30.0952 5100  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
18:36:30.0952 5100  FsDepends - ok
18:36:30.0983 5100  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
18:36:30.0983 5100  Fs_Rec - ok
18:36:31.0045 5100  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
18:36:31.0045 5100  fvevol - ok
18:36:31.0076 5100  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
18:36:31.0076 5100  gagp30kx - ok
18:36:31.0186 5100  [ C44D560E441F091EA3B72F778EC60DE2 ] GameConsoleService C:\Program Files (x86)\Acer Games\Acer Game Console\GameConsoleService.exe
18:36:31.0186 5100  GameConsoleService - ok
18:36:31.0232 5100  [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:36:31.0248 5100  GEARAspiWDM - ok
18:36:31.0279 5100  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
18:36:31.0310 5100  gpsvc - ok
18:36:31.0404 5100  [ 816FD5A6F3C2F3D600900096632FC60E ] Greg_Service    C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
18:36:31.0420 5100  Greg_Service - ok
18:36:31.0544 5100  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:36:31.0544 5100  gupdate - ok
18:36:31.0591 5100  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:36:31.0591 5100  gupdatem - ok
18:36:31.0622 5100  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
18:36:31.0622 5100  hcw85cir - ok
18:36:31.0685 5100  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:36:31.0685 5100  HdAudAddService - ok
18:36:31.0732 5100  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
18:36:31.0732 5100  HDAudBus - ok
18:36:31.0747 5100  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
18:36:31.0747 5100  HidBatt - ok
18:36:31.0778 5100  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
18:36:31.0778 5100 %



#5 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:16 PM

Posted 03 March 2013 - 07:46 PM

Please post the last few lines of TDSSkiller log alone.Ignore ASWMBR and ESET temporarily

 


Farbar's MiniToolBox

--------------------

  • Please download MiniToolBox, save it to your desktop
  • Please close any Firefox browsers you may have open
  • Double click the icon to launch the program
  • Make sure the following options are checked:

    • Flush DNS
    • Report IE Proxy Settings
    • Reset IE Proxy Settings
    • Report FF Proxy Settings
    • Reset FF Proxy Settings
    • List content of Hosts
    • List IP configuration
    • List Winsock Entries
    • List last 10 Event Viewer log
    • List Installed Programs
    • List Devices
    • List Users, Partitions and Memory size.
  • Click Go and once the scan is completed a Result.txt Notepad document will open on your desktop
  • Please copy and paste the contents in your reply


===================================================


Farbar's Service Scanner

--------------------

Please download Farbar Service Scanner, save it to your desktop, and run it.

  • Make sure the following options are checked:

    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users