Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unsigned Files detected by TDSS Killer


  • Please log in to reply
27 replies to this topic

#1 Regvard

Regvard

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:27 AM

Posted 07 December 2013 - 08:20 PM

Hey guys,

 

My system seems to be running normaIly, I have Kaspersky Anti-Virus running, do semi-regular scans with Spybot and and Eset online scanner and have Comodo Firewall installed with custom rules. Anyway, today I decided to do a Kaspersky TDSS scan with all the paramaters checked. It has found lots of unsigned files.

 

Services like:

 

AJQVF

TCAIXIMCNL

TLZ

FUNFRM

FUSSVC

GIVEIO

IDRIVERT

SECDRV

Te.Service

USBAAPL

vsbus

vserial

 

Should I be worried? Am I infected?


Edited by Regvard, 07 December 2013 - 08:20 PM.


BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:08:27 PM

Posted 07 December 2013 - 08:35 PM

Welcome aboard p22002758.gif

 

At least couple of them look suspicious:

AJQVF

TCAIXIMCNL

 

p22002970.gif Download Security Check from here or here and save it to your Desktop.

  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.

p22002970.gif Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


p22002970.gif Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices (do NOT change any settings here)
  • List Users, Partitions and Memory size

Click Go and post the result.

p22002970.gif Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

p22002970.gifDownload Malwarebytes Anti-Rootkit from HERE to your Desktop.
  • Unzip downloaded file.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • DO NOT click on the Cleanup button. Simply exit the program.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt


p22002970.gif Please download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.


If normal mode still doesn't work, run the tool from safe mode.

When the scan is done Notepad will open with rKill log.
Post it in your next reply.

NOTE. rKill.txt log will also be present on your desktop.

NOTE Do NOT wrap your logs in "quote" or "code" brackets.


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 Regvard

Regvard
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:27 AM

Posted 07 December 2013 - 08:58 PM

Security Check

 

Results of screen317's Security Check version 0.99.77  
 Windows 7 Service Pack 1 x86 (UAC is disabled!)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Security Center service is not running! This report may not be accurate!
Kaspersky Anti-Virus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 MVPS Hosts File  
 SpywareBlaster 5.0    
 Spybot - Search & Destroy
 HostsMan 4.0.87 Beta8   
 Malwarebytes Anti-Malware version 1.70.0.1100  
 Out of date Malwarebytes Anti-Malware installed!
 CCleaner     
 Java 7 Update 25  
 Visual Studio Extensions for Windows Library for JavaScript
 Java version out of Date!
 Adobe Flash Player     11.8.800.94  
 Adobe Reader XI  
 Mozilla Firefox (25.0.1)
 Mozilla Thunderbird (24.1.1)
````````Process Check: objlist.exe by Laurent````````  
 Comodo Firewall cmdagent.exe
 Comodo Firewall cfp.exe
 Kaspersky Lab Kaspersky Anti-Virus 6.0 for Windows Workstations MP4 avp.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 5%
````````````````````End of Log``````````````````````

 

PS: I have turned the security center and update service etc. off myself.

 

Farbar

 

Farbar Service Scanner Version: 05-12-2013
Ran by orhang2 (administrator) on 08-12-2013 at 03:46:12
Running from "C:\Users\orhang2\Desktop"
Microsoft Windows 7 Ultimate  Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Attempt to access Local Host IP returned error: Localhost is blocked: Destination is offline
LAN connected.
Attempt to access Google IP returned error. Google IP is offline
Attempt to access Google.com returned error: Google.com is offline
Attempt to access Yahoo.com returned error: Yahoo.com is offline


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is set to Demand. The default start type is Auto.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.


Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is set to Disabled. The default start type is 3.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.


System Restore Disabled Policy:
========================


Action Center:
============

wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is set to Demand. The default start type is Auto.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is set to Disabled. The default start type is Auto.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.

BITS Service is not running. Checking service configuration:
The start type of BITS service is set to Disabled. The default start type is Auto.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Disabled. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll => MD5 is legit
C:\Windows\system32\iphlpsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

 

Minitoolbox

 

MiniToolBox by Farbar  Version: 13-07-2013
Ran by orhang2 (administrator) on 08-12-2013 at 03:50:36
Running from "C:\Users\orhang2\Desktop"
Microsoft Windows 7 Ultimate  Service Pack 1 (X86)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

"network.proxy.backup.ftp", ""
"network.proxy.backup.ftp_port", 0
"network.proxy.backup.socks", ""
"network.proxy.backup.socks_port", 0
"network.proxy.backup.ssl", ""
"network.proxy.backup.ssl_port", 0
"network.proxy.ftp", "72.64.146.136"
"network.proxy.ftp_port", 3128
"network.proxy.http", "72.64.146.136"
"network.proxy.http_port", 3128
"network.proxy.share_proxy_settings", true
"network.proxy.socks", "72.64.146.136"
"network.proxy.socks_port", 3128
"network.proxy.ssl", "72.64.146.136"
"network.proxy.ssl_port", 3128
"network.proxy.type", 0
========================= Hosts content: =================================

127.0.0.1 fr.a2dfp.net m.fr.a2dfp.net ad.a8.net asy.a8ww.net abcstats.com a.abv.bg adserver.abv.bg adv.abv.bg bimg.abv.bg
127.0.0.1 ca.abv.bg www2.a-counter.kiev.ua track.acclaimnetwork.com accuserveadsystem.com www.accuserveadsystem.com achmedia.com aconti.net secure.aconti.net www.aconti.net
127.0.0.1 csh.actiondesk.com www.activemeter.com ads.activepower.net stat.active24stats.nl cms.ad2click.nl ad2games.com ads.ad2games.com content.ad20.net core.ad20.net
127.0.0.1 banner.ad.nu cl21.v4.adaction.se adadvisor.net tag1.adaptiveads.com www.adbanner.ro wad.adbasket.net ad.pop1.adbn.ru ad.top1.adbn.ru ad.rich1.adbn.ru
127.0.0.1 james.adbutler.de www.adbutler.de www.adchimp.com show.adclick.lv www.adclick.lv ad-clix.com www.ad-clix.com servedby.adcombination.com adcomplete.com
127.0.0.1 www.adcomplete.com static.uk.addynamo.com www.adeos.eu pt.server1.adexit.com www.adexit.com cdn2.adexprt.com 222-33544_999.pub.adfirmative.com c.adfirmative.com premium.adfirmative.com
127.0.0.1 www.adfirmative.com track.adform.net ads.adfox.ru gazeta.adfox.ru media.adfrontiers.com astw.adgear.com dstw.adgear.com www.adgitize.com www.ad-groups.com
127.0.0.1 adhall.com adhitzads.com ssl3.adhost.com www2.adhost.com mztag.ad-indicator.com adfarm1.adition.com imagesrv.adition.com ad.adition.net hosting.adjug.com
127.0.0.1 tracking.adjug.com aj.adjungle.com adsearch.adkontekst.pl www.adlantis.jp publicidad.adlead.com www.adlimg03.com regio.adlink.de west.adlink.de rc.de.adlink.net
127.0.0.1 tr.de.adlink.net adloyal.pl n.admagnet.net ad-maker.net ads3.adman.gr r2d2.adman.gr ad.admamba.com admarket.cz www.admarket.cz
127.0.0.1 admedien.com www.admedien.com js.admeld.com tag.admeld.com apps.admission.net appcache.admission.net view.admission.net www.ad.admitad.com ad.admixer.net
127.0.0.1 rms.admeta.com ads.admodus.com assets3.admulti.com go.admulti.com s.admulti.com ad.adnet.biz ad.adnetwork.com.br img.adnet.com.tr www.ad-net.co.uk
127.0.0.1 adnext.fr tt11.adobe.com ace.adoftheyear.com ad01.adonspot.com ad02.adonspot.com www.adoperator.com www.adperium.com img.adplan-ds.com e.adpower.bg
127.0.0.1 ab.adpro.com.ua system.adquick.nl www.adquest.nl ad.adrent.net pop.adrent.net adroll.com jsad1.adsflip.com www.adsurve.com www.ad-purge.com
127.0.0.1 cntr.adrime.com images.adrime.com ad.adriver.ru content.adriver.ru r.adrolays.de www.adrotate.net serv.ad-rotator.com delivery.ads-creativesyndicator.com adsbg.info
127.0.0.1 antevenio.flux.ads-click.com rh.adscale.de www.adsxchange.lv assets.adtaily.com fusion.adtoma.com engage2.advanstar.com ds.advg.jp m.adx.bg delivery.adyea.com
127.0.0.1 img.ads-click.com www.adshost2.com ad.ads.dk tdkads.ads.dk js.adscale.de ih.adscale.de adscendmedia.com adservicedomain.info adsfac.net
127.0.0.1 images.adshuffle.com this.content.served.by.adshuffle.com adsfac.eu ad.ad-srv.net www.adshot.de allchix.adsmax.com www2.adsmax.com www.adspace.be ads.adsponse.de
127.0.0.1 adserve.adster.com images.adster.com openx.adtext.ro ads.adtiger.de www.adtiger.de ad.adtoma.com dot.adtotal.pl rek.adtotal.pl www.adtrade.net

There are 10349 more lines starting with "127.0.0.1"

========================= IP Configuration: ================================

Intel® WiFi Link 5100 AGN = Skynet (Connected)
Broadcom NetLink ™ Fast Ethernet = Local Area Connection (Media disconnected)
Bluetooth Device (Personal Area Network) = Bluetooth Network Connection (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
add route prefix=0.0.0.0/0 interface="Skynet" nexthop=192.168.1.1 metric=1 publish=Yes
set subinterface interface=?$ subinterface=wireless_0 mtu=1500


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : Goktug-PC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : sabanciuniv.edu

Wireless LAN adapter Wireless Network Connection 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
   Physical Address. . . . . . . . . : 00-22-FA-CA-24-75
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Bluetooth Network Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
   Physical Address. . . . . . . . . : 00-24-2C-D8-0E-9A
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Skynet:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel® WiFi Link 5100 AGN
   Physical Address. . . . . . . . . : 00-22-FA-CA-24-74
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::8daf:5911:85c5:c8d8%11(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.2(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : 08 Aralik 2013 Pazar 02:57:23
   Lease Expires . . . . . . . . . . : 09 Aralik 2013 Pazartesi 02:57:24
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 218112762
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-A0-3B-52-00-23-5A-6D-0D-94
   DNS Servers . . . . . . . . . . . : 8.8.8.8
                                       8.8.4.4
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Broadcom NetLink ™ Fast Ethernet
   Physical Address. . . . . . . . . : 00-23-5A-6D-0D-94
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{0676FCB5-87A3-4217-8FDF-E6C5B1552C55}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Reusable ISATAP Interface {F178A9E5-3153-4EE8-9717-C5DB8F361EE6}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
DNS request timed out.
    timeout was 2 seconds.
Server:  UnKnown
Address:  8.8.8.8

DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.

Pinging google.com [173.194.70.113] with 32 bytes of data:
Reply from 173.194.70.113: bytes=32 time=77ms TTL=47
General failure.

Ping statistics for 173.194.70.113:
    Packets: Sent = 2, Received = 1, Lost = 1 (50% loss),
Approximate round trip times in milli-seconds:
    Minimum = 77ms, Maximum = 77ms, Average = 77ms
DNS request timed out.
    timeout was 2 seconds.
Server:  UnKnown
Address:  8.8.8.8

DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.

Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=178ms TTL=51
General failure.

Ping statistics for 98.139.183.24:
    Packets: Sent = 2, Received = 1, Lost = 1 (50% loss),
Approximate round trip times in milli-seconds:
    Minimum = 178ms, Maximum = 178ms, Average = 178ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
General failure.

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 1, Lost = 1 (50% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 18...00 22 fa ca 24 75 ......Microsoft Virtual WiFi Miniport Adapter
 13...00 24 2c d8 0e 9a ......Bluetooth Device (Personal Area Network)
 11...00 22 fa ca 24 74 ......Intel® WiFi Link 5100 AGN
 10...00 23 5a 6d 0d 94 ......Broadcom NetLink ™ Fast Ethernet
  1...........................Software Loopback Interface 1
 16...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 15...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
 20...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1      192.168.1.2     26
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link       192.168.1.2    281
      192.168.1.2  255.255.255.255         On-link       192.168.1.2    281
    192.168.1.255  255.255.255.255         On-link       192.168.1.2    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link       192.168.1.2    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link       192.168.1.2    281
===========================================================================
Persistent Routes:
  Network Address          Netmask  Gateway Address  Metric
          0.0.0.0          0.0.0.0      192.168.1.1       1
===========================================================================

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
 11    281 fe80::/64                On-link
 11    281 fe80::8daf:5911:85c5:c8d8/128
                                    On-link
  1    306 ff00::/8                 On-link
 11    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\system32\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\system32\wshbth.dll [36352] (Microsoft Corporation)
Catalog5 06 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 07 C:\Windows\system32\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 26 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 27 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 28 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 29 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 30 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 31 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 32 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 33 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (12/08/2013 00:29:01 AM) (Source: Application Error) (User: )
Description: Faulting application name: Morrowind.exe, version: 1.6.0.1820, time stamp: 0x3ef35891
Faulting module name: Morrowind.exe, version: 1.6.0.1820, time stamp: 0x3ef35891
Exception code: 0xc0000005
Fault offset: 0x002aafac
Faulting process id: 0xd8c
Faulting application start time: 0xMorrowind.exe0
Faulting application path: Morrowind.exe1
Faulting module path: Morrowind.exe2
Report Id: Morrowind.exe3

Error: (12/07/2013 11:16:20 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (12/07/2013 11:16:19 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (12/07/2013 06:57:05 PM) (Source: Application Error) (User: )
Description: Faulting application name: Morrowind.exe, version: 1.6.0.1820, time stamp: 0x3ef35891
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0xd8082444
Faulting process id: 0x2ac
Faulting application start time: 0xMorrowind.exe0
Faulting application path: Morrowind.exe1
Faulting module path: Morrowind.exe2
Report Id: Morrowind.exe3

Error: (12/06/2013 09:14:17 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (12/06/2013 09:14:17 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (12/06/2013 04:56:15 PM) (Source: Application Error) (User: )
Description: Faulting application name: Morrowind.exe, version: 1.6.0.1820, time stamp: 0x3ef35891
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x4e4f4c45
Faulting process id: 0xc14
Faulting application start time: 0xMorrowind.exe0
Faulting application path: Morrowind.exe1
Faulting module path: Morrowind.exe2
Report Id: Morrowind.exe3

Error: (12/06/2013 03:26:18 PM) (Source: Application Error) (User: )
Description: Faulting application name: Morrowind.exe, version: 1.6.0.1820, time stamp: 0x3ef35891
Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec49b60
Exception code: 0xc0000005
Fault offset: 0x0002c3eb
Faulting process id: 0x71c
Faulting application start time: 0xMorrowind.exe0
Faulting application path: Morrowind.exe1
Faulting module path: Morrowind.exe2
Report Id: Morrowind.exe3

Error: (12/06/2013 01:27:31 PM) (Source: Application Error) (User: )
Description: Faulting application name: Morrowind.exe, version: 1.6.0.1820, time stamp: 0x3ef35891
Faulting module name: Morrowind.exe, version: 1.6.0.1820, time stamp: 0x3ef35891
Exception code: 0xc0000005
Fault offset: 0x002aafc9
Faulting process id: 0x118
Faulting application start time: 0xMorrowind.exe0
Faulting application path: Morrowind.exe1
Faulting module path: Morrowind.exe2
Report Id: Morrowind.exe3

Error: (12/06/2013 01:06:00 AM) (Source: Application Error) (User: )
Description: Faulting application name: Morrowind.exe, version: 1.6.0.1820, time stamp: 0x3ef35891
Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec49b60
Exception code: 0xc0000005
Fault offset: 0x0002c3eb
Faulting process id: 0xb28
Faulting application start time: 0xMorrowind.exe0
Faulting application path: Morrowind.exe1
Faulting module path: Morrowind.exe2
Report Id: Morrowind.exe3


System errors:
=============
Error: (12/08/2013 03:00:15 AM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:
%%1058

Error: (12/08/2013 02:59:54 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.

Error: (12/08/2013 02:57:20 AM) (Source: Microsoft-Windows-LanguagePackSetup) (User: NT AUTHORITY)
Description: Failed to start language pack setup wizard. Please restart the system and try running the wizard again.

Error: (12/08/2013 02:57:20 AM) (Source: Microsoft-Windows-LanguagePackSetup) (User: NT AUTHORITY)
Description: CBS Client initialization failed. Last error: 0x80070422

Error: (12/08/2013 02:57:08 AM) (Source: volmgr) (User: )
Description: Crash dump initialization failed!

Error: (12/08/2013 02:56:57 AM) (Source: volmgr) (User: )
Description: Crash dump initialization failed!

Error: (12/08/2013 02:56:57 AM) (Source: volmgr) (User: )
Description: Crash dump initialization failed!

Error: (12/08/2013 02:44:56 AM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:
%%1058

Error: (12/08/2013 02:41:06 AM) (Source: Microsoft-Windows-LanguagePackSetup) (User: NT AUTHORITY)
Description: Failed to start language pack setup wizard. Please restart the system and try running the wizard again.

Error: (12/08/2013 02:41:06 AM) (Source: Microsoft-Windows-LanguagePackSetup) (User: NT AUTHORITY)
Description: CBS Client initialization failed. Last error: 0x80070422


Microsoft Office Sessions:
=========================
Error: (12/08/2013 00:29:01 AM) (Source: Application Error)(User: )
Description: Morrowind.exe1.6.0.18203ef35891Morrowind.exe1.6.0.18203ef35891c0000005002aafacd8c01cef3990d0e30e6D:\Games\Bethesda Softworks\Morrowind\Morrowind.exeD:\Games\Bethesda Softworks\Morrowind\Morrowind.exef8608051-5f8e-11e3-a902-00235a6d0d94

Error: (12/07/2013 11:16:20 PM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\ia64\msvsmon.exe

Error: (12/07/2013 11:16:19 PM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x64\msvsmon.exe

Error: (12/07/2013 06:57:05 PM) (Source: Application Error)(User: )
Description: Morrowind.exe1.6.0.18203ef35891unknown0.0.0.000000000c0000005d80824442ac01cef36b9f9f3fabD:\Games\Bethesda Softworks\Morrowind\Morrowind.exeunknown99610c29-5f60-11e3-a902-00235a6d0d94

Error: (12/06/2013 09:14:17 PM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\ia64\msvsmon.exe

Error: (12/06/2013 09:14:17 PM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x64\msvsmon.exe

Error: (12/06/2013 04:56:15 PM) (Source: Application Error)(User: )
Description: Morrowind.exe1.6.0.18203ef35891unknown0.0.0.000000000c00000054e4f4c45c1401cef28f2f2ba11dD:\Games\Bethesda Softworks\Morrowind\Morrowind.exeunknown8dcf3eb8-5e86-11e3-a902-00235a6d0d94

Error: (12/06/2013 03:26:18 PM) (Source: Application Error)(User: )
Description: Morrowind.exe1.6.0.18203ef35891ntdll.dll6.1.7601.177254ec49b60c00000050002c3eb71c01cef28405c4a59eD:\Games\Bethesda Softworks\Morrowind\Morrowind.exeC:\Windows\SYSTEM32\ntdll.dllfc68a7b8-5e79-11e3-a902-00235a6d0d94

Error: (12/06/2013 01:27:31 PM) (Source: Application Error)(User: )
Description: Morrowind.exe1.6.0.18203ef35891Morrowind.exe1.6.0.18203ef35891c0000005002aafc911801cef27515f7c14bD:\Games\Bethesda Softworks\Morrowind\Morrowind.exeD:\Games\Bethesda Softworks\Morrowind\Morrowind.exe64caa8c4-5e69-11e3-a902-00235a6d0d94

Error: (12/06/2013 01:06:00 AM) (Source: Application Error)(User: )
Description: Morrowind.exe1.6.0.18203ef35891ntdll.dll6.1.7601.177254ec49b60c00000050002c3ebb2801cef20b3fa9cc1fD:\Games\Bethesda Softworks\Morrowind\Morrowind.exeC:\Windows\SYSTEM32\ntdll.dllce36fc4a-5e01-11e3-a902-00235a6d0d94


=========================== Installed Programs ============================

 Tools for .Net 3.5 (Version: 3.11.50727)
ABBYY FineReader 9.0 Professional Edition (Version: 9.00.724.5507)
Accelrys License Pack (Version: 7.6.7)
AdFender (Version: 1.60)
Adobe AIR (Version: 1.5.3.9120)
Adobe Community Help (Version: 3.0.0)
Adobe Flash Player 11 ActiveX (Version: 11.5.502.146)
Adobe Flash Player 11 Plugin (Version: 11.8.800.94)
Adobe Media Player (Version: 1.8)
Adobe Photoshop CS5 (Version: 12.0)
Adobe Reader XI (11.0.03) (Version: 11.0.03)
alien_crossfire
alpha_centauri
Auslogics Duplicate File Finder (Version: 2.5)
BannerRunner (Version: 3.0.2.2)
Betrayal Pack
Blend for Visual Studio 2012 (Version: 5.0.30709.0)
Blend for Visual Studio 2012 ENU resources (Version: 5.0.30709.0)
BOSS (Version: 2.1.1)
CCleaner (Version: 3.27)
COMODO Internet Security (Version: 5.12.59641.2599)
Company of Heroes - FAKEMSI (Version: 2.0.0.0)
Company of Heroes (Version: 2.602.0)
dBpoweramp Music Converter (Version: Release 14.2)
dBpoweramp Windows Media Audio 10 Codec (Version: Release 7)
Defraggler (Version: 2.12)
Dotfuscator and Analytics Community Edition (Version: 5.5.4521.29298)
Eastern Front (Version: 2.1.0.1)
EasyCapture
Entity Framework Designer for Visual Studio 2012 - enu (Version: 11.1.20702.00)
ESET Online Scanner v3
f.lux
Fallout Mod Manager 0.13.21
Fallout New Vegas
FileZilla Client 3.6.0.2 (Version: 3.6.0.2)
Folder Size 2.9.0.0 (Version: 2.9.0.0)
foobar2000 v1.2.9 (Version: 1.2.9)
Fraps
Google Update Helper (Version: 1.3.21.135)
HostsMan 4.0.87 Beta8 (Version: 4.0.87 Beta8)
IBM ILOG OPL 6.3
Icewind Dale II
IIS 8.0 Express (Version: 8.0.1557)
IIS Express Application Compatibility Database for x86
IWD 2 DDRAW FIX
Java 7 Update 25 (Version: 7.0.250)
Java Auto Updater (Version: 2.1.9.5)
JMicron Flash Media Controller Driver (Version: 1.0.31.3)
Kaspersky Anti-Virus 6.0 for Windows Workstations (Version: 6.0.4.1424)
K-Lite Mega Codec Pack 8.9.2 (Version: 8.9.2)
LocalESPC (Version: 8.59.25584)
LocalESPCui for en-us (Version: 8.59.25584)
Malwarebytes Anti-Malware version 1.70.0.1100 (Version: 1.70.0.1100)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 4 Multi-Targeting Pack (Version: 4.0.30319)
Microsoft .NET Framework 4.5 (Version: 4.5.50709)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (Version: 4.5.50709)
Microsoft .NET Framework 4.5 SDK (Version: 4.5.50709)
Microsoft Application Compatibility Toolkit 5.6 (Version: 5.6.7324.0)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools (Version: 2.0.50217.0)
Microsoft ASP.NET MVC 2 (Version: 2.0.50217.0)
Microsoft ASP.NET MVC 3 - Visual Studio 2012 Tools Update (Version: 3.0.30710.0)
Microsoft ASP.NET MVC 3 (Version: 3.0.20105.0)
Microsoft ASP.NET MVC 4 - Visual Studio 2012 Tools (Version: 4.0.20710.0)
Microsoft ASP.NET MVC 4 Runtime (Version: 4.0.20710.0)
Microsoft ASP.NET Web Pages - Visual Studio 2012 Tools (Version: 1.0.20710.0)
Microsoft ASP.NET Web Pages (Version: 1.0.20105.0)
Microsoft ASP.NET Web Pages 2 - Visual Studio 2012 Tools (Version: 2.0.20710.0)
Microsoft ASP.NET Web Pages 2 Runtime (Version: 2.0.20710.0)
Microsoft Help Viewer 1.1 (Version: 1.1.40219)
Microsoft Help Viewer 2.0 (Version: 2.0.50727)
Microsoft LightSwitch for Visual Studio 2012 Core (Version: 11.0.50727)
Microsoft LightSwitch for Visual Studio 2012 CoreRes - ENU (Version: 11.0.50727)
Microsoft NuGet - Visual Studio 2012 (Version: 2.0.30625.9003)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Portable Library Multi-Targeting Pack (Version: 11.0.50709.17929)
Microsoft Portable Library Multi-Targeting Pack Language Pack - enu (Version: 11.0.50709.17929)
Microsoft Report Viewer Add-On for Visual Studio 2012 (Version: 11.1.2802.16)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft Silverlight 3 SDK (Version: 3.0.40818.0)
Microsoft Silverlight 4 SDK (Version: 4.0.60310.0)
Microsoft Silverlight 5 SDK (Version: 5.0.61118.0)
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (BWDATOOLSET) (Version: 9.3.4035.00)
Microsoft SQL Server 2005 Tools Express Edition (Version: 9.3.4035.00)
Microsoft SQL Server 2008
Microsoft SQL Server 2008 Browser (Version: 10.1.2531.0)
Microsoft SQL Server 2008 Common Files (Version: 10.0.1600.22)
Microsoft SQL Server 2008 Common Files (Version: 10.1.2531.0)
Microsoft SQL Server 2008 Database Engine Services (Version: 10.1.2531.0)
Microsoft SQL Server 2008 Database Engine Shared (Version: 10.1.2531.0)
Microsoft SQL Server 2008 Native Client (Version: 10.1.2531.0)
Microsoft SQL Server 2008 R2 Data-Tier Application Framework (Version: 10.50.1750.9)
Microsoft SQL Server 2008 R2 Data-Tier Application Project (Version: 10.50.1750.9)
Microsoft SQL Server 2008 R2 Management Objects (Version: 10.50.1750.9)
Microsoft SQL Server 2008 R2 Transact-SQL Language Service (Version: 10.50.1750.9)
Microsoft SQL Server 2008 RsFx Driver (Version: 10.1.2531.0)
Microsoft SQL Server 2008 Setup Support Files  (Version: 10.1.2731.0)
Microsoft SQL Server 2012 Command Line Utilities  (Version: 11.0.2100.60)
Microsoft SQL Server 2012 Data-Tier App Framework  (Version: 11.0.2316.0)
Microsoft SQL Server 2012 Express LocalDB  (Version: 11.0.2100.60)
Microsoft SQL Server 2012 Management Objects  (Version: 11.0.2100.60)
Microsoft SQL Server 2012 Native Client  (Version: 11.0.2100.60)
Microsoft SQL Server 2012 Transact-SQL Compiler Service  (Version: 11.0.2100.60)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (Version: 11.0.2100.60)
Microsoft SQL Server 2012 T-SQL Language Service  (Version: 11.0.2100.60)
Microsoft SQL Server Compact 3.5 SP2 ENU (Version: 3.5.8080.0)
Microsoft SQL Server Compact 4.0 SP1 ENU (Version: 4.0.8876.1)
Microsoft SQL Server Data Tools - enu (11.1.20627.00) (Version: 11.1.20627.00)
Microsoft SQL Server Data Tools Build Utilities - enu (11.1.20627.00) (Version: 11.1.20627.00)
Microsoft SQL Server Database Publishing Wizard 1.4 (Version: 10.1.2512.8)
Microsoft SQL Server Native Client (Version: 9.00.4035.00)
Microsoft SQL Server Setup Support Files (English) (Version: 9.00.4035.00)
Microsoft SQL Server System CLR Types (Version: 10.50.1750.9)
Microsoft SQL Server VSS Writer (Version: 10.1.2531.0)
Microsoft Sync Framework Runtime v1.0 SP1 (x86) (Version: 1.0.3010.0)
Microsoft Sync Framework SDK v1.0 SP1 (Version: 1.0.3010.0)
Microsoft Sync Framework Services v1.0 SP1 (x86) (Version: 1.0.3010.0)
Microsoft Sync Services for ADO.NET v2.0 SP1 (x86) (Version: 2.0.3010.0)
Microsoft System CLR Types for SQL Server 2012 (Version: 11.0.2100.60)
Microsoft Team Foundation Server 2010 Object Model - ENU (Version: 10.0.40219)
Microsoft Visual C++  Compilers 2010 Standard - enu - x86 (Version: 10.0.40219)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (Version: 9.0.30729.4974)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2012 Compilers - ENU Resources (Version: 11.0.50727)
Microsoft Visual C++ 2012 Compilers (Version: 11.0.50727)
Microsoft Visual C++ 2012 Core Libraries (Version: 11.0.50727)
Microsoft Visual C++ 2012 Extended Libraries (Version: 11.0.50727)
Microsoft Visual C++ 2012 Microsoft Foundation Class Libraries (Version: 11.0.50727)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (Version: 11.0.50727)
Microsoft Visual C++ 2012 x86 Debug Runtime - 11.0.50727 (Version: 11.0.50727)
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (Version: 11.0.50727)
Microsoft Visual F# 2.0 Runtime (Version: 10.0.40219)
Microsoft Visual Studio 2005 Tools for Applications - ENU
Microsoft Visual Studio 2005 Tools for Applications - ENU (Version: 8.0.50727.146)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (Version: 10.0.40219)
Microsoft Visual Studio 2010 Office Developer Tools (x86) (Version: 10.0.40219)
Microsoft Visual Studio 2010 Office Developer Tools (x86) (Version: 11.0.50727)
Microsoft Visual Studio 2010 Performance Collection Tools SP1 - ENU (Version: 10.0.40219)
Microsoft Visual Studio 2010 Service Pack 1 (Version: 10.0.40219)
Microsoft Visual Studio 2010 SharePoint Developer Tools (Version: 10.0.40219)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (Version: 10.0.31125)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (Version: 10.0.31130)
Microsoft Visual Studio 2012 Devenv (Version: 11.0.50727)
Microsoft Visual Studio 2012 Devenv Resources (Version: 11.0.50727)
Microsoft Visual Studio 2012 IntelliTrace Core x86 (Version: 11.0.50727)
Microsoft Visual Studio 2012 IntelliTrace Front End x86 (Version: 11.0.50727)
Microsoft Visual Studio 2012 Performance Collection Tools - ENU (Version: 11.0.50727)
Microsoft Visual Studio 2012 Performance Collection Tools (Version: 11.0.50727)
Microsoft Visual Studio 2012 Preparation (Version: 11.0.50727)
Microsoft Visual Studio 2012 SharePoint Developer Tools (Version: 11.0.50727)
Microsoft Visual Studio 2012 SharePoint Developer Tools ENU Language Pack (Version: 11.0.50727)
Microsoft Visual Studio 2012 Shell (Minimum) (Version: 11.0.50727)
Microsoft Visual Studio 2012 Shell (Minimum) Interop Assemblies (Version: 11.0.50727)
Microsoft Visual Studio 2012 Shell (Minimum) Resources (Version: 11.0.50727)
Microsoft Visual Studio 2012 Tools for SQL Server Compact 4.0 SP1 ENU (Version: 4.0.8876.1)
Microsoft Visual Studio Macro Tools (Version: 9.0.30729)
Microsoft Visual Studio Premium 2012 - ENU (Version: 11.0.50727)
Microsoft Visual Studio Premium 2012 (Version: 11.0.50727)
Microsoft Visual Studio Professional 2012 - ENU (Version: 11.0.50727)
Microsoft Visual Studio Professional 2012 (Version: 11.0.50727)
Microsoft Visual Studio Team Foundation Server 2012 Object Model (Version: 11.0.50727)
Microsoft Visual Studio Team Foundation Server 2012 Object Model Language Pack - ENU (Version: 11.0.50727)
Microsoft Visual Studio Team Foundation Server 2012 Storyboarding (Version: 11.0.50727)
Microsoft Visual Studio Team Foundation Server 2012 Storyboarding Language Pack - ENU (Version: 11.0.50727)
Microsoft Visual Studio Team Foundation Server 2012 Team Explorer (Version: 11.0.50727)
Microsoft Visual Studio Team Foundation Server 2012 Team Explorer Language Pack - ENU (Version: 11.0.50727)
Microsoft Visual Studio Ultimate 2012 - ENU (Version: 11.0.50727)
Microsoft Visual Studio Ultimate 2012 (Version: 11.0.50727)
Microsoft Visual Studio Ultimate 2012 (Version: 11.0.50727.1)
Microsoft Visual Studio Ultimate 2012 XAML UI Designer Core (Version: 11.0.50727)
Microsoft Visual Studio Ultimate 2012 XAML UI Designer enu Resources (Version: 11.0.50727)
Microsoft Web Deploy 3.0 (Version: 3.1236.1631)
Microsoft Web Deploy dbSqlPackage Provider - enu (Version: 10.3.20225.0)
Microsoft Web Developer Tools - Visual Studio 2012 (Version: 1.0.30710.0)
Microsoft Web Platform Installer 4.0 (Version: 4.0.1622)
Microsoft WSE 3.0 Runtime (Version: 3.0.5305.0)
Microsoft XNA Framework Redistributable 3.1 (Version: 3.1.10527.0)
Microsoft XNA Framework Redistributable 4.0 Refresh (Version: 4.0.30901.0)
Microsoft_VC100_CRT_SP1_x86 (Version: 10.0.40219.1)
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053)
Microsoft_VC90_ATL_x86 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (Version: 1.00.0000)
Morrowind
Mozilla Firefox 25.0.1 (x86 en-US) (Version: 25.0.1)
Mozilla Thunderbird 24.1.1 (x86 en-GB) (Version: 24.1.1)
MPC-HC 1.7.0 (Version: 1.7.0.7858)
MSVC80_x86_v2 (Version: 1.0.3.0)
MSVC90_x86 (Version: 1.0.1.2)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Multi-Targeting Pack for the Microsoft .NET Framework 4.0.2 (KB2544526) (Version: 4.0.506)
Multi-Targeting Pack for the Microsoft .NET Framework 4.0.2 (Version: 4.0.506)
New Vegas Configator version 1.6 (Version: 1.6)
Norton Internet Security (Version: 17.5.0.127)
NVIDIA Control Panel 310.70 (Version: 310.70)
NVIDIA Graphics Driver 310.70 (Version: 310.70)
NVIDIA HD Audio Driver 1.3.12.0 (Version: 1.3.12.0)
NVIDIA Install Application (Version: 2.1002.95.599)
OpenAL
PDF Settings CS5 (Version: 10.0)
PeerBlock 1.1 (r518) (Version: 1.1.0.518)
PreEmptive Analytics Visual Studio Components (Version: 1.0.2180.1)
Prerequisites for SSDT  (Version: 11.0.2100.60)
PVSonyDll (Version: 1.00.0001)
qBittorrent 3.1.2 (Version: 3.1.2)
Recuva (Version: 1.44)
Reus (Version: 2.0.0.10)
Rosetta Stone Version 3 (Version: 3.4.5.0)
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.27.0)
Service Pack 1 for SQL Server 2008 (KB968369) (Version: 10.1.2531.0)
SES Driver (Version: 1.0.0)
Shadowrun Returns
Sid Meier's Alpha Centauri (Version: 2.0.0.19)
Sid Meier's Civilization 5
SolidWorks 2011 SP0 (Version: 19.100.5019)
SolidWorks 2011 Turkish Resources (Version: 19.100.5019)
SolidWorks eDrawings 2011 SP0 (Version: 11.0.720)
SolidWorks Explorer 2011 SP0 (Version: 19.00.5019)
Speccy (Version: 1.20)
SpeedFan (remove only)
Spybot - Search & Destroy (Version: 1.6.2)
SpywareBlaster 5.0 (Version: 5.0.0)
Sql Server Customer Experience Improvement Program (Version: 10.1.2531.0)
TES Construction Set
Thief Gold
Ultima Online 2D Client (Version: 5.0.9)
Update for  (KB2504637) (Version: 1)
Update for Microsoft .NET Framework 4.5 (KB2750147) (Version: 1)
Vampires - The Masquerade Bloodlines (Version: 1.0)
VirtualCloneDrive
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU (Version: 4.0.8080.0)
Visual Studio Extensions for Windows Library for JavaScript (Version: 1.0.8514.0)
WCF Data Services 5.0 (for OData v3) Primary Components (Version: 5.0.50628.0)
WCF Data Services Tools for Microsoft Visual Studio 2012 (Version: 5.0.50710.0)
WCF RIA Services V1.0 SP2 (Version: 4.1.61829.0)
Web Deployment Tool (Version: 1.1.0618)
WinDjView 2.0.2 (Version: 2.0.2)
Windows App Certification Kit Native Components (Version: 8.59.25584)
Windows App Certification Kit x86 (Version: 8.59.25584)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
Windows Runtime Intellisense Content - en-us (Version: 8.59.25584)
Windows Software Development Kit (Version: 8.59.25584)
Windows Software Development Kit DirectX x86 Remote (Version: 8.59.25584)
Windows Software Development Kit for Windows Store Apps (Version: 8.59.25584)
Windows Software Development Kit for Windows Store Apps DirectX x86 Remote (Version: 8.59.25584)
Winrar 3.93
Wolfram Mathematica 9 (M-WIN-L 9.0.1 4055652) (Version: 9.0.1)

========================= Devices: ================================

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


========================= Memory info: ===================================

Percentage of memory in use: 48%
Total physical RAM: 3066.57 MB
Available physical RAM: 1579.56 MB
Total Pagefile: 6131.42 MB
Available Pagefile: 4600.72 MB
Total Virtual: 2047.88 MB
Available Virtual: 1926.36 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:74.57 GB) (Free:35.68 GB) NTFS
2 Drive d: () (Fixed) (Total:223.52 GB) (Free:24.18 GB) NTFS

========================= Users: ========================================

User accounts for \\

Administrator            Guest                    orhang2                  


**** End of log ****
 



#4 Regvard

Regvard
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:27 AM

Posted 07 December 2013 - 09:11 PM

MBAM

 

Malwarebytes Anti-Malware (PRO) 1.70.0.1100
www.malwarebytes.org

Database version: v2013.12.07.08

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
orhang2 :: GOKTUG-PC [administrator]

Protection: Disabled

08.12.2013 04:04:26
mbam-log-2013-12-08 (04-04-26).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 243919
Time elapsed: 7 minute(s), 55 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 



#5 Regvard

Regvard
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:27 AM

Posted 07 December 2013 - 09:31 PM

Malwarebytes Anti-Rootkit BETA 1.07.0.1008

www.malwarebytes.org

 

Database version: v2013.12.07.08

 

Windows 7 Service Pack 1 x86 NTFS

Internet Explorer 9.0.8112.16421

orhang2 :: GOKTUG-PC [administrator]

 

08.12.2013 04:16:13

mbar-log-2013-12-08 (04-16-13).txt

 

Scan type: Quick scan

Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken

Scan options disabled:

Objects scanned: 247100

Time elapsed: 13 minute(s), 37 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

Physical Sectors Detected: 0

(No malicious items detected)

 

(end)

 

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.07.0.1008

 

© Malwarebytes Corporation 2011-2012

 

OS version: 6.1.7601 Windows 7 Service Pack 1 x86

 

Account is Administrative

 

Internet Explorer version: 9.0.8112.16421

 

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED

CPU speed: 1.995000 GHz

Memory total: 3215527936, free: 1536389120

 

Downloaded database version: v2013.12.07.08

Downloaded database version: v2013.10.11.02

=======================================

Initializing...

------------ Kernel report ------------

     12/08/2013 04:16:07

------------ Loaded modules -----------

\SystemRoot\system32\ntkrnlpa.exe

\SystemRoot\system32\halmacpi.dll

\SystemRoot\system32\kdcom.dll

\SystemRoot\system32\mcupdate_GenuineIntel.dll

\SystemRoot\system32\PSHED.dll

\SystemRoot\system32\BOOTVID.dll

\SystemRoot\system32\CLFS.SYS

\SystemRoot\system32\CI.dll

\SystemRoot\system32\drivers\83860108.sys

\SystemRoot\system32\drivers\Wdf01000.sys

\SystemRoot\system32\drivers\WDFLDR.SYS

\SystemRoot\system32\drivers\ACPI.sys

\SystemRoot\system32\drivers\WMILIB.SYS

\SystemRoot\system32\drivers\msisadrv.sys

\SystemRoot\system32\drivers\vdrvroot.sys

\SystemRoot\system32\drivers\pci.sys

\SystemRoot\System32\drivers\partmgr.sys

\SystemRoot\system32\DRIVERS\compbatt.sys

\SystemRoot\system32\DRIVERS\BATTC.SYS

\SystemRoot\system32\drivers\volmgr.sys

\SystemRoot\System32\drivers\volmgrx.sys

\SystemRoot\System32\drivers\mountmgr.sys

\SystemRoot\system32\drivers\vmbus.sys

\SystemRoot\system32\drivers\winhv.sys

\SystemRoot\system32\drivers\atapi.sys

\SystemRoot\system32\drivers\ataport.SYS

\SystemRoot\system32\drivers\msahci.sys

\SystemRoot\system32\drivers\PCIIDEX.SYS

\SystemRoot\system32\drivers\amdxata.sys

\SystemRoot\system32\drivers\fltmgr.sys

\SystemRoot\system32\drivers\fileinfo.sys

\SystemRoot\System32\Drivers\Ntfs.sys

\SystemRoot\System32\Drivers\msrpc.sys

\SystemRoot\System32\Drivers\ksecdd.sys

\SystemRoot\System32\Drivers\cng.sys

\SystemRoot\System32\drivers\pcw.sys

\SystemRoot\System32\Drivers\Fs_Rec.sys

\SystemRoot\system32\drivers\ndis.sys

\SystemRoot\system32\drivers\NETIO.SYS

\SystemRoot\System32\Drivers\ksecpkg.sys

\SystemRoot\System32\drivers\tcpip.sys

\SystemRoot\System32\drivers\fwpkclnt.sys

\SystemRoot\system32\drivers\vmstorfl.sys

\SystemRoot\system32\drivers\volsnap.sys

\SystemRoot\System32\Drivers\spldr.sys

\SystemRoot\system32\speedfan.sys

\SystemRoot\System32\drivers\rdyboost.sys

\SystemRoot\System32\Drivers\mup.sys

\SystemRoot\System32\drivers\hwpolicy.sys

\SystemRoot\system32\giveio.sys

\SystemRoot\System32\DRIVERS\fvevol.sys

\SystemRoot\system32\DRIVERS\disk.sys

\SystemRoot\system32\DRIVERS\CLASSPNP.SYS

\SystemRoot\system32\DRIVERS\cdrom.sys

\SystemRoot\System32\DRIVERS\cmdguard.sys

\SystemRoot\system32\DRIVERS\klif.sys

\SystemRoot\System32\Drivers\Null.SYS

\SystemRoot\System32\Drivers\Beep.SYS

\SystemRoot\System32\drivers\vga.sys

\SystemRoot\System32\drivers\VIDEOPRT.SYS

\SystemRoot\System32\drivers\watchdog.sys

\SystemRoot\System32\DRIVERS\RDPCDD.sys

\SystemRoot\system32\drivers\rdpencdd.sys

\SystemRoot\system32\drivers\rdprefmp.sys

\SystemRoot\System32\Drivers\Msfs.SYS

\SystemRoot\System32\Drivers\Npfs.SYS

\SystemRoot\system32\DRIVERS\tdx.sys

\SystemRoot\system32\DRIVERS\TDI.SYS

\SystemRoot\System32\DRIVERS\cmdhlp.sys

\SystemRoot\System32\DRIVERS\netbt.sys

\SystemRoot\system32\DRIVERS\kl1.sys

\SystemRoot\system32\drivers\afd.sys

\SystemRoot\system32\drivers\ws2ifsl.sys

\SystemRoot\system32\DRIVERS\wfplwf.sys

\SystemRoot\system32\DRIVERS\pacer.sys

\SystemRoot\system32\DRIVERS\vwififlt.sys

\SystemRoot\system32\DRIVERS\inspect.sys

\SystemRoot\system32\DRIVERS\netbios.sys

\SystemRoot\System32\Drivers\funfrm.SYS

\SystemRoot\System32\Drivers\ks.sys

\SystemRoot\system32\DRIVERS\wanarp.sys

\SystemRoot\system32\drivers\termdd.sys

\SystemRoot\system32\DRIVERS\rdbss.sys

\SystemRoot\system32\drivers\nsiproxy.sys

\SystemRoot\system32\drivers\mssmbios.sys

\SystemRoot\System32\Drivers\ElbyCDIO.sys

\SystemRoot\System32\drivers\discache.sys

\SystemRoot\system32\drivers\csc.sys

\SystemRoot\System32\Drivers\dfsc.sys

\SystemRoot\system32\DRIVERS\blbdrive.sys

\SystemRoot\system32\DRIVERS\tunnel.sys

\SystemRoot\system32\DRIVERS\nvlddmkm.sys

\SystemRoot\System32\Drivers\nvBridge.kmd

\SystemRoot\System32\drivers\dxgkrnl.sys

\SystemRoot\System32\drivers\dxgmms1.sys

\SystemRoot\system32\DRIVERS\usbuhci.sys

\SystemRoot\system32\DRIVERS\USBPORT.SYS

\SystemRoot\system32\DRIVERS\usbehci.sys

\SystemRoot\system32\drivers\HDAudBus.sys

\SystemRoot\system32\DRIVERS\jmcr.sys

\SystemRoot\system32\DRIVERS\SCSIPORT.SYS

\SystemRoot\system32\DRIVERS\NETw5s32.sys

\SystemRoot\System32\drivers\vwifibus.sys

\SystemRoot\system32\DRIVERS\b57nd60x.sys

\SystemRoot\system32\DRIVERS\AcpiVpc.sys

\SystemRoot\system32\DRIVERS\CmBatt.sys

\SystemRoot\system32\drivers\i8042prt.sys

\SystemRoot\system32\DRIVERS\mouclass.sys

\SystemRoot\system32\drivers\kbdclass.sys

\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys

\SystemRoot\system32\DRIVERS\intelppm.sys

\SystemRoot\system32\drivers\CompositeBus.sys

\SystemRoot\system32\DRIVERS\AgileVpn.sys

\SystemRoot\system32\DRIVERS\rasl2tp.sys

\SystemRoot\system32\DRIVERS\ndistapi.sys

\SystemRoot\system32\DRIVERS\ndiswan.sys

\SystemRoot\system32\DRIVERS\raspppoe.sys

\SystemRoot\system32\DRIVERS\raspptp.sys

\SystemRoot\system32\DRIVERS\rassstp.sys

\SystemRoot\system32\DRIVERS\rdpbus.sys

\SystemRoot\system32\DRIVERS\VClone.sys

\SystemRoot\system32\drivers\swenum.sys

\SystemRoot\system32\drivers\umbus.sys

\SystemRoot\system32\DRIVERS\usbhub.sys

\SystemRoot\System32\Drivers\NDProxy.SYS

\SystemRoot\system32\drivers\nvhda32v.sys

\SystemRoot\system32\drivers\portcls.sys

\SystemRoot\system32\drivers\drmk.sys

\SystemRoot\system32\drivers\HdAudio.sys

\SystemRoot\system32\DRIVERS\VSTAZL3.SYS

\SystemRoot\system32\DRIVERS\VSTDPV3.SYS

\SystemRoot\system32\DRIVERS\VSTCNXT3.SYS

\SystemRoot\system32\drivers\modem.sys

\SystemRoot\System32\win32k.sys

\SystemRoot\System32\drivers\Dxapi.sys

\SystemRoot\system32\drivers\btusbflt.sys

\SystemRoot\system32\drivers\USBD.SYS

\SystemRoot\System32\Drivers\BTHUSB.sys

\SystemRoot\System32\Drivers\bthport.sys

\SystemRoot\system32\DRIVERS\usbccgp.sys

\SystemRoot\System32\Drivers\usbvideo.sys

\SystemRoot\system32\DRIVERS\hidusb.sys

\SystemRoot\system32\DRIVERS\HIDCLASS.SYS

\SystemRoot\system32\DRIVERS\HIDPARSE.SYS

\SystemRoot\system32\DRIVERS\mouhid.sys

\SystemRoot\system32\DRIVERS\rfcomm.sys

\SystemRoot\system32\drivers\BthEnum.sys

\SystemRoot\system32\DRIVERS\bthpan.sys

\SystemRoot\system32\DRIVERS\bthmodem.sys

\SystemRoot\system32\DRIVERS\bthprint.sys

\SystemRoot\system32\DRIVERS\monitor.sys

\SystemRoot\System32\TSDDD.dll

\SystemRoot\System32\cdd.dll

\SystemRoot\System32\ATMFD.DLL

\SystemRoot\system32\drivers\luafv.sys

\SystemRoot\system32\DRIVERS\lltdio.sys

\SystemRoot\system32\DRIVERS\nwifi.sys

\SystemRoot\system32\DRIVERS\ndisuio.sys

\SystemRoot\system32\DRIVERS\rspndr.sys

\SystemRoot\system32\drivers\HTTP.sys

\SystemRoot\system32\DRIVERS\vwifimp.sys

\SystemRoot\system32\drivers\peauth.sys

\??\C:\Windows\system32\drivers\SECDRV.SYS

\SystemRoot\System32\DRIVERS\srvnet.sys

\SystemRoot\System32\drivers\tcpipreg.sys

\SystemRoot\System32\DRIVERS\srv2.sys

\SystemRoot\System32\DRIVERS\srv.sys

\??\C:\Program Files\PeerBlock\pbfilter.sys

\??\C:\Windows\system32\drivers\mbamchameleon.sys

\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys

\Windows\System32\ntdll.dll

\Windows\System32\smss.exe

\Windows\System32\apisetschema.dll

\Windows\System32\autochk.exe

\Windows\System32\user32.dll

\Windows\System32\ole32.dll

\Windows\System32\shell32.dll

\Windows\System32\Wldap32.dll

\Windows\System32\difxapi.dll

\Windows\System32\imagehlp.dll

\Windows\System32\kernel32.dll

\Windows\System32\psapi.dll

\Windows\System32\comdlg32.dll

\Windows\System32\nsi.dll

\Windows\System32\shlwapi.dll

\Windows\System32\setupapi.dll

\Windows\System32\clbcatq.dll

\Windows\System32\iertutil.dll

\Windows\System32\ws2_32.dll

\Windows\System32\wininet.dll

\Windows\System32\oleaut32.dll

\Windows\System32\gdi32.dll

\Windows\System32\lpk.dll

\Windows\System32\normaliz.dll

\Windows\System32\usp10.dll

\Windows\System32\urlmon.dll

\Windows\System32\imm32.dll

\Windows\System32\sechost.dll

\Windows\System32\rpcrt4.dll

\Windows\System32\msvcrt.dll

\Windows\System32\advapi32.dll

----------- End -----------

Done!

<<<1>>>

Upper Device Name: \Device\Harddisk0\DR0

Upper Device Object: 0xffffffff869ae030

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\

Lower Device Object: 0xffffffff868d5908

Lower Device Driver Name: \Driver\atapi\

<<<2>>>

Physical Sector Size: 512

Drive: 0, DevicePointer: 0xffffffff869ae030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xffffffff869ad280, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xffffffff869ae030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

DevicePointer: 0xffffffff868d5908, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\

------------ End ----------

Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

Upper DeviceData: 0x0, 0x0, 0x0

Lower DeviceData: 0x0, 0x0, 0x0

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

<<<2>>>

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...

<<<2>>>

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Done!

Drive 0

Scanning MBR on drive 0...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: 8E0EEE9E

 

Partition information:

 

    Partition 0 type is Primary (0x7)

    Partition is ACTIVE.

    Partition starts at LBA: 2048  Numsec = 468746240

    Partition file system is NTFS

    Partition is bootable

 

    Partition 1 type is Extended with LBA (0xf)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 468760635  Numsec = 156376710

 

    Partition 2 type is Empty (0x0)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 0  Numsec = 0

 

    Partition 3 type is Empty (0x0)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 0  Numsec = 0

 

Disk Size: 320072933376 bytes

Sector size: 512 bytes

 

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-625122448-625142448)...

Done!

Scan finished

=======================================

 

 

Removal queue found; removal started

Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...

Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_0_2048_i.mbam...

Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...

Removal finished



#6 Regvard

Regvard
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:27 AM

Posted 07 December 2013 - 09:37 PM

Rkill 2.6.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 12/08/2013 04:32:32 AM in x86 mode.
Windows Version: Windows 7 Ultimate Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * Windows Firewall Disabled

   [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
   "EnableFirewall" = dword:00000000

Checking Windows Service Integrity:

 * Windows Firewall (MpsSvc) is not Running.
   Startup Type set to: Manual

 * Windows Defender (WinDefend) is not Running.
   Startup Type set to: Disabled

 * Security Center (wscsvc) is not Running.
   Startup Type set to: Manual

 * Windows Update (wuauserv) is not Running.
   Startup Type set to: Disabled

 * Windows Firewall Authorization Driver (mpsdrv) is not Running.
   Startup Type set to: Manual

 * WMPNetworkSvc [Missing Service]

Searching for Missing Digital Signatures:

 * C:\Windows\System32\user32.dll : 811.520 : 12/18/2011 05:11 PM : 7bd7f45ff37fa0669cd32ca0ef46e22c [NoSig]
 +-> C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll : 811.520 : 07/14/2009 03:16 AM : 34b7e222e81fafa885f0c5f2cfa56861 [Pos Repl]
 +-> C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll : 811.520 : 11/20/2010 02:21 PM : f1dd3acaee5e6b4bbc69bc6df75cef66 [Pos Repl]

Checking HOSTS File:

 * Cannot edit the HOSTS file.
 * Permissions Fixed. Administrators can now edit the HOSTS file.

 * HOSTS file entries found:

  127.0.0.1 fr.a2dfp.net m.fr.a2dfp.net ad.a8.net asy.a8ww.net abcstats.com a.abv.bg adserver.abv.bg adv.abv.bg bimg.abv.bg
  127.0.0.1 ca.abv.bg www2.a-counter.kiev.ua track.acclaimnetwork.com accuserveadsystem.com www.accuserveadsystem.com achmedia.com aconti.net secure.aconti.net www.aconti.net
  127.0.0.1 csh.actiondesk.com www.activemeter.com ads.activepower.net stat.active24stats.nl cms.ad2click.nl ad2games.com ads.ad2games.com content.ad20.net core.ad20.net
  127.0.0.1 banner.ad.nu cl21.v4.adaction.se adadvisor.net tag1.adaptiveads.com www.adbanner.ro wad.adbasket.net ad.pop1.adbn.ru ad.top1.adbn.ru ad.rich1.adbn.ru
  127.0.0.1 james.adbutler.de www.adbutler.de www.adchimp.com show.adclick.lv www.adclick.lv ad-clix.com www.ad-clix.com servedby.adcombination.com adcomplete.com
  127.0.0.1 www.adcomplete.com static.uk.addynamo.com www.adeos.eu pt.server1.adexit.com www.adexit.com cdn2.adexprt.com 222-33544_999.pub.adfirmative.com c.adfirmative.com premium.adfirmative.com
  127.0.0.1 www.adfirmative.com track.adform.net ads.adfox.ru gazeta.adfox.ru media.adfrontiers.com astw.adgear.com dstw.adgear.com www.adgitize.com www.ad-groups.com
  127.0.0.1 adhall.com adhitzads.com ssl3.adhost.com www2.adhost.com mztag.ad-indicator.com adfarm1.adition.com imagesrv.adition.com ad.adition.net hosting.adjug.com
  127.0.0.1 tracking.adjug.com aj.adjungle.com adsearch.adkontekst.pl www.adlantis.jp publicidad.adlead.com www.adlimg03.com regio.adlink.de west.adlink.de rc.de.adlink.net
  127.0.0.1 tr.de.adlink.net adloyal.pl n.admagnet.net ad-maker.net ads3.adman.gr r2d2.adman.gr ad.admamba.com admarket.cz www.admarket.cz
  127.0.0.1 admedien.com www.admedien.com js.admeld.com tag.admeld.com apps.admission.net appcache.admission.net view.admission.net www.ad.admitad.com ad.admixer.net
  127.0.0.1 rms.admeta.com ads.admodus.com assets3.admulti.com go.admulti.com s.admulti.com ad.adnet.biz ad.adnetwork.com.br img.adnet.com.tr www.ad-net.co.uk
  127.0.0.1 adnext.fr tt11.adobe.com ace.adoftheyear.com ad01.adonspot.com ad02.adonspot.com www.adoperator.com www.adperium.com img.adplan-ds.com e.adpower.bg
  127.0.0.1 ab.adpro.com.ua system.adquick.nl www.adquest.nl ad.adrent.net pop.adrent.net adroll.com jsad1.adsflip.com www.adsurve.com www.ad-purge.com
  127.0.0.1 cntr.adrime.com images.adrime.com ad.adriver.ru content.adriver.ru r.adrolays.de www.adrotate.net serv.ad-rotator.com delivery.ads-creativesyndicator.com adsbg.info
  127.0.0.1 antevenio.flux.ads-click.com rh.adscale.de www.adsxchange.lv assets.adtaily.com fusion.adtoma.com engage2.advanstar.com ds.advg.jp m.adx.bg delivery.adyea.com
  127.0.0.1 img.ads-click.com www.adshost2.com ad.ads.dk tdkads.ads.dk js.adscale.de ih.adscale.de adscendmedia.com adservicedomain.info adsfac.net
  127.0.0.1 images.adshuffle.com this.content.served.by.adshuffle.com adsfac.eu ad.ad-srv.net www.adshot.de allchix.adsmax.com www2.adsmax.com www.adspace.be ads.adsponse.de
  127.0.0.1 adserve.adster.com images.adster.com openx.adtext.ro ads.adtiger.de www.adtiger.de ad.adtoma.com dot.adtotal.pl rek.adtotal.pl www.adtrade.net
  127.0.0.1 www.adtrader.com ads.adtube.de www.adultbanners.co.uk www.adultcommercial.net adultmoneymakers.com www.adultmoviegroup.com www.adult-tracker.de counter.adultrevenueservice.com counterimg1.adultrevenueservice.com

  20 out of 10370 HOSTS entries shown.
  Please review HOSTS file for further entries.

Program finished at: 12/08/2013 04:35:25 AM
Execution time: 0 hours(s), 2 minute(s), and 53 seconds(s)

 

 

Note: Those Windows services like the firewall, uac, updater etc were disabled by me.

 

Is it me or was my Firefox hijacked?

 

Anyway, thanks in advance for the help.



#7 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:08:27 PM

Posted 07 December 2013 - 09:40 PM

Note: Those Windows services like the firewall, uac, updater etc were disabled by me.

 

I've noticed and I'd like to know why.

 

What's wrong with your Firefox?

 

Can you post that TDSSKIller log you talked about?


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#8 Regvard

Regvard
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:27 AM

Posted 07 December 2013 - 09:45 PM

I wanted to reduce the number of automatic services running since I am already running another firewall and anti-virus. Not a good idea?

 

I haven't noticed anything wrong with my FF but the log I posted above says:

 

 

"network.proxy.backup.ftp", ""
"network.proxy.backup.ftp_port", 0
"network.proxy.backup.socks", ""
"network.proxy.backup.socks_port", 0
"network.proxy.backup.ssl", ""
"network.proxy.backup.ssl_port", 0
"network.proxy.ftp", "72.64.146.136"
"network.proxy.ftp_port", 3128
"network.proxy.http", "72.64.146.136"
"network.proxy.http_port", 3128
"network.proxy.share_proxy_settings", true
"network.proxy.socks", "72.64.146.136"
"network.proxy.socks_port", 3128
"network.proxy.ssl", "72.64.146.136"
"network.proxy.ssl_port", 3128
"network.proxy.type", 0

 

I do not use a proxy, not sure what that ip up there is. Is that supposed to be there?


Edited by Regvard, 07 December 2013 - 09:45 PM.


#9 Regvard

Regvard
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:27 AM

Posted 07 December 2013 - 09:57 PM

Those TDSS logs are 97 pages long. Posting the parts after scan finished. I can post the whole log if neccesary.

 

This one found the first 3:

 

02:47:39.0774 0x0e8c  Detected object count: 3

02:47:39.0774 0x0e8c  Actual detected object count: 3

02:56:10.0601 0x0e8c  C:\Users\orhang2\AppData\Local\Temp\AJQVF.exe - copied to quarantine

02:56:10.0633 0x0e8c  HKLM\SYSTEM\ControlSet001\services\AJQVF - will be deleted on reboot

02:56:10.0695 0x0e8c  HKLM\SYSTEM\ControlSet002\services\AJQVF - will be deleted on reboot

02:56:10.0820 0x0e8c  C:\Users\orhang2\AppData\Local\Temp\AJQVF.exe - will be deleted on reboot

02:56:10.0820 0x0e8c  AJQVF ( UnsignedFile.Multi.Generic ) - User select action: Delete

02:56:10.0882 0x0e8c  C:\Users\orhang2\AppData\Local\Temp\TCAIXIMCNLU.exe - copied to quarantine

02:56:10.0898 0x0e8c  HKLM\SYSTEM\ControlSet001\services\TCAIXIMCNLU - will be deleted on reboot

02:56:10.0976 0x0e8c  HKLM\SYSTEM\ControlSet002\services\TCAIXIMCNLU - will be deleted on reboot

02:56:10.0991 0x0e8c  C:\Users\orhang2\AppData\Local\Temp\TCAIXIMCNLU.exe - will be deleted on reboot

02:56:10.0991 0x0e8c  TCAIXIMCNLU ( UnsignedFile.Multi.Generic ) - User select action: Delete

02:56:11.0054 0x0e8c  C:\Users\orhang2\AppData\Local\Temp\TLZ.exe - copied to quarantine

02:56:11.0069 0x0e8c  HKLM\SYSTEM\ControlSet001\services\TLZ - will be deleted on reboot

02:56:11.0069 0x0e8c  HKLM\SYSTEM\ControlSet002\services\TLZ - will be deleted on reboot

02:56:11.0085 0x0e8c  C:\Users\orhang2\AppData\Local\Temp\TLZ.exe - will be deleted on reboot

02:56:11.0085 0x0e8c  TLZ ( UnsignedFile.Multi.Generic ) - User select action: Delete

02:56:11.0927 0x0e8c  KLMD registered as C:\Windows\system32\drivers\83860108.sys

02:56:14.0845 0x0df4  Deinitialize success

 

This found 10:

 

03:33:05.0934 0x094c  Scan finished

03:33:05.0934 0x094c  ============================================================

03:33:05.0949 0x0700  Detected object count: 10

03:33:05.0949 0x0700  Actual detected object count: 10

03:37:02.0715 0x0700  funfrm ( UnsignedFile.Multi.Generic ) - skipped by user

03:37:02.0715 0x0700  funfrm ( UnsignedFile.Multi.Generic ) - User select action: Skip

03:37:02.0715 0x0700  fussvc ( UnsignedFile.Multi.Generic ) - skipped by user

03:37:02.0715 0x0700  fussvc ( UnsignedFile.Multi.Generic ) - User select action: Skip

03:37:02.0746 0x0700  giveio ( UnsignedFile.Multi.Generic ) - skipped by user

03:37:02.0746 0x0700  giveio ( UnsignedFile.Multi.Generic ) - User select action: Skip

03:37:02.0746 0x0700  IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user

03:37:02.0746 0x0700  IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip

03:37:02.0809 0x0700  SecDrv ( UnsignedFile.Multi.Generic ) - skipped by user

03:37:02.0809 0x0700  SecDrv ( UnsignedFile.Multi.Generic ) - User select action: Skip

03:37:02.0824 0x0700  SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user

03:37:02.0824 0x0700  SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip

03:37:02.0824 0x0700  Te.Service ( UnsignedFile.Multi.Generic ) - skipped by user

03:37:02.0824 0x0700  Te.Service ( UnsignedFile.Multi.Generic ) - User select action: Skip

03:37:02.0856 0x0700  USBAAPL ( UnsignedFile.Multi.Generic ) - skipped by user

03:37:02.0856 0x0700  USBAAPL ( UnsignedFile.Multi.Generic ) - User select action: Skip

03:37:02.0856 0x0700  vsbus ( UnsignedFile.Multi.Generic ) - skipped by user

03:37:02.0856 0x0700  vsbus ( UnsignedFile.Multi.Generic ) - User select action: Skip

03:37:02.0871 0x0700  vserial ( UnsignedFile.Multi.Generic ) - skipped by user

03:37:02.0871 0x0700  vserial ( UnsignedFile.Multi.Generic ) - User select action: Skip

03:39:05.0568 0x0a68  Deinitialize success



#10 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:08:27 PM

Posted 08 December 2013 - 01:19 PM

I wanted to reduce the number of automatic services running since I am already running another firewall and anti-virus. Not a good idea?

 

Definitely not. Except for Windows Defender which is useless all other are crucial Windows services.

Please restore all services you disabled and post fresh FSS log so I can see all is back to normal.

 

I can see that TDSSKiller actually removed all of those suspicious files/services.

 

Firefox entries are fine since the last one says:

"network.proxy.type", 0 (Direct connection, no proxy)

 

Let's run couple more tools...

 

p22002970.gif Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

p22002970.gif Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.


p22002970.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.


p22002970.gif Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    NOTE. If Eset doesn't find any threats it'll NOT produce any log.


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#11 Regvard

Regvard
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:27 AM

Posted 08 December 2013 - 07:21 PM

Now I have 3 shady services running. I did some scans witha couple of other software from downloads section while waiting for you. Nothing was detected.

 

Those services are:

 

JXGUBCD

QZPGANHD

VJJW

 

They weren't there before.

 

I realized I had forgotten to enable windows firewall again. Did so after the security check. Seems to be working fine.

 

Security Check

 

 Results of screen317's Security Check version 0.99.77  
 Windows 7 Service Pack 1 x86 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Disabled!  
Kaspersky Anti-Virus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 SpywareBlaster 5.0    
 Spybot - Search & Destroy
 HostsMan 4.0.87 Beta8   
 Malwarebytes Anti-Malware version 1.70.0.1100  
 Out of date Malwarebytes Anti-Malware installed!
 CCleaner     
 Java 7 Update 25  
 Visual Studio Extensions for Windows Library for JavaScript
 Java version out of Date!
 Adobe Flash Player     11.8.800.94  
 Adobe Reader XI  
 Mozilla Firefox (25.0.1)
 Mozilla Thunderbird (24.1.1)
````````Process Check: objlist.exe by Laurent````````  
 Comodo Firewall cmdagent.exe
 Comodo Firewall cfp.exe
 Kaspersky Lab Kaspersky Anti-Virus 6.0 for Windows Workstations MP4 avp.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 6%
````````````````````End of Log``````````````````````
 



#12 Regvard

Regvard
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:27 AM

Posted 08 December 2013 - 07:32 PM

# AdwCleaner v3.014 - Report created 09/12/2013 at 02:26:01

# Updated 01/12/2013 by Xplode

# Operating System : Windows 7 Ultimate Service Pack 1 (32 bits)

# Username : orhang2 - GOKTUG-PC

# Running from : C:\Users\orhang2\Desktop\adwcleaner.exe

# Option : Clean

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\GOGPACKREUS_is1

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E49F0B41-3322-11D4-AEFE-00C04F61025C}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

Key Deleted : HKCU\Software\APN PIP

Key Deleted : HKCU\Software\PIP

Key Deleted : HKLM\Software\Iminent

Key Deleted : HKLM\Software\PIP

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v9.0.8112.16457

 

 

-\\ Mozilla Firefox v25.0.1 (en-US)

 

[ File : C:\Users\orhang2\AppData\Roaming\Mozilla\Firefox\Profiles\5hgt8a5f.default\prefs.js ]

 

 

[ File : C:\Users\orhang2\AppData\Roaming\Mozilla\Firefox\Profiles\qydtgkcf.default\prefs.js ]

 

 

-\\ Google Chrome v

 

[ File : C:\Users\orhang2\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

 

*************************

 

AdwCleaner[R0].txt - [1937 octets] - [09/12/2013 02:24:26]

AdwCleaner[S0].txt - [1888 octets] - [09/12/2013 02:26:01]

 

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1948 octets] ##########



#13 Regvard

Regvard
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:27 AM

Posted 08 December 2013 - 07:38 PM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Ultimate x86
Ran by orhang2 on 09.12.2013 at  2:35:37,66
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\orhang2\AppData\Roaming\mozilla\firefox\profiles\qydtgkcf.default\minidumps [203 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 09.12.2013 at  2:38:56,09
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



#14 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:08:27 PM

Posted 08 December 2013 - 08:08 PM

When  done with Eset...

 

Download Autoruns for Windows: http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx
No installation required.
Simply unzip Autoruns.zip file, and double click on autoruns.exe file to run the program.
Go File>Save, and save it as AutoRuns.txt file to know location.
You must select Text from drop-down menu as a file type:

p4436801.gif
 

Upload the file(s) here: http://www.sendspace.com/
Click on Browse button and navigate to the file you want to upload.
Click on Upload button.
Click on FIRST Copy Link button and paste the link in your next reply.


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#15 Regvard

Regvard
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:27 AM

Posted 09 December 2013 - 05:27 AM

Eset came up clean. Those strange services I mentioned earlier seem to be disabled and point to, from what I can tell, nonexistant exes with the same names in the temp folder.

 

Autoruns log:

 

http://www.sendspace.com/file/ulh7mr

 

I also ran an aswMBR scan. It found a suspicous user32.dll. Log is below.

 

Then I checked the file's hashes, uploaded and scanned it on Virustotal, returned a 0/48. Seems to be a false positive or something.

 

MD5: 7bd7f45ff37fa0669cd32ca0ef46e22c
SHA1: 03c47973f52800a6ae21f1a5992e331b4a9b2837
SHA256: 88cf562d5f8c803a4ff8db28c355073c58be6c02ce950149584749d2d72cc6de

 

ASWMBR Log:

 

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software

Run date: 2013-12-09 18:19:43

-----------------------------

18:19:43.881    OS Version: Windows 6.1.7601 Service Pack 1

18:19:43.881    Number of processors: 2 586 0x170A

18:19:43.881    ComputerName: GOKTUG-PC  UserName: orhang2

18:19:44.926    Initialize success

18:20:11.269    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0

18:20:11.269    Disk 0 Vendor: WDC_WD3200BEVT-22ZCT0 11.01A11 Size: 305245MB BusType: 11

18:20:11.378    Disk 0 MBR read successfully

18:20:11.378    Disk 0 MBR scan

18:20:11.394    Disk 0 Windows 7 default MBR code

18:20:11.425    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       228880 MB offset 2048

18:20:11.425    Disk 0 Partition - 00     0F Extended LBA             76355 MB offset 468760635

18:20:11.456    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS        76355 MB offset 468760698

18:20:11.472    Disk 0 scanning sectors +625137345

18:20:11.534    Disk 0 scanning C:\Windows\system32\drivers

18:20:21.846    Service scanning

18:20:44.887    Modules scanning

18:20:54.621    Module: C:\Windows\System32\user32.dll  **SUSPICIOUS**

18:20:55.963    Disk 0 trace - called modules:

18:20:55.994    ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll PCIIDEX.SYS msahci.sys

18:20:55.994    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x867a78f0]

18:20:56.025    3 CLASSPNP.SYS[8b60459e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x866cb030]

18:20:56.025    Scan finished successfully

18:21:30.175    Disk 0 MBR has been saved successfully to "C:\Users\orhang2\Desktop\MBR.dat"

18:21:30.206    The log file has been saved successfully to "C:\Users\orhang2\Desktop\aswMBR.txt"


Edited by Regvard, 09 December 2013 - 11:42 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users