Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

virus will never be removed


  • This topic is locked This topic is locked
4 replies to this topic

#1 Belal

Belal

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:38 PM

Posted 29 October 2014 - 03:41 PM

hello guys i have this virus on my computer when opening any application or .exe file getting some files called srvsrvsrvsrv something like 1000 file , also mgrmgrmgrmgr 1000 too and Its opening at the Task Manager too and slowing the pc very much
this is the dds
DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 11.0.9600.17280  BrowserJavaVersion: 11.25.2
Run by Deadly at 22:33:01 on 2014-10-29
Microsoft Windows 7 Ultimate   6.1.7601.1.1256.20.1033.18.3326.1456 [GMT 2:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\lsm.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\system32\atieclxx.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\TeamViewer\Version9\TeamViewer.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\TeamViewer\Version9\tv_w32.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Program Files\Clownfish\Clownfish.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Ela-Salaty\Salaty.exe
C:\Program Files\Wonderful\wonderfl.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\ping.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k SDRSVC
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = c:\windows\system32\userinit.exe,,userinit.exe,c:\program files\aboulhvv\ihghvhfm.exe,c:\windows\system32\c:\program files\microsoft\desktoplayersrv.exe,c:\windows\system32\c:\program files\microsoft\desktoplayermgrsrvmgrsrvmgrsrv.exe,c:\windows\system32\c:\program files\microsoft\desktoplayer.exe,d:\games\online games\league of legends\rads\projects\lol_air_client\releases\0.0.1.115\deploy\lolclientsrvsrvsrvsrv.exe,d:\games\online games\league of legends\rads\projects\lol_launcher\releases\0.0.0.224\deploy\lollaunchersrvsrvsrvsrv.exe,d:\games\online games\league of legends\rads\projects\lol_launcher\releases\0.0.0.224\deploy\lollaunchersrvsrvsrv.exe,c:\windows\system32\winlogonsrvmgrsrv.exe
BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - c:\program files\internet download manager\IDMIECC.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.8.0_25\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre1.8.0_25\bin\jp2ssv.dll
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
uRun: [CCleaner Monitoring] "c:\program files\ccleaner\CCleaner.exe" /MONITOR
uRun: [MK LOL] "c:\program files\mkjogo\mk im\bin\MKIM.exe" -auto
uRun: [Clownfish] "c:\program files\clownfish\Clownfish.exe"
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe"  -osboot
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
StartupFolder: c:\users\deadly\appdata\roaming\micros~1\windows\startm~1\programs\startup\ela-sa~1.lnk - c:\program files\ela-salaty\Salaty.exe
StartupFolder: c:\users\deadly\appdata\roaming\micros~1\windows\startm~1\programs\startup\thewon~1.lnk - c:\program files\wonderful\wonderfl.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
TCP: Interfaces\{FDA486F3-3CB0-42DC-A883-51DD9781C2DD} : NameServer = 163.121.128.134,163.121.128.135
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs= d:\mbots\crashh~1\detour.dll d:\mbots\crashh~1\detour.dll d:\mbots\crashh~1\detour.dll d:\mbots\crashh~1\detour.dll d:\mbots\crashh~1\detour.dll d:\mbots\unbrea~1\detour.dll d:\mbots\_deadly\detour.dll d:\mbots\_deadly_\detour.dll d:\mbots\deadly_\detour.dll d:\mbots\lethal\detour.dll d:\mbots\maira\detour.dll d:\mbots\tron\detour.dll d:\mbots\_deadly\detour.dll
SSODL: WebCheck - <orphaned>
STS: AveVistaBackgroundFolder Class - {73526E5A-FD53-4BE7-B5E2-D3C89D7413DC} - c:\users\deadly\downloads\avefolderbg\avefolderbg\windows 7\avefolderbgw732bit\VistaFolderBackground.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\38.0.2125.111\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\deadly\appdata\roaming\mozilla\firefox\profiles\7u9cbf0b.default\
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\google\update\1.3.25.5\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre1.8.0_25\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre1.8.0_25\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\users\deadly\appdata\roaming\mozilla\plugins\np-mswmp.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_15_0_0_189.dll
FF - ExtSQL: 2014-10-02 01:12; mozilla_cc@internetdownloadmanager.com; c:\users\deadly\appdata\roaming\idm\idmmzcc5
FF - ExtSQL: 2014-10-02 02:15; wrc@avast.com; c:\program files\avast software\avast\webrep\FF
FF - ExtSQL: 2014-10-25 21:31; {ABDE892B-13A8-4d1b-88E6-365A6E755758}; c:\programdata\real\realplayer\browserrecordplugin\firefox\Ext
FF - ExtSQL: 2014-10-28 15:07; firefox-hotfix@mozilla.org; c:\users\deadly\appdata\roaming\mozilla\firefox\profiles\7u9cbf0b.default\extensions\firefox-hotfix@mozilla.org.xpi
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2014-10-2 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2014-10-2 192352]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2014-10-2 779536]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [2014-10-2 414520]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-12-6 163328]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2014-10-2 24184]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2014-10-2 67824]
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2014-10-2 71944]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2014-10-2 50344]
R2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files\skype\toolbars\autoupdate\SkypeC2CAutoUpdateSvc.exe [2014-7-14 1390176]
R2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files\skype\toolbars\pnrsvc\SkypeC2CPNRSvc.exe [2014-7-14 1767520]
R2 IDMWFP;IDMWFP;c:\windows\system32\drivers\idmwfp.sys [2013-10-9 107488]
R2 TeamViewer9;TeamViewer 9;c:\program files\teamviewer\version9\TeamViewer_Service.exe [2014-10-2 4799760]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2014-10-6 85520]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2014-10-2 643656]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2014-4-3 315008]
S2 Update Framed Display;Update Framed Display;"c:\program files\framed display\updateframeddisplay.exe" --> c:\program files\framed display\updateFramedDisplay.exe [?]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 62464]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2014-10-12 108032]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
S3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\Synth3dVsc.sys [2010-11-21 77184]
S3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 25600]
S3 TGBMPEnum;TheGreenBow VPN Miniport Enumerator;c:\windows\system32\drivers\TGBMPEnum.sys [2013-11-27 32440]
S3 TGBVPNVirtM;TheGreenBow Virtual Miniport;c:\windows\system32\drivers\TGBVPNVirtM.sys [2013-11-27 113336]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 112640]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=c:\windows\system32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2014-10-29 09:31:15 -------- d-----w- c:\users\deadly\appdata\roaming\PDAppFlex
2014-10-29 09:30:45 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2014-10-29 09:28:17 -------- d-----w- c:\programdata\Package Cache
2014-10-28 10:34:04 167769 ----a-w- c:\windows\system32\DllHostSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrv.exe
2014-10-28 08:59:15 -------- d-----w- c:\program files\Clownfish
2014-10-27 13:15:32 -------- d-----w- c:\program files\VideoLAN
2014-10-27 11:33:16 167769 ----a-w- c:\windows\system32\servicesSrvSrvSrvSrvSrv.exe
2014-10-27 11:33:09 167769 ----a-w- c:\windows\system32\winlogonSrvSrvSrvSrvSrvSrvSrvSrv.exe
2014-10-27 11:33:09 167769 ----a-w- c:\windows\system32\wininitSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrv.exe
2014-10-27 10:58:31 167769 ----a-w- c:\windows\system32\wininitSrvSrvSrvSrvSrvSrvSrvSrvSrvSrv.exe
2014-10-27 10:58:30 167769 ----a-w- c:\windows\system32\winlogonSrvSrvSrv.exe
2014-10-27 10:58:30 167769 ----a-w- c:\windows\system32\winlogonSrvSrv.exe
2014-10-27 10:58:30 167769 ----a-w- c:\windows\system32\wininitSrvSrv.exe
2014-10-27 10:03:47 108544 ----a-w- c:\windows\system32\winlogonSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvmgrSrvSrvmgr.exe
2014-10-27 10:01:30 108544 ----a-w- c:\windows\system32\wininitSrvSrvSrvSrvSrvSrvmgrSrvSrvmgr.exe
2014-10-27 09:31:37 167769 ----a-w- c:\windows\system32\wininitSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvmgrSrvSrvSrv.exe
2014-10-27 09:31:37 167769 ----a-w- c:\windows\system32\wininitSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvmgrSrvSrvSrvSrv.exe
2014-10-27 09:31:37 108544 ----a-w- c:\windows\system32\wininitSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvmgrSrvmgr.exe
2014-10-27 09:31:37 108544 ----a-w- c:\windows\system32\wininitSrvSrvSrvSrvmgrSrvSrvSrvmgr.exe
2014-10-27 09:31:36 167769 ----a-w- c:\windows\system32\wininitSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvmgrSrvSrv.exe
2014-10-27 09:31:27 167769 ----a-w- c:\windows\system32\winlogonSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvmgrSrvSrv.exe
2014-10-27 09:31:25 108544 ----a-w- c:\windows\system32\winlogonSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvmgr.exe
2014-10-27 09:31:24 167769 ----a-w- c:\windows\system32\winlogonSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvmgrSrv.exe
2014-10-27 09:31:24 167769 ----a-w- c:\windows\system32\wininitSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvmgrSrvSrv.exe
2014-10-27 09:31:22 167769 ----a-w- c:\windows\system32\wininitSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvmgrSrv.exe
2014-10-27 09:23:51 167769 ----a-w- c:\windows\system32\winlogonSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvmgrSrvSrvSrvSrvSrvSrv.exe
2014-10-27 09:09:38 167769 ----a-w- c:\windows\system32\winlogonSrvSrvSrvSrvSrvSrvSrvmgrSrvSrvmgrSrv.exe
2014-10-26 20:50:04 -------- d-----w- c:\users\deadly\appdata\roaming\Mikrotik
2014-10-26 10:51:05 167769 ----a-w- c:\windows\system32\servicesSrvSrvSrv.exe
2014-10-26 10:51:04 167769 ----a-w- c:\windows\system32\winlogonSrvSrvSrvSrvmgrSrvSrv.exe
2014-10-26 10:51:04 167769 ----a-w- c:\windows\system32\winlogonSrvSrvSrvmgrSrvSrv.exe
2014-10-26 10:51:04 167769 ----a-w- c:\windows\system32\winlogonSrvSrvmgrSrvSrvSrv.exe
2014-10-26 10:51:03 167769 ----a-w- c:\windows\system32\servicesSrvSrv.exe
2014-10-26 10:48:59 167769 ----a-w- c:\windows\system32\userinitSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrv.exe
2014-10-25 20:00:26 167769 ----a-w- c:\windows\system32\winlogonSrvSrvSrvSrvSrv.exe
2014-10-25 20:00:26 108544 ----a-w- c:\windows\system32\winlogonSrvSrvmgr.exe
2014-10-25 20:00:26 108544 ----a-w- c:\windows\system32\wininitSrvmgr.exe
2014-10-25 20:00:25 167769 ----a-w- c:\windows\system32\wininitSrvSrvSrvSrvSrvSrvSrv.exe
2014-10-25 13:19:04 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-10-25 13:18:41 -------- d-----w- c:\programdata\Oracle
2014-10-24 20:54:44 -------- d-----w- c:\program files\common files\xing shared
2014-10-23 16:47:43 -------- d-----w- c:\users\deadly\appdata\roaming\Baidu Security
2014-10-23 16:47:42 47456 ----a-w- c:\windows\system32\drivers\Bhbase.sys
2014-10-21 20:01:10 -------- d-----w- c:\windows\AYLTVN
2014-10-21 20:00:26 -------- d-----w- c:\users\deadly\appdata\roaming\IDM
2014-10-21 20:00:03 227840 ----a-w- c:\windows\Patch.exe
2014-10-19 05:57:30 -------- d-sh--w- c:\users\deadly\appdata\local\EmieUserList
2014-10-19 05:57:30 -------- d-sh--w- c:\users\deadly\appdata\local\EmieSiteList
2014-10-18 18:41:25 -------- d-----w- c:\program files\Tasker
2014-10-16 03:03:42 -------- d-----w- c:\windows\system32\%ProgramFiles%
2014-10-15 16:51:05 -------- d-----w- c:\users\deadly\appdata\roaming\DRPSu
2014-10-14 15:33:29 -------- d-----w- c:\users\deadly\appdata\local\Research In Motion
2014-10-14 15:33:28 -------- d-----w- c:\users\deadly\appdata\roaming\Research In Motion
2014-10-14 15:32:05 35840 ----a-w- c:\windows\system32\drivers\RimSerial.sys
2014-10-14 15:31:40 -------- d-----w- c:\programdata\Research In Motion
2014-10-14 15:31:21 -------- d-----w- c:\program files\Research In Motion
2014-10-14 15:31:21 -------- d-----w- c:\program files\common files\XCPCSync.OEM
2014-10-14 15:31:21 -------- d-----w- c:\program files\common files\Research In Motion
2014-10-13 11:52:25 -------- d-----w- c:\users\deadly\appdata\roaming\Systweak
2014-10-13 11:52:09 -------- d-----w- c:\program files\RegClean Pro
2014-10-13 11:51:26 2641920 ----a-w- c:\windows\system32\CShell.dll
2014-10-13 11:51:26 252928 ----a-w- c:\windows\system32\BugTrap.dll
2014-10-13 10:41:47 -------- d-----w- c:\users\deadly\appdata\roaming\TeamViewer
2014-10-12 04:23:34 -------- d-----w- c:\windows\system32\appmgmt
2014-10-12 03:04:23 62576 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{a14831f3-c395-4bae-b868-a9302da8e473}\offreg.dll
2014-10-11 23:35:54 99480 ----a-w- c:\windows\system32\infocardapi.dll
2014-10-11 23:35:50 8856 ----a-w- c:\windows\system32\icardres.dll
2014-10-11 23:35:42 619672 ----a-w- c:\windows\system32\icardagt.exe
2014-10-11 23:35:38 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
2014-10-11 23:25:16 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-10-11 22:49:48 317440 ----a-w- c:\windows\system32\spoolsv.exe
2014-10-11 22:46:05 2616320 ----a-w- c:\windows\explorer.exe
2014-10-11 03:08:35 8806800 ------w- c:\programdata\microsoft\windows defender\definition updates\{a14831f3-c395-4bae-b868-a9302da8e473}\mpengine.dll
2014-10-11 03:02:14 -------- d-----w- c:\windows\Migration
2014-10-11 02:52:22 -------- d-----w- c:\windows\system32\MRT
2014-10-11 02:49:07 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2014-10-11 02:49:06 73216 ----a-w- c:\windows\system32\WUDFSvc.dll
2014-10-11 02:49:06 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2014-10-11 02:49:05 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll
2014-10-11 02:49:04 613888 ----a-w- c:\windows\system32\WUDFx.dll
2014-10-11 02:49:04 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2014-10-11 02:49:04 196608 ----a-w- c:\windows\system32\WUDFHost.exe
2014-10-11 02:44:48 164864 ----a-w- c:\program files\windows media player\wmplayer.exe
2014-10-11 02:44:48 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2014-10-11 01:02:55 434688 ----a-w- c:\windows\system32\scavengeui.dll
2014-10-11 00:57:22 80256 ----a-w- c:\windows\system32\drivers\amdsata.sys
2014-10-11 00:57:22 74240 ----a-w- c:\windows\system32\fsutil.exe
2014-10-11 00:57:22 332160 ----a-w- c:\windows\system32\drivers\iaStorV.sys
2014-10-11 00:57:22 22400 ----a-w- c:\windows\system32\drivers\amdxata.sys
2014-10-11 00:57:22 1699328 ----a-w- c:\windows\system32\esent.dll
2014-10-11 00:57:22 143744 ----a-w- c:\windows\system32\drivers\nvstor.sys
2014-10-11 00:57:22 117120 ----a-w- c:\windows\system32\drivers\nvraid.sys
2014-10-11 00:55:43 550912 ----a-w- c:\windows\system32\kerberos.dll
2014-10-11 00:55:42 1059840 ----a-w- c:\windows\system32\lsasrv.dll
2014-10-11 00:53:56 3969984 ----a-w- c:\windows\system32\ntkrnlpa.exe
2014-10-11 00:53:56 3914176 ----a-w- c:\windows\system32\ntoskrnl.exe
2014-10-11 00:53:55 304128 ----a-w- c:\windows\system32\winlogon.exe
2014-10-11 00:53:54 538112 ----a-w- c:\windows\system32\objsel.dll
2014-10-11 00:53:54 51200 ----a-w- c:\windows\system32\cngprovider.dll
2014-10-11 00:53:54 49664 ----a-w- c:\windows\system32\adprovider.dll
2014-10-11 00:53:54 48128 ----a-w- c:\windows\system32\capiprovider.dll
2014-10-11 00:53:54 47616 ----a-w- c:\windows\system32\dpapiprovider.dll
2014-10-11 00:53:54 36864 ----a-w- c:\windows\system32\dimsroam.dll
2014-10-11 00:53:54 35328 ----a-w- c:\windows\system32\wincredprovider.dll
2014-10-11 00:53:54 293376 ----a-w- c:\windows\system32\KernelBase.dll
2014-10-11 00:52:30 44032 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2014-10-11 00:52:30 193536 ----a-w- c:\windows\system32\dhcpcore6.dll
2014-10-11 00:49:15 231424 ----a-w- c:\windows\system32\mswsock.dll
2014-10-11 00:48:00 903168 ----a-w- c:\windows\system32\certutil.exe
2014-10-11 00:47:59 43008 ----a-w- c:\windows\system32\certenc.dll
2014-10-11 00:47:32 1505280 ----a-w- c:\windows\system32\d3d11.dll
2014-10-11 00:47:30 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2014-10-10 11:00:20 5120 ----a-w- c:\windows\system32\wmi.dll
2014-10-10 11:00:20 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2014-10-10 10:55:27 8806800 ----a-w- c:\programdata\microsoft\windows defender\definition updates\backup\mpengine.dll
2014-10-10 01:38:23 -------- d-----w- c:\programdata\Baidu Security
2014-10-10 01:38:13 -------- d-----w- c:\programdata\baidu
2014-10-10 01:32:31 -------- d-----w- c:\users\deadly\appdata\roaming\baidu
2014-10-10 01:26:58 499712 ----a-w- c:\windows\system32\msvcp71.dll
2014-10-10 01:26:58 348160 ----a-w- c:\windows\system32\msvcr71.dll
2014-10-10 01:13:54 -------- d-----w- c:\users\deadly\appdata\roaming\Steganos VPN
2014-10-10 01:13:47 -------- d-----w- c:\program files\common files\Steganos
2014-10-10 01:09:04 -------- d-----w- c:\users\deadly\appdata\roaming\Steganos
2014-10-10 00:51:16 -------- d-----w- c:\program files\common files\temp
2014-10-10 00:51:05 -------- d-----w- c:\programdata\TheGreenBow
2014-10-09 22:02:58 -------- d-----w- c:\users\deadly\appdata\roaming\LolClient
2014-10-09 20:46:05 175104 ----a-w- c:\windows\system32\wintrust.dll
2014-10-09 20:44:25 69632 ----a-w- c:\windows\system32\smss.exe
2014-10-09 20:44:25 640512 ----a-w- c:\windows\system32\advapi32.dll
2014-10-09 20:44:25 619520 ----a-w- c:\windows\system32\tdh.dll
2014-10-09 20:44:25 38912 ----a-w- c:\windows\system32\csrsrv.dll
2014-10-09 20:44:25 1289096 ----a-w- c:\windows\system32\ntdll.dll
2014-10-09 20:44:12 81920 ----a-w- c:\windows\system32\davclnt.dll
2014-10-09 20:44:12 205824 ----a-w- c:\windows\system32\WebClnt.dll
2014-10-09 20:44:12 115712 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2014-10-09 20:43:43 163840 ----a-w- c:\windows\system32\scrrun.dll
2014-10-09 20:43:43 141824 ----a-w- c:\windows\system32\wscript.exe
2014-10-09 20:43:43 126976 ----a-w- c:\windows\system32\cscript.exe
2014-10-09 20:43:43 121856 ----a-w- c:\windows\system32\wshom.ocx
2014-10-09 20:43:41 793600 ----a-w- c:\windows\system32\TSWorkspace.dll
2014-10-09 20:42:29 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2014-10-09 20:42:10 67520 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2014-10-09 20:42:10 369848 ----a-w- c:\windows\system32\drivers\cng.sys
2014-10-09 20:42:10 22528 ----a-w- c:\windows\system32\lsass.exe
2014-10-09 20:42:10 22016 ----a-w- c:\windows\system32\secur32.dll
2014-10-09 20:42:10 15872 ----a-w- c:\windows\system32\sspisrv.dll
2014-10-09 20:42:10 136640 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2014-10-09 20:42:10 100352 ----a-w- c:\windows\system32\sspicli.dll
2014-10-09 20:41:59 27072 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2014-10-09 20:41:59 234432 ----a-w- c:\windows\system32\drivers\msiscsi.sys
2014-10-09 20:41:59 2048 ----a-w- c:\windows\system32\iologmsg.dll
2014-10-09 20:41:59 149440 ----a-w- c:\windows\system32\drivers\storport.sys
2014-10-09 20:41:50 311808 ----a-w- c:\windows\system32\drivers\srv.sys
2014-10-09 20:41:50 310272 ----a-w- c:\windows\system32\drivers\srv2.sys
2014-10-09 20:41:50 114688 ----a-w- c:\windows\system32\drivers\srvnet.sys
2014-10-09 20:41:27 571904 ----a-w- c:\windows\system32\oleaut32.dll
2014-10-09 20:41:27 233472 ----a-w- c:\windows\system32\oleacc.dll
2014-10-09 20:41:17 168960 ----a-w- c:\windows\system32\credui.dll
2014-10-09 20:41:17 152576 ----a-w- c:\windows\system32\SmartcardCredentialProvider.dll
2014-10-09 20:39:56 28672 ----a-w- c:\windows\system32\dnscacheugc.exe
2014-10-09 20:38:42 314880 ----a-w- c:\windows\system32\webio.dll
2014-10-09 20:37:54 47104 ----a-w- c:\windows\system32\appinfo.dll
2014-10-09 20:37:54 337408 ----a-w- c:\windows\system32\msihnd.dll
2014-10-09 20:37:54 2363392 ----a-w- c:\windows\system32\msi.dll
2014-10-09 20:37:54 1805824 ----a-w- c:\windows\system32\authui.dll
2014-10-09 20:37:54 101824 ----a-w- c:\windows\system32\consent.exe
2014-10-09 20:37:42 769024 ----a-w- c:\windows\system32\localspl.dll
2014-10-09 20:37:30 690688 ----a-w- c:\windows\system32\msvcrt.dll
2014-10-09 20:36:41 102608 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2014-10-09 20:36:40 626688 ----a-w- c:\windows\system32\usp10.dll
2014-10-09 20:36:33 56176 ----a-w- c:\windows\system32\drivers\partmgr.sys
2014-10-09 20:36:21 67072 ----a-w- c:\windows\system32\packager.dll
2014-10-09 20:36:21 1212352 ----a-w- c:\windows\system32\drivers\ntfs.sys
2014-10-09 20:36:15 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
2014-10-09 20:36:15 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2014-10-09 20:36:09 191488 ----a-w- c:\windows\system32\FXSCOVER.exe
2014-10-09 20:35:52 305152 ----a-w- c:\windows\system32\gdi32.dll
2014-10-09 20:35:52 2352640 ----a-w- c:\windows\system32\win32k.sys
2014-10-09 20:35:24 850944 ----a-w- c:\windows\system32\sbe.dll
2014-10-09 20:35:24 642048 ----a-w- c:\windows\system32\CPFilters.dll
2014-10-09 20:35:24 199680 ----a-w- c:\windows\system32\mpg2splt.ax
2014-10-09 20:35:03 534528 ----a-w- c:\windows\system32\EncDec.dll
2014-10-09 20:33:59 94208 ----a-w- c:\program files\common files\system\ole db\msdaosp.dll
2014-10-09 20:32:12 75776 ----a-w- c:\windows\system32\psisrndr.ax
2014-10-09 20:32:12 465408 ----a-w- c:\windows\system32\psisdecd.dll
2014-10-09 20:30:38 133056 ----a-w- c:\windows\system32\drivers\ataport.sys
2014-10-09 20:28:49 81408 ----a-w- c:\windows\system32\drivers\drmk.sys
2014-10-09 20:28:49 177152 ----a-w- c:\windows\system32\drivers\portcls.sys
2014-10-09 20:28:48 654336 ----a-w- c:\windows\system32\rpcrt4.dll
2014-10-09 20:28:47 301568 ----a-w- c:\windows\system32\msieftp.dll
2014-10-09 20:28:46 919040 ----a-w- c:\windows\system32\rdpcorets.dll
2014-10-09 20:28:12 2048 ----a-w- c:\windows\system32\tzres.dll
2014-10-09 20:25:58 680960 ----a-w- c:\program files\windows defender\MpSvc.dll
2014-10-09 20:25:58 392704 ----a-w- c:\program files\windows defender\MpClient.dll
2014-10-09 20:25:58 224768 ----a-w- c:\program files\windows defender\MpCommu.dll
2014-10-09 20:25:57 1164288 ----a-w- c:\windows\system32\mfc42u.dll
2014-10-09 20:25:57 1137664 ----a-w- c:\windows\system32\mfc42.dll
2014-10-09 20:24:26 76288 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2014-10-09 20:24:26 6016 ----a-w- c:\windows\system32\drivers\usbd.sys
2014-10-09 20:24:26 43520 ----a-w- c:\windows\system32\drivers\usbehci.sys
2014-10-09 20:24:26 284672 ----a-w- c:\windows\system32\drivers\usbport.sys
2014-10-09 20:24:26 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
2014-10-09 18:34:59 826880 ----a-w- c:\windows\system32\rdpcore.dll
2014-10-09 18:34:59 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2014-10-09 18:18:37 2425856 ----a-w- c:\windows\system32\wucltux.dll
2014-10-09 18:18:28 92672 ----a-w- c:\windows\system32\wudriver.dll
2014-10-09 18:18:20 33792 ----a-w- c:\windows\system32\wuapp.exe
2014-10-09 18:18:20 179656 ----a-w- c:\windows\system32\wuwebv.dll
2014-10-09 16:32:28 -------- d-----w- c:\users\deadly\appdata\roaming\edxLabs
2014-10-09 04:08:39 -------- d-----w- c:\windows\en
2014-10-09 04:03:17 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2014-10-09 04:00:47 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2014-10-09 04:00:47 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2014-10-09 04:00:46 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2014-10-09 04:00:46 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2014-10-09 04:00:26 89944 -c--a-w- c:\program files\common files\windows live\.cache\8d3f64031cfe37504\DSETUP.dll
2014-10-09 04:00:26 537432 -c----w- c:\program files\common files\windows live\.cache\8d3f64031cfe37504\DXSETUP.exe
2014-10-09 04:00:26 1801048 -c--a-w- c:\program files\common files\windows live\.cache\8d3f64031cfe37504\dsetup32.dll
2014-10-09 03:59:59 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2014-10-09 03:58:41 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2014-10-09 03:58:28 94040 -c--a-w- c:\program files\common files\windows live\.cache\46b171ca1cfe37502\DSETUP.dll
2014-10-09 03:58:28 525656 -c--a-w- c:\program files\common files\windows live\.cache\46b171ca1cfe37502\DXSETUP.exe
2014-10-09 03:58:28 1691480 -c----w- c:\program files\common files\windows live\.cache\46b171ca1cfe37502\dsetup32.dll
2014-10-09 03:55:36 89944 -c--a-w- c:\program files\common files\windows live\.cache\e0ea07971cfe37401\DSETUP.dll
2014-10-09 03:55:36 537432 -c--a-w- c:\program files\common files\windows live\.cache\e0ea07971cfe37401\DXSETUP.exe
2014-10-09 03:55:36 1801048 -c----w- c:\program files\common files\windows live\.cache\e0ea07971cfe37401\dsetup32.dll
2014-10-09 03:54:08 -------- d-----w- c:\users\deadly\appdata\local\Windows Live
2014-10-09 03:53:56 -------- d-----w- c:\program files\common files\Windows Live
2014-10-09 03:02:03 -------- d-----w- c:\program files\Free MP3 Cutter
2014-10-09 02:24:16 -------- d-----w- c:\program files\VirtualDJ
2014-10-07 01:59:15 32768 ----a-w- c:\windows\w_uninst.exe
2014-10-07 01:59:15 -------- d-----w- c:\program files\Wonderful
2014-10-06 23:07:21 -------- d-----w- c:\users\deadly\appdata\roaming\COWON
2014-10-06 20:56:30 -------- d-----w- c:\users\deadly\appdata\roaming\Youtube Downloader HD
2014-10-06 20:56:14 -------- d-----w- c:\program files\Youtube Downloader HD
2014-10-06 18:55:32 -------- d-----w- c:\users\deadly\appdata\roaming\ParetoLogic
2014-10-06 18:55:32 -------- d-----w- c:\users\deadly\appdata\roaming\DriverCure
2014-10-06 18:55:23 -------- d-----w- c:\programdata\ParetoLogic
2014-10-06 18:37:45 -------- d-----w- c:\programdata\Search Protection
2014-10-06 14:29:59 -------- d-----w- c:\programdata\REGSERVO
2014-10-05 23:22:15 36625920 ----a-w- c:\windows\system32\libcef.dll
2014-10-05 22:24:36 -------- d-----w- c:\users\deadly\appdata\local\ATI
2014-10-05 22:24:07 0 ----a-w- c:\windows\ativpsrm.bin
2014-10-05 22:21:54 -------- d-----w- c:\program files\AMD APP
2014-10-05 22:21:46 -------- d-----w- c:\program files\common files\ATI Technologies
2014-10-05 22:19:52 85520 ----a-w- c:\windows\system32\drivers\AtihdW73.sys
2014-10-05 22:19:40 51200 ----a-w- c:\windows\system32\coinst.dll
2014-10-05 22:19:39 466944 ----a-w- c:\windows\system32\ATIDEMGX.dll
2014-10-05 22:17:57 -------- d-----w- c:\program files\ATI Technologies
2014-10-05 22:17:56 -------- d-----w- c:\program files\ATI
2014-10-05 22:17:32 -------- d-----w- c:\users\deadly\appdata\local\ElevatedDiagnostics
2014-10-05 13:02:45 -------- d-----w- c:\users\deadly\appdata\local\Facebook
2014-10-05 01:47:22 -------- d-----w- c:\windows\pss
2014-10-03 15:08:34 -------- d-----w- c:\users\deadly\appdata\local\Macromedia
2014-10-03 15:06:40 -------- d-----w- c:\users\deadly\appdata\local\Mozilla
2014-10-02 08:41:42 -------- d-----w- c:\windows\Panther
2014-10-02 07:57:33 -------- d-----w- C:\Intel
2014-10-02 07:57:07 -------- d-----w- c:\windows\system32\RTCOM
2014-10-02 07:57:07 -------- d-----w- c:\program files\Realtek
2014-10-02 01:42:40 -------- d-----w- c:\program files\TeamViewer
2014-10-02 01:40:36 -------- d-----w- c:\program files\MKJogo
2014-10-02 01:40:15 -------- d-----w- c:\program files\Cheat Engine 6.4
2014-10-02 01:38:49 -------- d-----w- c:\users\deadly\appdata\local\Programs
2014-10-02 01:31:52 -------- d-----w- c:\windows\Ela-Salaty
2014-10-02 01:31:52 -------- d-----w- c:\program files\Ela-Salaty
2014-10-02 00:42:34 -------- d-----w- c:\program files\Microsoft
2014-10-02 00:40:51 -------- d-----w- c:\users\deadly\appdata\roaming\Opera Software
2014-10-02 00:40:51 -------- d-----w- c:\users\deadly\appdata\local\Opera Software
2014-10-01 23:36:49 -------- d-----w- c:\programdata\Riot Games
2014-10-01 23:36:40 -------- d-----w- c:\users\deadly\Microsoft
2014-10-01 23:30:21 24184 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-10-01 23:30:13 43152 ----a-w- c:\windows\avastSS.scr
2014-10-01 23:24:11 231568 ------w- c:\windows\system32\MpSigStub.exe
2014-10-01 23:23:22 -------- d-----w- c:\users\deadly\appdata\roaming\AVAST Software
2014-10-01 23:22:58 -------- d-----w- c:\users\deadly\appdata\local\Skype
2014-10-01 23:22:45 -------- d-----r- c:\program files\Skype
2014-10-01 23:21:52 -------- d-----w- c:\program files\Microsoft ActiveSync
2014-10-01 23:21:49 -------- d-----w- c:\windows\PCHEALTH
2014-10-01 23:20:29 -------- d-----w- c:\program files\JetAudio
2014-10-01 23:20:29 -------- d-----w- c:\program files\common files\COWON
2014-10-01 23:18:33 779536 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-10-01 23:18:33 71944 ----a-w- c:\windows\system32\drivers\aswStm.sys
2014-10-01 23:18:33 192352 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-10-01 23:18:32 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-10-01 23:18:32 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-10-01 23:18:31 81768 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-10-01 23:18:09 -------- d-----w- c:\program files\AVAST Software
2014-10-01 23:18:00 -------- d-----w- c:\users\deadly\appdata\local\Google
2014-10-01 23:17:20 -------- d-----w- c:\programdata\AVAST Software
2014-10-01 23:16:49 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-10-01 23:16:49 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-10-01 23:16:28 -------- d-----w- c:\users\deadly\appdata\local\Adobe
2014-10-01 23:15:51 -------- d-----w- c:\program files\Yahoo!
2014-10-01 23:13:38 -------- d-----w- c:\program files\The KMPlayer
2014-10-01 23:13:19 175616 ----a-w- c:\windows\system32\unrar.dll
2014-10-01 23:12:26 -------- d-----w- c:\users\deadly\appdata\roaming\DMCache
2014-10-01 23:12:26 -------- d-----w- c:\programdata\IDM
2014-10-01 23:12:21 -------- d-----w- c:\program files\Internet Download Manager
2014-10-01 23:11:50 -------- d-----w- c:\program files\FreeTime
2014-10-01 23:11:32 -------- d-----w- c:\program files\CCleaner
2014-10-01 23:11:08 -------- d-----w- c:\users\deadly\appdata\local\ashampoo
2014-10-01 23:11:08 -------- d-----w- c:\programdata\ashampoo
2014-10-01 23:10:44 -------- d-----w- c:\program files\Ashampoo
2014-10-01 23:08:21 -------- d-sh--w- c:\windows\Installer
.
==================== Find3M  ====================
.
2014-10-29 12:43:01 167769 ----a-w- c:\windows\system32\DllHostSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrv.exe
2014-10-29 12:42:59 167769 ----a-w- c:\windows\system32\DllHostSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrv.exe
2014-10-29 09:17:07 167769 ----a-w- c:\windows\system32\winlogonSrvmgrmgrmgrSrvmgrSrvSrv.exe
2014-10-29 09:16:59 108544 ----a-w- c:\windows\system32\winlogonSrvSrvSrvmgrmgr.exe
2014-10-28 10:33:24 167769 ----a-w- c:\windows\system32\DllHostSrvmgrmgrmgrSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrv.exe
2014-10-28 08:29:30 167769 ----a-w- c:\windows\system32\winlogonSrvmgrSrvmgrSrvmgrSrv.exe
2014-10-27 11:33:14 167769 ----a-w- c:\windows\system32\winlogonSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrv.exe
2014-10-27 10:58:32 108544 ----a-w- c:\windows\system32\winlogonSrvSrvSrvSrvmgrSrvSrvmgr.exe
2014-10-27 10:58:32 108544 ----a-w- c:\windows\system32\wininitSrvSrvSrvSrvSrvmgrSrvSrvmgr.exe
2014-10-27 10:03:47 108544 ----a-w- c:\windows\system32\winlogonSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvmgrSrvmgr.exe
2014-10-27 10:01:31 108544 ----a-w- c:\windows\system32\winlogonSrvSrvSrvSrvSrvSrvSrvSrvSrvmgrSrvmgr.exe
2014-10-27 10:01:27 108544 ----a-w- c:\windows\system32\wininitSrvSrvSrvSrvSrvSrvmgrSrvmgr.exe
2014-10-27 10:01:27 108544 ----a-w- c:\windows\system32\wininitSrvSrvSrvSrvmgrSrvmgr.exe
2014-10-27 09:31:37 167769 ----a-w- c:\windows\system32\wininitSrvSrvSrvSrvSrvSrvmgrSrvmgrSrv.exe
2014-10-27 09:27:53 167769 ----a-w- c:\windows\system32\winlogonSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvmgrSrvSrvSrvSrvSrvSrv.exe
2014-10-27 09:23:52 167769 ----a-w- c:\windows\system32\winlogonSrvSrvSrvSrvSrvmgrSrvmgrSrvSrv.exe
2014-10-27 09:09:38 167769 ----a-w- c:\windows\system32\wininitSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvmgrSrvSrvmgrSrv.exe
2014-10-26 10:50:08 167769 ----a-w- c:\windows\system32\atbrokerSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrvSrv.exe
2014-10-26 10:48:59 167769 ----a-w- c:\windows\system32\userinitSrvSrvSrvSrvSrvSrvSrvSrvSrvSrv.exe
2014-10-11 23:31:55 86016 ----a-w- c:\windows\system32\iesysprep.dll
2014-10-11 23:25:16 906240 ----a-w- c:\windows\system32\FntCache.dll
2014-09-25 01:40:50 519680 ----a-w- c:\windows\system32\qdvd.dll
.
============= FINISH: 22:34:18.95 ===============
Attached File  Attach.zip   9.64KB   2 downloads

Edit: Moved topic from Windows 7 to the more appropriate forum. Duplicate of this topic deleted.~ Animal

BC AdBot (Login to Remove)

 


m

#2 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:01:38 PM

Posted 04 November 2014 - 02:18 PM

Hi Belal and Welcome to BleepingComputer !

I am currently looking though your logs and will advice you on what to do in my next reply.


“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#3 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:01:38 PM

Posted 04 November 2014 - 03:44 PM

Hello Belal

I'm Seedy21 and I will be helping you with your issues.

Please note the following information about the malware forum:

  • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by me
  • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
  • Please reply within 48 hours, if you are going to be away for longer please let us know or the topic will be closed for been inactive
  • If you are using Cracked or Illegal software your thread will be closed
  • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close.

 

Can you tell me if you installed Teamviewer?

 

 

Step 1

Please download Farbar Recovery Scan Tool and save it to your Desktop.

  • Double-click the downloaded icon to run the tool.

    frsticon_zpsdc3cbdc3.png
  • When the tool opens click Yes to disclaimer.

    frstdis_zps7f598f12.png
  • Press Scan button.

    newfrst_zpsa63ffa3d.png
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please copy and paste it to your reply also.

“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#4 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:01:38 PM

Posted 06 November 2014 - 05:08 PM

This is a 48 hour status check. We need to continue our troubleshooting to make sure there are no more threats on your machine. If you don't have any free time please reply back to this thread and we will keep it open.

If you don't reply back within 24 hours, this thread may be closed for inactivity.


“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,584 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:38 AM

Posted 07 November 2014 - 02:42 PM

Due to the lack of feedback/inactivity, this Topic is closed. Should you need it reopened, please contact a Forum Moderator or member of the Malware Response Team. Include the address of this thread in your request. If you have a new issue, please start a New Topic. This applies only to the original poster. Everyone else please begin a New Topic.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users