Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Strange drivers loaded, aswMBR and gmer crashing on file scan


  • This topic is locked This topic is locked
6 replies to this topic

#1 fyodor

fyodor

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:06 AM

Posted 18 January 2014 - 02:17 AM

Posting new topic with logs here as instructed by quietman.

 

Old topic for more info: http://www.bleepingcomputer.com/forums/t/521153/strange-drivers-loaded-aswmbr-and-gmer-crashing-on-file-scan/

 

Basically I need help examining my logs to see if there's anything suspicious. Please tell me if I should post any other logs (hijackthis etc).

 

OTS:

http://pastebin.ca/2554870

 

DDS:

http://pastebin.ca/2554873

http://pastebin.ca/2554874

 

 

I've scanned with eset, avira, webroot, mbam, tdsskiller. Those found nothing.



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,743 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:06 PM

Posted 23 January 2014 - 02:20 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/521193 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:06 AM

Posted 24 January 2014 - 08:19 PM

Hi and sorry for the delay.

 

Please run a FRST scan:

 

 

Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)

  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.



#4 fyodor

fyodor
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:06 AM

Posted 25 January 2014 - 08:16 AM

Hi and sorry for the delay.

 

Please run a FRST scan:

 

 

Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)

  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.

 

 

Hi, here are the logs.

 

 

FRST.txt:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2014
Ran by Fyodor (administrator) on THINKPAD on 25-01-2014 17:10:35
Running from C:\Users\Fyodor\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Google Inc) C:\Program Files (x86)\Google\Google Input Tools\GoogleInputService.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Input Tools\GoogleInputHandler.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(troubadix) C:\Program Files\TPFanControl\TPFanControl.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(The Privoxy team - www.privoxy.org) C:\Program Files (x86)\Privoxy\privoxy.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Sysinternals - www.sysinternals.com) C:\Autoruns\autoruns.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [TPFanControl] - C:\Program Files\TPFanControl\TPFanControl.exe [156672 2013-02-02] (troubadix)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3764024 2014-01-18] (AVAST Software)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoRecentDocsNetHood] 1
HKCU\...\Policies\system: [LogonHoursAction] 2
HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKCU\...\Policies\Explorer: [NoRecentDocsNetHood] 1
HKU\Default\...\Run: [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\Default User\...\Run: [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
 
==================== Internet (Whitelisted) ====================
 
ProxyServer: http=127.0.0.1:8118;https=127.0.0.1:8118
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ncr
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x6C5437CBB9F8CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.16.1
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.com/ncr
CHR DefaultSearchProvider: Google (en)
CHR DefaultNewTabURL: 
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\pdf.dll ()
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Java Deployment Toolkit 7.0.450.18) - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Java™ Platform SE 7 U45) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
CHR Extension: (Google Drive) - C:\Users\Fyodor\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-17]
CHR Extension: (YouTube) - C:\Users\Fyodor\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-17]
CHR Extension: (Adblock Plus) - C:\Users\Fyodor\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-01-19]
CHR Extension: (Google Search) - C:\Users\Fyodor\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-17]
CHR Extension: (Google Wallet) - C:\Users\Fyodor\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-17]
CHR Extension: (Gmail) - C:\Users\Fyodor\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-17]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Services (Whitelisted) =================
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-01-18] (AVAST Software)
R2 GoogleInputService; C:\Program Files (x86)\Google\Google Input Tools\GoogleInputService.exe [164888 2014-01-17] (Google Inc)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [22888 2013-09-17] ()
 
==================== Drivers (Whitelisted) ====================
 
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2014-01-18] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-01-18] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1034464 2014-01-18] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [422216 2014-01-18] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2014-01-18] ()
S4 bqbq; C:\Windows\SysWOW64\drivers\aotwz.sys [61440 2014-01-18] ()
S4 efavdrv; C:\Windows\system32\drivers\efavdrv.sys [139704 2013-12-07] (ESET)
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [41032 2013-05-23] (ThreatTrack Security)
S3 gfiutil; C:\Windows\System32\drivers\gfiutil.sys [31264 2013-09-04] (ThreatTrack Security)
S4 kejrrkd; C:\Windows\SysWOW64\drivers\dlqst.sys [61440 2014-01-18] ()
S4 kntgzks; C:\Windows\SysWOW64\drivers\qphgemt.sys [61440 2014-01-18] ()
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [44784 2013-04-17] (Synaptics Incorporated)
S4 tfeghiu; C:\Windows\SysWOW64\drivers\bbqki.sys [61440 2014-01-18] ()
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S4 catchme; \??\C:\ComboFix\catchme.sys [x]
S4 cleanhlp; \??\C:\EEK\Run\cleanhlp64.sys [x]
U5 FontCache3.0.0.0; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [42856 2010-11-21] (Microsoft Corporation)
S4 MFE_RR; \??\C:\Users\Fyodor\AppData\Local\Temp\mfe_rr.sys [x]
S4 uzm2mzyy; \??\C:\Windows\system32\Drivers\uzm2mzyy.sys [x]
 
========================== Drivers MD5 =======================
 
C:\Windows\System32\DRIVERS\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys 79059559E89D06E8B80CE2944BE20228
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\drivers\arc.sys ==> MD5 is legit
C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit
C:\Windows\system32\drivers\aswMonFlt.sys 9C2BEA3957EFFD45F352F0938DFB3721
C:\Windows\System32\Drivers\aswRvrt.sys C04F7B373881009D7994D9BF55D24AB4
C:\Windows\system32\drivers\aswSnx.sys 52B5F8FAF7E78C02D26B0B6E3A05F596
C:\Windows\system32\drivers\aswSP.sys 251360C2FCA22BAFE0583314B3262F98
C:\Windows\System32\Drivers\aswVmm.sys 90399625F341AB76BA4B85A5E860EB1F
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\system32\drivers\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\aotwz.sys 589312A3B46721C5A751E4D5222A89BE
C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bridge.sys 5C2F352A4E961D72518261257AAE204B
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys EBF28856F69CF094A902F884CF989706
C:\Windows\System32\drivers\CHDRT64.sys 5BEC441B6B91E874C987C06F98176D90
C:\Windows\System32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\drivers\disk.sys ==> MD5 is legit
C:\Windows\system32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys 88612F1CE3BF42256913BF6E61C70D52
C:\Windows\System32\DRIVERS\e1c62x64.sys 03F4C5C12FC1C69F838DA723475EF650
C:\Windows\system32\drivers\evbda.sys ==> MD5 is legit
C:\Windows\system32\drivers\efavdrv.sys 31BF254A77400BAEFFBC420DB348A6B5
C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit
C:\Windows\System32\drivers\gfiark.sys 4EA5458FCA8518344686C543749365B1
C:\Windows\System32\drivers\gfiutil.sys 16A23FF8621929ADC5B18DCCD5E206EE
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\iaStor.sys CCFA835960E35F30D28A868E0B3B8722
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\System32\DRIVERS\ibmpmdrv.sys B005844661028E11480D724A709CC298
C:\Windows\System32\DRIVERS\igdkmd64.sys B9857625DF8B539ABCB90E15B5716568
C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\IntcDAud.sys F5495B38BFB9149925F54F65AB40EFBF
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\system32\drivers\kbdhid.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\dlqst.sys 589312A3B46721C5A751E4D5222A89BE
C:\Windows\SysWOW64\drivers\qphgemt.sys 589312A3B46721C5A751E4D5222A89BE
C:\Windows\System32\Drivers\ksecdd.sys 8F489706472F7E9A06BAAA198703FA64
C:\Windows\System32\Drivers\ksecpkg.sys 868A2CAAB12EFC7A021682BCA0EEC54C
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smiifx64.sys 2B9D8555DC004E240082D18E7725CE20
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit
C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HECIx64.sys A6518DCC42F7A6E999BB3BEA8FD87567
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys 1A4F75E63C9FB84B85DFFC6B63FD5404
C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys B98F8C6E31CD07B2E6F71F7F648E38C0
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\drivers\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\drivers\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\psadd.sys 05A4779E4994B21473EDBE85AABE8030
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\Drivers\pssdk42.sys CD33CB6FECF65520466F95AB89CC4AF5
C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\system32\drivers\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RDPWD.sys E61608AA35E98999AF9AAEEEA6114B0A
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\risdxc64.sys 5A227511ED22DDFEDF7EF7323C8F7D2F
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rtl8192Ce.sys 6BC5C9EDC130A9A07B9B780045668AC4
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\serenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\serial.sys ==> MD5 is legit
C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys 05443078777475EC8F0B6CFEA533EC57
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\SynTP.sys AEAE48AF681BAF5904608FF5D84E3C9C
C:\Windows\System32\drivers\tcpip.sys 40AF23633D197905F03AB5628C558C51
C:\Windows\System32\DRIVERS\tcpip.sys 40AF23633D197905F03AB5628C558C51
C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\termdd.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\bbqki.sys 589312A3B46721C5A751E4D5222A89BE
C:\Windows\System32\drivers\tpm.sys DBCC20C02E8A3E43B03C304A4E40A84F
C:\Windows\System32\DRIVERS\tssecsrv.sys 4CE278FC9671BA81A138D70823FCAA09
C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit
C:\Windows\system32\drivers\TsUsbGD.sys 9CC2CCAE8A84820EAECB886D477CBCB8
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\System32\Drivers\TVicPort64.sys A65643ED30A30E46317C0B25818BC9B7
C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umpass.sys ==> MD5 is legit
C:\Windows\System32\Drivers\usbaapl64.sys 43228F8EDD1B0BCDD3145AD246E63D39
C:\Windows\system32\drivers\usbccgp.sys DCA68B0943D6FA415F0C56C92158A83A
C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31
C:\Windows\system32\drivers\usbehci.sys 18A85013A3E0F7E1755365D287443965
C:\Windows\System32\DRIVERS\usbhub.sys 8D1196CFBB223621F2C67D45710F25BA
C:\Windows\system32\drivers\usbohci.sys 765A92D428A8DB88B960DA5A8D6089DC
C:\Windows\system32\drivers\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6
C:\Windows\system32\drivers\usbuhci.sys DD253AFC3BC6CBA412342DE60C3647F3
C:\Windows\System32\DRIVERS\usb8023x.sys 7B28E2FBE75115660FAB31079C0A9F29
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\System32\DRIVERS\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WSDPrint.sys 8D918B1DB190A4D9B1753A66FA8C96E8
C:\Windows\System32\DRIVERS\WSDScan.sys 4A2A5C50DD1A63577D3ACA94269FBC7F
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-01-25 17:10 - 2014-01-25 17:10 - 02077696 _____ (Farbar) C:\Users\Fyodor\Desktop\FRST64.exe
2014-01-25 17:10 - 2014-01-25 17:10 - 00025781 _____ C:\Users\Fyodor\Desktop\FRST.txt
2014-01-23 16:56 - 2014-01-25 10:44 - 00000392 _____ C:\Windows\setupact.log
2014-01-23 16:56 - 2014-01-23 16:56 - 00377648 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-23 16:56 - 2014-01-23 16:56 - 00000000 _____ C:\Windows\setuperr.log
2014-01-23 08:54 - 2014-01-23 08:54 - 00099128 _____ C:\Users\Fyodor\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-21 22:43 - 2014-01-21 22:43 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2014-01-20 21:30 - 2014-01-25 11:54 - 00149317 _____ C:\Windows\WindowsUpdate.log
2014-01-19 19:34 - 2014-01-19 19:34 - 00000000 ____D C:\Users\Fyodor\AppData\Local\Tarrasch
2014-01-19 19:33 - 2014-01-19 19:36 - 00000000 ____D C:\Users\Fyodor\Documents\Tarrasch
2014-01-19 15:03 - 2013-09-04 13:57 - 00031264 _____ (ThreatTrack Security) C:\Windows\system32\Drivers\gfiutil.sys
2014-01-19 15:03 - 2013-05-23 07:39 - 00041032 _____ (ThreatTrack Security) C:\Windows\system32\Drivers\gfiark.sys
2014-01-18 21:26 - 2014-01-18 21:26 - 01034464 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-01-18 21:26 - 2014-01-18 21:26 - 00422216 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-01-18 21:26 - 2014-01-18 21:26 - 00334136 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-01-18 21:26 - 2014-01-18 21:26 - 00207904 _____ C:\Windows\system32\Drivers\aswVmm.sys
2014-01-18 21:26 - 2014-01-18 21:26 - 00078648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-01-18 21:26 - 2014-01-18 21:26 - 00065776 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2014-01-18 21:26 - 2014-01-18 21:26 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-01-18 07:12 - 2014-01-18 07:12 - 00061440 _____ C:\Windows\SysWOW64\Drivers\qphgemt.sys
2014-01-18 07:12 - 2014-01-18 07:12 - 00000050 _____ C:\Windows\ppvr.txt
2014-01-18 07:09 - 2014-01-18 07:09 - 00061440 _____ C:\Windows\SysWOW64\Drivers\aotwz.sys
2014-01-18 07:09 - 2014-01-18 07:09 - 00000050 _____ C:\Windows\SysWOW64\pimuqdx.txt
2014-01-18 01:54 - 2014-01-18 01:54 - 00061440 _____ C:\Windows\SysWOW64\Drivers\dlqst.sys
2014-01-18 01:54 - 2014-01-18 01:54 - 00000050 _____ C:\Windows\xfgtuir.txt
2014-01-18 01:12 - 2014-01-18 01:12 - 00061440 _____ C:\Windows\SysWOW64\Drivers\bbqki.sys
2014-01-18 01:12 - 2014-01-18 01:12 - 00000050 _____ C:\Windows\hfbh.txt
2014-01-18 01:11 - 2014-01-18 07:15 - 00000000 ____D C:\ProgramData\Doctor Web
2014-01-17 23:22 - 2014-01-17 23:22 - 00021177 _____ C:\ComboFix.txt
2014-01-17 21:30 - 2014-01-17 21:31 - 00000000 ____D C:\AdwCleaner
2014-01-17 21:17 - 2014-01-18 21:27 - 00000000 ____D C:\Users\Fyodor\AppData\Roaming\AVAST Software
2014-01-17 21:16 - 2014-01-20 16:42 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2014-01-17 21:16 - 2014-01-18 21:26 - 00000000 ____D C:\Program Files\AVAST Software
2014-01-17 21:02 - 2014-01-17 21:02 - 01128472 _____ (Google Inc.) C:\Windows\system32\GoogleInputTools.ime
2014-01-17 21:02 - 2014-01-17 21:02 - 00984088 _____ (Google Inc.) C:\Windows\SysWOW64\GoogleInputTools.ime
2014-01-17 21:01 - 2014-01-17 21:01 - 00000000 ____D C:\Program Files (x86)\Privoxy
2014-01-16 21:53 - 2014-01-16 21:53 - 00000000 ____D C:\Users\Fyodor\AppData\Local\Windows Assessment Console
2014-01-16 21:38 - 2014-01-17 19:49 - 00000000 ____D C:\ProgramData\Package Cache
2014-01-16 18:46 - 2014-01-16 18:47 - 00000000 ____D C:\Users\Fyodor\AppData\Local\Dataram_Corporation
2014-01-15 22:42 - 2014-01-15 22:42 - 00040826 _____ C:\Windows\system32\energy-report.html
2014-01-15 21:37 - 2014-01-15 21:45 - 00000000 ____D C:\Users\Fyodor\AppData\Local\Abelssoft
2014-01-15 21:00 - 2013-11-26 15:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-15 17:42 - 2014-01-15 18:50 - 00000000 ____D C:\Users\Fyodor\AppData\Roaming\gsmartcontrol
2014-01-15 15:33 - 2014-01-15 15:33 - 00000055 _____ C:\Users\Fyodor\AppData\Roaming\mbam.context.scan
2014-01-15 15:14 - 2014-01-15 15:14 - 00000000 ____D C:\ProgramData\Licenses
2014-01-15 15:00 - 2013-11-27 05:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-15 15:00 - 2013-11-27 05:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-15 15:00 - 2013-11-27 05:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-15 15:00 - 2013-11-27 05:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-15 15:00 - 2013-11-27 05:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-15 15:00 - 2013-11-27 05:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-15 15:00 - 2013-11-27 05:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-15 15:00 - 2013-11-26 14:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-14 14:53 - 2014-01-24 19:46 - 00000000 ____D C:\Users\Fyodor\AppData\Roaming\vlc
2014-01-13 17:13 - 2012-10-09 12:27 - 00409088 _____ (Hewlett-Packard Corporation) C:\Windows\system32\hpcpn140.dll
2014-01-13 17:13 - 2012-10-09 12:22 - 00409600 _____ C:\Windows\SysWOW64\hpcc3140.DLL
2014-01-13 04:10 - 2011-01-14 10:23 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\umpo.dll
2014-01-13 04:09 - 2013-11-07 18:46 - 00066856 _____ (Lenovo.) C:\Windows\system32\ibmpmsvc.exe
2014-01-13 04:09 - 2013-11-07 18:46 - 00060712 _____ (Lenovo.) C:\Windows\system32\ibmpmctl.exe
2014-01-13 04:09 - 2013-11-07 18:46 - 00054528 _____ (Lenovo.) C:\Windows\system32\Drivers\ibmpmdrv.sys
2014-01-13 04:09 - 2013-11-07 18:46 - 00040232 _____ (Lenovo.) C:\Windows\system32\tpinspm.dll
2014-01-13 01:16 - 2014-01-13 01:16 - 00000000 ____D C:\Users\Fyodor\AppData\Roaming\LSC
2014-01-13 01:16 - 2014-01-13 01:16 - 00000000 ____D C:\Users\Fyodor\AppData\Roaming\Lenovo
2014-01-13 01:16 - 2014-01-13 01:16 - 00000000 ____D C:\Users\Fyodor\AppData\Local\LSC
2014-01-13 01:03 - 2014-01-17 21:26 - 00089304 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-01-13 00:42 - 2014-01-13 00:56 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Exploit
2014-01-13 00:03 - 2014-01-13 00:04 - 00000000 ____D C:\Program Files\stinger
2014-01-12 23:54 - 2014-01-23 16:50 - 00000000 ____D C:\Users\Fyodor\AppData\Local\CrashDumps
2014-01-12 21:04 - 2014-01-12 21:50 - 00000000 ____D C:\Users\Fyodor\AppData\Roaming\Ghostbuster
2014-01-12 21:02 - 2014-01-13 02:12 - 00000000 ____D C:\Users\Fyodor\AppData\Local\Deployment
2014-01-01 19:55 - 2014-01-14 14:47 - 00000000 ____D C:\ProgramData\Soluto
2014-01-01 19:55 - 2014-01-01 20:07 - 00000193 _____ C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
2014-01-01 19:28 - 2014-01-01 19:30 - 00000000 ____D C:\Program Files (x86)\trend micro
2014-01-01 19:28 - 2014-01-01 19:28 - 00000000 ____D C:\rsit
2014-01-01 18:37 - 2014-01-01 18:37 - 00003408 ____N C:\bootsqm.dat
2014-01-01 18:29 - 2014-01-13 02:04 - 00181064 _____ (Sysinternals) C:\Windows\PSEXESVC.EXE
2014-01-01 18:10 - 2014-01-01 18:10 - 00000000 ____D C:\Program Files\TPFanControl
 
==================== One Month Modified Files and Folders =======
 
2014-01-25 17:10 - 2014-01-25 17:10 - 02077696 _____ (Farbar) C:\Users\Fyodor\Desktop\FRST64.exe
2014-01-25 17:10 - 2014-01-25 17:10 - 00025781 _____ C:\Users\Fyodor\Desktop\FRST.txt
2014-01-25 17:04 - 2013-01-22 14:40 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-25 14:04 - 2013-01-22 14:40 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-25 13:24 - 2009-07-14 09:13 - 00783254 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-25 11:54 - 2014-01-20 21:30 - 00149317 _____ C:\Windows\WindowsUpdate.log
2014-01-25 10:52 - 2009-07-14 08:45 - 00022544 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-25 10:52 - 2009-07-14 08:45 - 00022544 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-25 10:44 - 2014-01-23 16:56 - 00000392 _____ C:\Windows\setupact.log
2014-01-25 10:44 - 2009-07-14 09:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-24 19:46 - 2014-01-14 14:53 - 00000000 ____D C:\Users\Fyodor\AppData\Roaming\vlc
2014-01-23 16:56 - 2014-01-23 16:56 - 00377648 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-23 16:56 - 2014-01-23 16:56 - 00000000 _____ C:\Windows\setuperr.log
2014-01-23 16:50 - 2014-01-12 23:54 - 00000000 ____D C:\Users\Fyodor\AppData\Local\CrashDumps
2014-01-23 08:54 - 2014-01-23 08:54 - 00099128 _____ C:\Users\Fyodor\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-21 22:57 - 2013-03-03 16:25 - 00000000 ____D C:\Users\Fyodor\AppData\Roaming\TeamViewer
2014-01-21 22:53 - 2009-07-14 07:20 - 00000000 ____D C:\Windows\system32\NDF
2014-01-21 22:43 - 2014-01-21 22:43 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2014-01-20 17:05 - 2013-01-22 20:32 - 00007616 _____ C:\Users\Fyodor\AppData\Local\Resmon.ResmonCfg
2014-01-20 16:42 - 2014-01-17 21:16 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2014-01-19 19:36 - 2014-01-19 19:33 - 00000000 ____D C:\Users\Fyodor\Documents\Tarrasch
2014-01-19 19:34 - 2014-01-19 19:34 - 00000000 ____D C:\Users\Fyodor\AppData\Local\Tarrasch
2014-01-19 19:33 - 2013-01-22 14:26 - 00000000 ____D C:\Users\Fyodor
2014-01-19 19:31 - 2013-07-12 20:49 - 00000000 ____D C:\File Checksum Integrity Verifier
2014-01-19 19:30 - 2013-12-17 23:39 - 00000000 ____D C:\Program Files (x86)\Tarrasch
2014-01-18 21:27 - 2014-01-17 21:17 - 00000000 ____D C:\Users\Fyodor\AppData\Roaming\AVAST Software
2014-01-18 21:26 - 2014-01-18 21:26 - 01034464 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-01-18 21:26 - 2014-01-18 21:26 - 00422216 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-01-18 21:26 - 2014-01-18 21:26 - 00334136 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-01-18 21:26 - 2014-01-18 21:26 - 00207904 _____ C:\Windows\system32\Drivers\aswVmm.sys
2014-01-18 21:26 - 2014-01-18 21:26 - 00078648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-01-18 21:26 - 2014-01-18 21:26 - 00065776 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2014-01-18 21:26 - 2014-01-18 21:26 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-01-18 21:26 - 2014-01-17 21:16 - 00000000 ____D C:\Program Files\AVAST Software
2014-01-18 21:25 - 2013-07-24 21:51 - 00000000 ____D C:\ProgramData\AVAST Software
2014-01-18 07:15 - 2014-01-18 01:11 - 00000000 ____D C:\ProgramData\Doctor Web
2014-01-18 07:12 - 2014-01-18 07:12 - 00061440 _____ C:\Windows\SysWOW64\Drivers\qphgemt.sys
2014-01-18 07:12 - 2014-01-18 07:12 - 00000050 _____ C:\Windows\ppvr.txt
2014-01-18 07:09 - 2014-01-18 07:09 - 00061440 _____ C:\Windows\SysWOW64\Drivers\aotwz.sys
2014-01-18 07:09 - 2014-01-18 07:09 - 00000050 _____ C:\Windows\SysWOW64\pimuqdx.txt
2014-01-18 01:54 - 2014-01-18 01:54 - 00061440 _____ C:\Windows\SysWOW64\Drivers\dlqst.sys
2014-01-18 01:54 - 2014-01-18 01:54 - 00000050 _____ C:\Windows\xfgtuir.txt
2014-01-18 01:12 - 2014-01-18 01:12 - 00061440 _____ C:\Windows\SysWOW64\Drivers\bbqki.sys
2014-01-18 01:12 - 2014-01-18 01:12 - 00000050 _____ C:\Windows\hfbh.txt
2014-01-18 00:49 - 2012-08-15 19:00 - 00000000 ____D C:\Windows\erdnt
2014-01-18 00:43 - 2013-10-02 21:18 - 00000000 _____ C:\Windows\SysWOW64\config.nt
2014-01-17 23:22 - 2014-01-17 23:22 - 00021177 _____ C:\ComboFix.txt
2014-01-17 23:21 - 2009-07-14 06:34 - 00000215 _____ C:\Windows\system.ini
2014-01-17 23:06 - 2009-07-14 09:08 - 00032536 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2014-01-17 21:32 - 2013-07-25 21:27 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-01-17 21:31 - 2014-01-17 21:30 - 00000000 ____D C:\AdwCleaner
2014-01-17 21:26 - 2014-01-13 01:03 - 00089304 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-01-17 21:03 - 2013-01-22 14:40 - 00000000 ____D C:\Users\Fyodor\AppData\Local\Google
2014-01-17 21:02 - 2014-01-17 21:02 - 01128472 _____ (Google Inc.) C:\Windows\system32\GoogleInputTools.ime
2014-01-17 21:02 - 2014-01-17 21:02 - 00984088 _____ (Google Inc.) C:\Windows\SysWOW64\GoogleInputTools.ime
2014-01-17 21:02 - 2013-02-04 20:44 - 00000000 ____D C:\ProgramData\Google
2014-01-17 21:02 - 2013-01-22 14:40 - 00000000 ____D C:\Program Files (x86)\Google
2014-01-17 21:01 - 2014-01-17 21:01 - 00000000 ____D C:\Program Files (x86)\Privoxy
2014-01-17 19:54 - 2013-11-06 08:54 - 00000000 ____D C:\Users\Guest
2014-01-17 19:54 - 2009-07-14 07:20 - 00000000 ____D C:\Windows\registration
2014-01-17 19:49 - 2014-01-16 21:38 - 00000000 ____D C:\ProgramData\Package Cache
2014-01-16 21:53 - 2014-01-16 21:53 - 00000000 ____D C:\Users\Fyodor\AppData\Local\Windows Assessment Console
2014-01-16 21:05 - 2013-12-14 14:37 - 00000000 ___DC C:\Users\Fyodor\AppData\Local\MigWiz
2014-01-16 18:47 - 2014-01-16 18:46 - 00000000 ____D C:\Users\Fyodor\AppData\Local\Dataram_Corporation
2014-01-15 22:42 - 2014-01-15 22:42 - 00040826 _____ C:\Windows\system32\energy-report.html
2014-01-15 21:45 - 2014-01-15 21:37 - 00000000 ____D C:\Users\Fyodor\AppData\Local\Abelssoft
2014-01-15 21:03 - 2012-08-09 16:14 - 00759668 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2014-01-15 21:01 - 2013-07-29 00:03 - 00000000 ____D C:\Windows\system32\MRT
2014-01-15 21:00 - 2012-08-09 18:19 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-15 18:50 - 2014-01-15 17:42 - 00000000 ____D C:\Users\Fyodor\AppData\Roaming\gsmartcontrol
2014-01-15 15:33 - 2014-01-15 15:33 - 00000055 _____ C:\Users\Fyodor\AppData\Roaming\mbam.context.scan
2014-01-15 15:14 - 2014-01-15 15:14 - 00000000 ____D C:\ProgramData\Licenses
2014-01-14 14:47 - 2014-01-01 19:55 - 00000000 ____D C:\ProgramData\Soluto
2014-01-14 01:22 - 2012-08-10 15:07 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2014-01-14 00:06 - 2013-03-23 15:20 - 00002776 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-01-13 23:09 - 2009-07-14 07:20 - 00000000 ____D C:\Windows\system32\Msdtc
2014-01-13 02:12 - 2014-01-12 21:02 - 00000000 ____D C:\Users\Fyodor\AppData\Local\Deployment
2014-01-13 02:04 - 2014-01-01 18:29 - 00181064 _____ (Sysinternals) C:\Windows\PSEXESVC.EXE
2014-01-13 02:04 - 2009-07-14 06:34 - 00000439 _____ C:\Windows\win.ini
2014-01-13 01:18 - 2012-08-09 16:19 - 00000000 ____D C:\Windows\System32\Tasks\Lenovo
2014-01-13 01:18 - 2012-08-09 16:19 - 00000000 ____D C:\Program Files\Lenovo
2014-01-13 01:16 - 2014-01-13 01:16 - 00000000 ____D C:\Users\Fyodor\AppData\Roaming\LSC
2014-01-13 01:16 - 2014-01-13 01:16 - 00000000 ____D C:\Users\Fyodor\AppData\Roaming\Lenovo
2014-01-13 01:16 - 2014-01-13 01:16 - 00000000 ____D C:\Users\Fyodor\AppData\Local\LSC
2014-01-13 01:16 - 2013-01-31 20:59 - 00000000 ____D C:\Users\Fyodor\AppData\Roaming\Adobe
2014-01-13 01:16 - 2013-01-31 20:59 - 00000000 ____D C:\Users\Fyodor\AppData\Local\Adobe
2014-01-13 01:16 - 2012-08-09 16:48 - 00000000 ____D C:\ldiag
2014-01-13 01:15 - 2012-08-09 16:19 - 00000000 ____D C:\Windows\Downloaded Installations
2014-01-13 00:56 - 2014-01-13 00:42 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Exploit
2014-01-13 00:37 - 2013-01-22 14:39 - 00000000 ____D C:\Users\Fyodor\AppData\Roaming\Skype
2014-01-13 00:04 - 2014-01-13 00:03 - 00000000 ____D C:\Program Files\stinger
2014-01-12 23:53 - 2013-12-07 16:49 - 00000000 ____D C:\ProgramData\WRData
2014-01-12 21:50 - 2014-01-12 21:04 - 00000000 ____D C:\Users\Fyodor\AppData\Roaming\Ghostbuster
2014-01-12 21:50 - 2013-02-06 22:17 - 00000000 ____D C:\Users\Fyodor\AppData\Local\Apps\2.0
2014-01-12 18:12 - 2013-11-15 14:29 - 00000000 ____D C:\Program Files (x86)\CleanMem
2014-01-12 18:12 - 2009-07-14 07:20 - 00000000 ____D C:\Windows\security
2014-01-06 17:54 - 2009-07-14 07:20 - 00000000 ____D C:\Windows\rescache
2014-01-04 10:12 - 2013-11-18 22:32 - 00000000 ____D C:\Program Files\Microsoft Games
2014-01-01 20:07 - 2014-01-01 19:55 - 00000193 _____ C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
2014-01-01 19:30 - 2014-01-01 19:28 - 00000000 ____D C:\Program Files (x86)\trend micro
2014-01-01 19:28 - 2014-01-01 19:28 - 00000000 ____D C:\rsit
2014-01-01 18:37 - 2014-01-01 18:37 - 00003408 ____N C:\bootsqm.dat
2014-01-01 18:10 - 2014-01-01 18:10 - 00000000 ____D C:\Program Files\TPFanControl
2014-01-01 16:22 - 2012-08-10 01:56 - 00000000 ____D C:\Windows\Panther
2013-12-31 22:18 - 2009-07-14 07:20 - 00000000 ____D C:\Windows\system
 
Some content of TEMP:
====================
C:\Users\Fyodor\AppData\Local\temp\xReflect.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== BCD ================================
 
Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  boot
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
default                 {current}
resumeobject            {728993aa-c06c-11e2-8bf2-806e6f6e6963}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 10
 
Windows Boot Loader
-------------------
identifier              {current}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Windows 7
locale                  en-US
osdevice                partition=C:
systemroot              \Windows
resumeobject            {728993aa-c06c-11e2-8bf2-806e6f6e6963}
nx                      OptIn
pae                     ForceDisable
quietboot               No
 
Resume from Hibernate
---------------------
identifier              {728993aa-c06c-11e2-8bf2-806e6f6e6963}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows 7
locale                  en-US
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
debugoptionenabled      No
 
Windows Memory Tester
---------------------
identifier              {memdiag}
device                  boot
path                    \Boot\memtest.exe
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes
 
EMS Settings
------------
identifier              {emssettings}
bootems                 Yes
 
Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200
 
RAM Defects
-----------
identifier              {badmemory}
 
Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}
 
Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}
 
Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200
 
Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}
 
Device options
--------------
identifier              {1f8184a5-14de-11df-9734-f08c6d8c50b0}
description             Ramdisk Options
ramdisksdidevice        unknown
ramdisksdipath          \Recovery\1f8184a4-14de-11df-9734-f08c6d8c50b0\boot.sdi
 
 
 
LastRegBack: 2014-01-19 15:41
 
==================== End Of Log ============================
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Addition.txt:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-01-2014
Ran by Fyodor at 2014-01-25 17:10:54
Running from C:\Users\Fyodor\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
µTorrent (x32 Version: 3.3.0.29342 - BitTorrent Inc.)
64 Bit HP CIO Components Installer (Version: 13.2.1 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (Version: 7.2.4 - Hewlett-Packard) Hidden
7-Zip 9.20 (x64 edition) (Version: 9.20.00.0 - Igor Pavlov)
Adobe AIR (x32 Version: 3.5.0.1060 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.5.0.1060 - Adobe Systems Incorporated) Hidden
Adobe Reader XI (11.0.06) (x32 Version: 11.0.06 - Adobe Systems Incorporated)
avast! Free Antivirus (x32 Version: 9.0.2011 - Avast Software)
CCleaner (Version: 3.28 - Piriform)
Cisco EAP-FAST Module (x32 Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (x32 Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (x32 Version: 1.1.6 - Cisco Systems, Inc.)
CleanMem (x32 Version: v2.4.3 - PcWinTech.com)
Conexant 20672 SmartAudio HD (Version: 8.32.23.5 - Conexant)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32 Version:  - Microsoft)
DjVuLibre+DjView (x32 Version: 3.5.25.3+4.9 - DjVuZone)
FastStone Image Viewer 4.8 (x32 Version: 4.8 - FastStone Soft)
Google Chrome (x32 Version: 32.0.1700.76 - Google Inc.)
Google Input Russian (Version:  - Google Inc.)
Google Input Tools (Version:  - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
Intel® Network Connections Drivers (Version: 16.8 - Intel)
Intel® Processor Graphics (x32 Version: 9.17.10.2843 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (x32 Version: 2.0.0.37149 - Intel Corporation)
Java 7 Update 45 (x32 Version: 7.0.450 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
JavaFX 2.1.1 (x32 Version: 2.1.1 - Oracle Corporation)
Lenovo Patch Utility (x32 Version: 1.0.1.1 - Lenovo Group Limited)
Lenovo Patch Utility (x32 Version: 1.3.0.9 - Lenovo Group Limited)
Lenovo Patch Utility 64 bit (Version: 1.2.0.1 - Lenovo Group Limited)
Lenovo Patch Utility 64 bit (Version: 1.3.0.9 - Lenovo Group Limited)
Lenovo Power Management Driver (Version: 1.67.04.04 - )
Lenovo System Interface Driver (Version: 1.05 - )
Lenovo System Update (x32 Version: 5.03.0005 - Lenovo)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office 2010, версия для дома и учебы (x32 Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Access MUI (Russian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (Russian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (Russian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (Russian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (Russian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Russian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Ukrainian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (Russian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (Russian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office ScreenTip Language 2010 - English (x32 Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Shared 64-bit MUI (Russian) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (Russian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (Russian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (x32 Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
On Screen Display (Version: 6.70.00 - )
Privoxy (remove only) (x32 Version:  - )
RICOH_Media_Driver_v2.14.18.01 (x32 Version: 2.14.18.01 - RICOH)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Skype™ 5.10 (x32 Version: 5.10.116 - Skype Technologies S.A.)
Speccy (Version: 1.20 - Piriform)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Tarrasch Chess GUI V2.02ar (x32 Version:  - Triple Happy Ltd.)
ThinkPad UltraNav Driver (Version: 16.2.19.7 - )
ThinkPad UltraNav Utility (x32 Version: 2.13.0 - Lenovo)
ThinkPad Wireless LAN Adapter Software (x32 Version: 1.00.0031.1 - )
TPFanControl v0.63 (Version:  - troubadix)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553157) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589370) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760758) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (x32 Version:  - Microsoft)
VLC media player 2.1.2 (x32 Version: 2.1.2 - VideoLAN)
Цитата из Библии (BibleQuote) 5.01 (x32 Version:  - JesusChrist.ru)
 
==================== Restore Points  =========================
 
20-01-2014 13:43:55 Scheduled Checkpoint
23-01-2014 04:51:46 Installed Macrium Reflect Free Edition
23-01-2014 12:37:04 Removed Macrium Reflect Free Edition
 
==================== Hosts content: ==========================
 
2009-07-14 06:34 - 2013-10-23 21:37 - 00000054 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
192.168.20.100 lm-sr-server
 
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {00AC4696-F6A4-4C37-8D28-6C8E9A548FBA} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-02-25] (Piriform Ltd)
Task: {3895F57A-3971-43C4-85D1-2E0A4C8D5F11} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-01-18] (AVAST Software)
Task: {4CFD047F-1858-495B-98AB-53F34A824DB4} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-04-17] (Synaptics Incorporated)
Task: {60777134-FE56-484F-A86D-8043FD13EF01} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe
Task: {B745F3DE-D22B-4A57-BB81-02D1A5B9D748} - \Microsoft\Windows\Defrag\ScheduledDefrag No Task File
Task: {DEC86BF0-F666-4506-9B38-9BCD80FCAB73} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-22] (Google Inc.)
Task: {F55C6650-8730-4B7F-B249-3F755C620B55} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-22] (Google Inc.)
Task: {FC091CCD-753A-40CD-AF3B-FD4DF558A14D} - System32\Tasks\Clean System Memory => C:\Windows\syswow64\CleanMem.exe [2012-09-21] (PcWinTech.com)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2011-03-07 04:07 - 2011-03-07 04:07 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-01-25 14:46 - 2014-01-25 12:26 - 02166272 _____ () C:\Program Files\AVAST Software\Avast\defs\14012500\algo.dll
2014-01-18 21:26 - 2014-01-18 21:26 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2013-03-08 18:48 - 2013-03-08 18:48 - 00086528 _____ () C:\Program Files (x86)\Privoxy\mgwz.dll
2014-01-17 21:03 - 2014-01-11 14:28 - 00715544 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\libglesv2.dll
2014-01-17 21:03 - 2014-01-11 14:28 - 00100120 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\libegl.dll
2014-01-17 21:03 - 2014-01-11 14:29 - 04055320 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\pdf.dll
2014-01-17 21:03 - 2014-01-11 14:29 - 00399640 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\ppGoogleNaClPluginChrome.dll
2014-01-17 21:03 - 2014-01-11 14:28 - 01634584 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\74188782.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\74188782.sys => ""="Driver"
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/24/2014 07:33:02 PM) (Source: MsiInstaller) (User: THINKPAD)
Description: Product: Adobe Reader XI - Update '{AC76BA86-7AD7-0000-2550-7A8C40011006}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127
 
Error: (01/23/2014 04:52:43 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (01/23/2014 04:50:49 PM) (Source: Application Error) (User: )
Description: Faulting application name: wnmuueox.exe, version: 2.1.19355.0, time stamp: 0x52dedef9
Faulting module name: wnmuueox.exe, version: 2.1.19355.0, time stamp: 0x52dedef9
Exception code: 0xc0000005
Fault offset: 0x00012298
Faulting process id: 0x1294
Faulting application start time: 0xwnmuueox.exe0
Faulting application path: wnmuueox.exe1
Faulting module path: wnmuueox.exe2
Report Id: wnmuueox.exe3
 
Error: (01/23/2014 08:54:31 AM) (Source: Windows Search Service) (User: )
Description: Windows Search Service failed to process the list of included and excluded locations with the error <30, 0x80040d07, "iehistory://{S-1-5-21-3953638484-3784769289-2280066693-1012}/">.
 
Error: (01/23/2014 08:52:39 AM) (Source: Windows Search Service) (User: )
Description: Windows Search Service failed to process the list of included and excluded locations with the error <30, 0x80040d07, "iehistory://{S-1-5-21-3953638484-3784769289-2280066693-1012}/">.
 
Error: (01/20/2014 08:54:30 PM) (Source: Windows Search Service) (User: )
Description: Windows Search Service failed to process the list of included and excluded locations with the error <30, 0x80040d07, "iehistory://{S-1-5-21-3953638484-3784769289-2280066693-1012}/">.
 
Error: (01/20/2014 08:04:51 PM) (Source: Windows Search Service) (User: )
Description: Windows Search Service failed to process the list of included and excluded locations with the error <30, 0x80040d07, "iehistory://{S-1-5-21-3953638484-3784769289-2280066693-1012}/">.
 
Error: (01/20/2014 04:40:12 PM) (Source: Windows Search Service) (User: )
Description: Windows Search Service failed to process the list of included and excluded locations with the error <30, 0x80040d07, "iehistory://{S-1-5-21-3953638484-3784769289-2280066693-1012}/">.
 
Error: (01/20/2014 04:40:07 PM) (Source: Windows Search Service) (User: )
Description: The index cannot be initialized.
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (01/20/2014 04:40:07 PM) (Source: Windows Search Service) (User: )
Description: The application cannot be initialized.
 
Context: Windows Application
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
 
System errors:
=============
Error: (01/25/2014 10:44:55 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.
 
Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126
 
Error: (01/24/2014 04:26:39 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.
 
Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126
 
Error: (01/24/2014 10:48:24 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.
 
Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126
 
Error: (01/24/2014 08:39:04 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.
 
Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126
 
Error: (01/24/2014 08:21:58 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.
 
Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126
 
Error: (01/24/2014 08:21:53 AM) (Source: volmgr) (User: )
Description: Crash dump initialization failed!
 
 
Microsoft Office Sessions:
=========================
Error: (01/24/2014 07:33:02 PM) (Source: MsiInstaller)(User: THINKPAD)
Description: Adobe Reader XI{AC76BA86-7AD7-0000-2550-7A8C40011006}1625(NULL)(NULL)(NULL)
 
Error: (01/23/2014 04:52:43 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestF:\HBCD\Programs\Antivirus and diagnostics\esetsmartinstaller_enu.exe
 
Error: (01/23/2014 04:50:49 PM) (Source: Application Error)(User: )
Description: wnmuueox.exe2.1.19355.052dedef9wnmuueox.exe2.1.19355.052dedef9c000000500012298129401cf1839017b893eC:\Users\Fyodor\Desktop\wnmuueox.exeC:\Users\Fyodor\Desktop\wnmuueox.exefba4de80-842c-11e3-8c83-0021cc652350
 
Error: (01/23/2014 08:54:31 AM) (Source: Windows Search Service)(User: )
Description: 300x80040d07iehistory://{S-1-5-21-3953638484-3784769289-2280066693-1012}/
 
Error: (01/23/2014 08:52:39 AM) (Source: Windows Search Service)(User: )
Description: 300x80040d07iehistory://{S-1-5-21-3953638484-3784769289-2280066693-1012}/
 
Error: (01/20/2014 08:54:30 PM) (Source: Windows Search Service)(User: )
Description: 300x80040d07iehistory://{S-1-5-21-3953638484-3784769289-2280066693-1012}/
 
Error: (01/20/2014 08:04:51 PM) (Source: Windows Search Service)(User: )
Description: 300x80040d07iehistory://{S-1-5-21-3953638484-3784769289-2280066693-1012}/
 
Error: (01/20/2014 04:40:12 PM) (Source: Windows Search Service)(User: )
Description: 300x80040d07iehistory://{S-1-5-21-3953638484-3784769289-2280066693-1012}/
 
Error: (01/20/2014 04:40:07 PM) (Source: Windows Search Service)(User: )
Description: 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (01/20/2014 04:40:07 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-01-18 00:55:25.829
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Fyodor\AppData\Local\temp\mbr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-01-18 00:55:25.795
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Fyodor\AppData\Local\temp\mbr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 35%
Total physical RAM: 3979.23 MB
Available physical RAM: 2586.18 MB
Total Pagefile: 3977.41 MB
Available Pagefile: 2410.73 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:100 GB) (Free:71.5 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (SYSTEM_DRV) (Fixed) (Total:1.17 GB) (Free:0.64 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119 GB) (Disk ID: D9939F74)
Partition 1: (Not Active) - (Size=1 GB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=100 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================

Edited by fyodor, 25 January 2014 - 08:18 AM.


#5 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:06 AM

Posted 25 January 2014 - 07:15 PM

Hi,
 
what was the reason to examine your loaded drivers to begin with?
Do you experience any symptoms that point to the possible presence of malware? Or is everything running smoothly?
I see traces from a lot of security programs in your log (also in the driver section). These security programs often create randomized drivers ("gibberish" as you call them) themselves. So could it be that you dig out drivers or traces of drivers from other security tools that you are running or have run?
 
 
Step 1

Please download this attached Attached File  fixlist.txt   1.26KB   5 downloads and save it in the same directory as FRST.

  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to same location the tool was run from.
    Please copy and paste its contents in your next reply.

Reboot your computer now.



Step 2

Start FRST again with administator privileges.

  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
  • Please copy and paste this log in your next reply.


#6 fyodor

fyodor
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:06 AM

Posted 26 January 2014 - 02:41 PM

Hi,

 

Well, I haven't really noticed any signs of malware. Thanks for the fixlogfile. I don't think it's neccessary to go any further and this topic may be closed.



#7 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:06 AM

Posted 28 January 2014 - 01:36 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users