Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Am I still compromised? - Removed Trojan


  • This topic is locked This topic is locked
3 replies to this topic

#1 Cas34

Cas34

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:08:51 PM

Posted 30 October 2014 - 03:43 AM

Hi,

 

I recently cleaned my wife's PC and found a trojan, which I removed. I believe that I managed to remove all the malware but wanted to be certain that the PC is clean before I clone her hard drive. Therefore, I would really appreciate it if you could take a look at the logs for me please.

 

Thanks

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.17116
Run by Gillian at 8:23:49 on 2014-10-30
Microsoft Windows 8  6.2.9200.0.1252.44.1033.18.5989.3414 [GMT 0:00]
.
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\system32\dwm.exe
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\Classic Shell\ClassicShellService.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Activ Software\ActivDriver\ActivControlsvc.exe
C:\windows\system32\BtwRSupportService.exe
C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
C:\Program Files\Elantech\ETDService.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files\Macrium\Reflect\ReflectService.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Windows\System32\WUDFHost.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\windows\system32\taskhostex.exe
C:\Program Files\Classic Shell\ClassicStartMenu.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\windows\Explorer.EXE
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files\Elantech\ETDIntelligent.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
C:\Program Files\Activ Software\ActivDriver\ActivMgr.exe
C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
C:\Program Files\Activ Software\ActivDriver\FlashExtension\flashbridge-wrapper-crossplatform.exe
C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
C:\Program Files (x86)\USB Camera2\VM332STI.EXE
C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\rundll32.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\windows\System32\Taskmgr.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Program Files\Sandboxie\SandboxieRpcSs.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\Sandboxie\32\SbieSvc.exe
C:\Program Files\Sandboxie\SandboxieCrypto.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\system32\taskeng.exe
C:\windows\servicing\TrustedInstaller.exe
C:\windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17074_none_6233bc1f5106b696\TiWorker.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = hxxps://uk.yahoo.com?fr=hp-avast&type=avastbcl
mWinlogon: Userinit = userinit.exe
BHO: {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - <orphaned>
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: ClassicIE9BHO Class: {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll
uRun: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
mRun: [Dolby Advanced Audio v2] "C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe" -autostart
mRun: [332BigDog] C:\Program Files (x86)\USB Camera2\VM332STI.EXE
mRun: [YouCam Mirage] "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe"
mRun: [YouCam Tray] "C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe" /s
mRun: [UpdateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
mRun: [Intel AppUp(SM) center] "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
StartupFolder: C:\Users\Gillian\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\ACTIVS~1.LNK - C:\windows\Installer\{2FAA5A07-F0F7-47C6-96B9-1DB4184AA7F8}\NewShortcut1_08A9BB67B3284FEA9EC29BCD3F863A4A.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\BLUETO~1.LNK - C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
mPolicies-System: SoftwareSASGeneration = dword:1
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE9_32.exe
IE: {64964764-1101-4bbd-8891-B56B1A53B9B3} - {553891B7-A0D5-4526-BE18-D3CE461D6310}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {4FF78044-96B4-4312-A5B7-FDA3CB328095} - 
TCP: NameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{8EDCB003-5DC5-4944-94A4-A058FF93692B} : DHCPNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{8EDCB003-5DC5-4944-94A4-A058FF93692B}\7494C4C4A5F4F5E4564777F627B6 : DHCPNameServer = 10.0.0.1
TCP: Interfaces\{8EDCB003-5DC5-4944-94A4-A058FF93692B}\844534027596E646F67737020586F6E6560283350226970284453423932333 : DHCPNameServer = 192.168.137.1
TCP: Interfaces\{8EDCB003-5DC5-4944-94A4-A058FF93692B}\84F6E65697A2A2A245271607A2A2A223031343 : DHCPNameServer = 10.0.0.1
TCP: Interfaces\{8EDCB003-5DC5-4944-94A4-A058FF93692B}\E4544574541425 : DHCPNameServer = 10.0.0.1
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: ExplorerBHO Class: {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: ClassicIE9BHO Class: {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_64.dll
x64-TB: Classic Explorer Bar: {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll
x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4 
x64-Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
x64-Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe
x64-Run: [ActivManager] C:\Program Files\Activ Software\ActivDriver\ActivMgr.exe
x64-mPolicies-System: SoftwareSASGeneration = dword:1
x64-IE: {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE9_32.exe
x64-IE: {64964764-1101-4bbd-8891-B56B1A53B9B3} - {553891B7-A0D5-4526-BE18-D3CE461D6310}
x64-Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\windows\System32\Drivers\aswRvrt.sys [2013-9-12 65776]
R0 aswVmm;avast! VM Monitor;C:\windows\System32\Drivers\aswVmm.sys [2013-9-12 267632]
R0 iaStorA;iaStorA;C:\windows\System32\Drivers\iaStorA.sys [2013-6-22 652344]
R0 LHDmgr;LHDmgr;C:\windows\System32\Drivers\LhdX64.sys [2013-6-22 39008]
R1 aswSnx;aswSnx;C:\windows\System32\Drivers\aswsnx.sys [2013-9-12 1049920]
R1 aswSP;aswSP;C:\windows\System32\Drivers\aswsp.sys [2013-9-12 436624]
R2 ActivControl;ActivControl;C:\Program Files\Activ Software\ActivDriver\ActivControlsvc.exe [2013-4-25 21328]
R2 aswHwid;avast! HardwareID;C:\windows\System32\Drivers\aswHwid.sys [2014-6-6 29208]
R2 aswMonFlt;aswMonFlt;C:\windows\System32\Drivers\aswMonFlt.sys [2013-9-12 82768]
R2 aswStm;aswStm;C:\windows\System32\Drivers\aswstm.sys [2013-12-17 116728]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-10-30 50344]
R2 BcmBtRSupport;Bluetooth Radio Control Service;C:\windows\System32\BtwRSupportService.exe [2013-6-22 2252600]
R2 ETDService;Elan Service;C:\Program Files\Elantech\ETDService.exe [2013-1-9 92160]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104]
R2 Intel® ME Service;Intel® ME Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2013-6-22 128896]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2013-6-22 165760]
R2 ReflectService.exe;Macrium Reflect Image Mounting Service;C:\Program Files\Macrium\Reflect\ReflectService.exe [2013-6-28 409720]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-9-12 1817560]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-9-12 1033688]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-9-12 171928]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2013-6-22 364416]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;C:\windows\System32\Drivers\AcpiVpc.sys [2012-5-15 33560]
R3 AmUStor;AM USB Stroage Driver;C:\windows\System32\Drivers\AmUStor.sys [2012-6-13 100992]
R3 bcbtums;Bluetooth RAM Firmware Download USB Filter;C:\windows\System32\Drivers\bcbtums.sys [2013-6-22 164152]
R3 BthLEEnum;Bluetooth Low Energy Driver;C:\windows\System32\Drivers\BthLEEnum.sys [2012-7-26 202752]
R3 btwampfl;btwampfl Bluetooth filter driver;C:\windows\System32\Drivers\btwampfl.sys [2013-6-22 156472]
R3 btwl2cap;Bluetooth L2CAP Service;C:\windows\System32\Drivers\btwl2cap.sys [2013-6-22 40248]
R3 ETD;ELAN PS/2 Port Input Device;C:\windows\System32\Drivers\ETD.sys [2013-1-9 329552]
R3 IntcDAud;Intel® Display Audio;C:\windows\System32\Drivers\IntcDAud.sys [2012-8-27 342528]
R3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;C:\windows\System32\Drivers\L1C63x64.sys [2012-7-5 110744]
R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2014-10-14 185352]
R3 vm332avs;Lenovo Camera2;C:\windows\System32\Drivers\vm332avs.sys [2013-6-22 981112]
R3 WUDFWpdMtp;WUDFWpdMtp;C:\windows\System32\Drivers\WUDFRd.sys [2012-7-26 198656]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-4-3 315008]
S3 cleanhlp;cleanhlp;C:\EEK\bin\cleanhlp64.sys [2014-10-23 57024]
S3 LSCWinService;LSCWinService;C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [2013-8-8 30184]
S3 pwdrvio;pwdrvio;C:\windows\System32\pwdrvio.sys [2013-11-17 19152]
S3 pwdspio;pwdspio;C:\windows\System32\pwdspio.sys [2013-11-17 12504]
S3 wsvd;wsvd;C:\windows\System32\Drivers\wsvd.sys [2013-6-22 102376]
.
=============== Created Last 30 ================
.
2014-10-30 07:43:55 -------- d-----w- C:\Program Files\Sandboxie
2014-10-30 07:35:58 43152 ----a-w- C:\windows\avastSS.scr
2014-10-29 12:42:17 -------- d-----w- C:\windows\System32\AutoUpdateLicense
2014-10-29 10:41:07 695808 ----a-w- C:\windows\System32\WSShared.dll
2014-10-29 10:41:07 581016 ----a-w- C:\windows\System32\AutoUpdate.exe
2014-10-29 10:41:07 568832 ----a-w- C:\windows\SysWow64\WSShared.dll
2014-10-29 10:41:06 462760 ----a-w- C:\windows\System32\NotificationUI.exe
2014-10-29 10:41:06 198656 ----a-w- C:\windows\System32\Windows.ApplicationModel.Store.dll
2014-10-29 10:41:06 163840 ----a-w- C:\windows\System32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-10-29 10:41:06 125952 ----a-w- C:\windows\System32\WinSetupUI.dll
2014-10-29 10:41:06 124928 ----a-w- C:\windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-10-28 09:04:34 -------- dc----w- C:\Users\Gillian\AppData\Local\MigWiz
2014-10-23 11:38:14 37624 ----a-w- C:\windows\System32\drivers\TrueSight.sys
2014-10-23 11:38:12 -------- d-----w- C:\ProgramData\RogueKiller
2014-10-23 10:36:11 -------- d-----w- C:\ProgramData\HitmanPro
2014-10-23 09:17:22 -------- d-----w- C:\EEK
2014-10-19 19:22:43 -------- d--h--w- C:\Lenovo
2014-10-19 12:24:37 -------- d-----w- C:\windows\pss
2014-10-19 11:38:45 -------- d-----w- C:\Users\Gillian\AppData\Local\Adobe
2014-10-19 11:02:13 -------- d-----w- C:\Program Files (x86)\Belarc
2014-10-16 18:13:48 79360 ----a-w- C:\windows\System32\packager.dll
2014-10-16 18:13:48 68096 ----a-w- C:\windows\SysWow64\packager.dll
2014-10-16 18:12:49 585728 ----a-w- C:\windows\System32\rastls.dll
2014-10-16 18:12:45 510464 ----a-w- C:\windows\SysWow64\rastls.dll
2014-10-16 18:11:55 104904 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-10-16 18:11:54 705480 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2014-10-16 18:11:17 3262976 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\tipskins.dll
2014-10-16 18:11:15 1824784 ----a-w- C:\windows\System32\ntdll.dll
2014-10-16 18:11:07 1023488 ----a-w- C:\windows\System32\localspl.dll
2014-10-16 18:11:02 2620928 ----a-w- C:\windows\SysWow64\WMVDECOD.DLL
2014-10-16 18:11:01 419328 ----a-w- C:\windows\System32\schannel.dll
2014-10-16 18:11:00 1408952 ----a-w- C:\windows\SysWow64\ntdll.dll
2014-10-16 18:08:21 5982208 ----a-w- C:\windows\System32\mstscax.dll
2014-10-16 18:08:16 5095424 ----a-w- C:\windows\SysWow64\mstscax.dll
2014-10-16 18:08:09 3248128 ----a-w- C:\windows\System32\rdpcorets.dll
2014-10-16 18:08:06 724992 ----a-w- C:\windows\System32\termsrv.dll
2014-10-16 18:08:05 1125376 ----a-w- C:\windows\System32\mstsc.exe
2014-10-16 18:08:02 1049600 ----a-w- C:\windows\SysWow64\mstsc.exe
2014-10-16 18:08:01 300544 ----a-w- C:\windows\System32\winsta.dll
2014-10-16 18:08:01 233472 ----a-w- C:\windows\SysWow64\winsta.dll
2014-10-16 18:08:00 269312 ----a-w- C:\windows\SysWow64\aaclient.dll
2014-10-16 18:04:59 148992 ----a-w- C:\Program Files\Internet Explorer\jsdebuggeride.dll
2014-10-16 18:04:59 108032 ----a-w- C:\Program Files (x86)\Internet Explorer\jsdebuggeride.dll
2014-10-16 18:04:57 702976 ----a-w- C:\Program Files\Internet Explorer\ieproxy.dll
2014-10-16 18:04:55 258048 ----a-w- C:\Program Files (x86)\Internet Explorer\ieproxy.dll
2014-10-16 18:04:52 67072 ----a-w- C:\windows\System32\iesetup.dll
2014-10-16 18:04:50 61440 ----a-w- C:\windows\SysWow64\iesetup.dll
2014-10-16 18:04:48 534528 ----a-w- C:\windows\SysWow64\uxtheme.dll
2014-10-16 18:04:47 2706432 ----a-w- C:\windows\SysWow64\mshtml.tlb
2014-10-16 18:04:46 2706432 ----a-w- C:\windows\System32\mshtml.tlb
2014-10-16 17:35:29 4068352 ----a-w- C:\windows\System32\win32k.sys
2014-10-16 17:35:13 754176 ----a-w- C:\windows\SysWow64\actxprxy.dll
2014-10-16 17:34:31 8858112 ----a-w- C:\windows\SysWow64\twinui.dll
2014-10-16 17:34:31 2416128 ----a-w- C:\windows\SysWow64\msi.dll
2014-10-16 17:34:28 2885120 ----a-w- C:\windows\System32\msi.dll
2014-10-16 17:34:28 2146304 ----a-w- C:\windows\System32\actxprxy.dll
2014-10-16 17:34:28 10115072 ----a-w- C:\windows\System32\twinui.dll
2014-10-16 17:34:22 2306560 ----a-w- C:\windows\System32\authui.dll
2014-10-16 17:34:22 2037760 ----a-w- C:\windows\SysWow64\authui.dll
.
==================== Find3M  ====================
.
2014-10-30 07:36:00 82768 ----a-w- C:\windows\System32\drivers\aswMonFlt.sys
2014-10-30 07:36:00 65776 ----a-w- C:\windows\System32\drivers\aswRvrt.sys
2014-10-30 07:36:00 29208 ----a-w- C:\windows\System32\drivers\aswHwid.sys
2014-10-30 07:36:00 267632 ----a-w- C:\windows\System32\drivers\aswVmm.sys
2014-10-30 07:36:00 116728 ----a-w- C:\windows\System32\drivers\aswstm.sys
2014-10-30 07:35:59 93568 ----a-w- C:\windows\System32\drivers\aswRdr2.sys
2014-10-30 07:35:28 1049920 ----a-w- C:\windows\System32\drivers\aswsnx.sys
2014-10-19 16:30:55 122584 ----a-w- C:\windows\System32\drivers\MBAMSwissArmy.sys
2014-09-20 05:17:42 2236928 ----a-w- C:\windows\System32\wininet.dll
2014-09-20 05:17:32 915968 ----a-w- C:\windows\System32\uxtheme.dll
2014-09-20 05:17:32 53760 ----a-w- C:\windows\System32\UXInit.dll
2014-09-20 05:16:11 3959296 ----a-w- C:\windows\System32\jscript9.dll
2014-09-20 05:16:07 136704 ----a-w- C:\windows\System32\iesysprep.dll
2014-09-20 05:15:22 1508864 ----a-w- C:\windows\System32\inetcpl.cpl
2014-09-20 03:57:57 1762816 ----a-w- C:\windows\SysWow64\wininet.dll
2014-09-20 03:57:50 44032 ----a-w- C:\windows\SysWow64\UXInit.dll
2014-09-20 03:57:04 2861568 ----a-w- C:\windows\SysWow64\jscript9.dll
2014-09-20 03:57:01 109056 ----a-w- C:\windows\SysWow64\iesysprep.dll
2014-09-20 03:56:33 1440768 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2014-08-28 06:05:35 35328 ----a-w- C:\windows\SysWow64\wuapp.exe
2014-08-28 06:05:17 86528 ----a-w- C:\windows\SysWow64\wudriver.dll
2014-08-28 06:05:17 128000 ----a-w- C:\windows\SysWow64\wuwebv.dll
2014-08-28 06:02:15 40448 ----a-w- C:\windows\System32\wuapp.exe
2014-08-28 06:01:45 253440 ----a-w- C:\windows\System32\WUSettingsProvider.dll
2014-08-28 06:01:45 144384 ----a-w- C:\windows\System32\wuwebv.dll
2014-08-28 06:01:45 100352 ----a-w- C:\windows\System32\wudriver.dll
2014-08-28 06:01:44 17920 ----a-w- C:\windows\System32\wuaext.dll
2014-08-28 06:01:44 1623552 ----a-w- C:\windows\System32\wucltux.dll
2014-08-28 06:01:15 176640 ----a-w- C:\windows\System32\storewuauth.dll
2014-08-09 08:30:18 148480 ----a-w- C:\windows\System32\poqexec.exe
2014-08-09 08:29:32 144896 ----a-w- C:\windows\System32\tssdisai.dll
.
============= FINISH:  8:25:02.73 ===============
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 8
Boot Device: \Device\HarddiskVolume2
Install Date: 08/09/2013 12:51:26
System Uptime: 30/10/2014 07:37:04 (1 hours ago)
.
Motherboard: LENOVO |  | Lenovo G580
Processor: Intel® Celeron® CPU B830 @ 1.80GHz | CPU Socket - U3E1 | 1800/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 200 GiB total, 162.595 GiB free.
D: is FIXED (NTFS) - 86 GiB total, 83.959 GiB free.
E: is FIXED (NTFS) - 630 GiB total, 429.68 GiB free.
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP59: 10/10/2014 21:10:59 - Scheduled Checkpoint
RP60: 16/10/2014 18:34:11 - Windows Update
RP61: 19/10/2014 14:02:09 - Revo Uninstaller's restore point - Adobe Reader XI (11.0.09)
RP62: 29/10/2014 12:40:34 - Windows Update
.
==== Installed Programs ======================
.
7-Zip 9.22beta
ActivDriver x64 v5.9
ActivInspire Core Resources (ENU) v1
ActivInspire Help (GBR) v1
ActivInspire HWR Resources (ENU) v1
ActivInspire v1
Adobe AIR
Adobe Flash Player 15 Plugin
Alcor Micro USB Card Reader
Anki
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
Avast Free Antivirus
Belarc Advisor 8.4
Broadcom 802.11 Network Adapter
Classic Shell
Dev-C++
Dolby Advanced Audio v2
Energy Management
ERUNT 1.1j
Google Chrome
Google Update Helper
HP Deskjet 2050 J510 series Basic Device Software
Intel AppUp(SM) center
Intel® Management Engine Components
Intel® Processor Graphics
Intel® Rapid Storage Technology
Intel® SDK for OpenCL - CPU Only Runtime Package
Intel® Trusted Connect Service Client
Lenovo Bluetooth with Enhanced Data Rate Software
Lenovo EasyCamera
Lenovo OneKey Recovery
Lenovo pointing device
Lenovo Solution Center
Lenovo YouCam
Macrium Reflect Free Edition
Malwarebytes Anti-Malware version 2.0.2.1012
Microsoft App Update for microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe (x64)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Standard 2007
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
MiniTool Partition Wizard Home Edition 8.1.1
Power2Go
PrimoPDF -- brought to you by Nitro PDF Software
Realtek High Definition Audio Driver
Revo Uninstaller 1.95
Sandboxie 4.14 (64-bit)
Shared C Run-time for x64
Skype™ 6.18
Spybot - Search & Destroy
STDU Viewer version 1.6.251.0
SugarSync Manager
UserGuide
VLC media player
Windows Driver Package - Lenovo (ACPIVPC) System  (06/15/2012 8.1.0.1)
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid  (06/19/2012 10.13.29.733)
.
==== Event Viewer Messages From Past Week ========
.
30/10/2014 08:16:31, Error: disk [11]  - The driver detected a controller error on \Device\Harddisk1\DR1.
30/10/2014 07:49:46, Error: Microsoft-Windows-Kernel-Power [137]  - The system firmware has changed the processor's memory type range registers (MTRRs) across a sleep state transition (S4). This can result in reduced resume performance.
30/10/2014 07:37:07, Error: Microsoft-Windows-Kernel-General [6]  - An I/O operation initiated by the Registry failed unrecoverably.The Registry could not flush hive (file): ''.
23/10/2014 21:29:57, Error: disk [11]  - The driver detected a controller error on \Device\Harddisk2\DR3.
.
==== End Of File ===========================
 

 



BC AdBot (Login to Remove)

 


#2 Jo*

Jo*

  • Malware Response Team
  • 3,425 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:51 PM

Posted 01 November 2014 - 07:04 AM

:welcome:

Hello Cas34,

my name is Jo and I will help you with your computer problems.


Please follow these guidelines:
  • Logs can take a while to research, so please be patient.
  • Read and follow the instructions in the sequence they are posted.
  • print or copy & save instructions.
  • back up all your private data / important files on another (external) drive before using our tools.
  • Do not install / uninstall any applications, unless otherwise instructed.
  • Use only that tools you have been instructed to use.
  • Copy and Paste the log files inside your post, unless otherwise instructed.
  • Ask for clarification, if you have any questions.
  • Stay with this topic til you get the all clean post.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

***


1. Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    Vista / Windows 7/8 users right-click and select Run As Administrator.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

***


2. Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right-click FRST / FSRT64 then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.
Note 2: The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.



***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#3 Jo*

Jo*

  • Malware Response Team
  • 3,425 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:51 PM

Posted 04 November 2014 - 04:25 AM


Hi,

it has been several days since I sent my last set of instructions to help with your computer problem.

Please let me know if you are having problems and still need help.

Note: Threads will be closed if no response after 3 days.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#4 Jo*

Jo*

  • Malware Response Team
  • 3,425 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:51 PM

Posted 06 November 2014 - 01:44 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users