TechSpot

Infected with Win64/Patched.A (service.exe)

Inactive
By Sinko666
Nov 20, 2012
  1. Hi,
    My name is Simon and I'm student from Slovenia. ;)

    I'm infected with Win64/Patched.A (service.exe) and I need your help ASAP.

    After reading few threads I found out that I have to scan my computer with Farbar Recovery Scan Tool. I'm using Win 7 64-bit.

    Here is my FRST.txt:



    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-11-2012
    Ran by Simon at 20-11-2012 12:44:44
    Running from G:\
    Service Pack 1 (X64) OS Language: English(US)
    Attention: Could not load system hive.ATTENTION:=====> THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNCTION PROPERLY.


    ==================== One Month Created Files and Folders ========

    2012-11-20 12:29 - 2012-11-20 12:29 - 00000326 ____A C:\Users\Simon\Downloads\fixlist.txt
    2012-11-19 08:34 - 2012-11-20 21:41 - 00000000 ____D C:\Program Files (x86)\Verimatrix
    2012-11-19 08:33 - 2012-11-19 08:34 - 11154432 ____A C:\Users\Simon\Downloads\ViewRightWebInstaller (1).msi
    2012-11-19 07:40 - 2012-11-19 07:40 - 00003210 ____A C:\Users\Simon\Desktop\RKreport[1]_S_11192012_02d0740.txt
    2012-11-19 07:39 - 2012-11-19 07:40 - 00000000 ____D C:\Users\Simon\Desktop\RK_Quarantine
    2012-11-19 07:39 - 2012-11-19 07:39 - 00729088 ____A C:\Users\Simon\Downloads\RogueKiller.exe
    2012-11-18 21:58 - 2012-11-18 21:58 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
    2012-11-18 21:47 - 2012-11-18 21:47 - 00000000 ____D C:\Windows\System32\appmgmt
    2012-11-18 21:24 - 2012-11-18 21:24 - 00697272 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-11-18 21:24 - 2012-11-18 21:24 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2012-11-18 20:47 - 2012-11-18 20:47 - 00000000 ____D C:\Program Files (x86)\Mega Codec Pack
    2012-11-18 20:09 - 2012-11-18 20:41 - 00000000 ____D C:\Users\Simon\Downloads\Pitch Perfect 2012 Eng [DVDRip] Dual Audio - DiAMOND
    2012-11-18 20:09 - 2012-11-18 20:09 - 00030903 ____A C:\Users\Simon\Downloads\[isoHunt] 4935305.torrent
    2012-11-18 20:06 - 2012-11-18 20:07 - 09060224 ____A (Gygan Inc ) C:\Users\Simon\Downloads\gyganinstall_0775 (1).exe
    2012-11-18 20:05 - 2012-11-18 20:05 - 00000000 ____D C:\Program Files (x86)\Xvid
    2012-11-18 20:05 - 2011-05-30 14:42 - 00255488 ____A C:\Windows\System32\xvidvfw.dll
    2012-11-18 20:05 - 2011-05-30 14:42 - 00240640 ____A C:\Windows\SysWOW64\xvidvfw.dll
    2012-11-18 20:05 - 2011-05-23 10:52 - 00153088 ____A C:\Windows\SysWOW64\xvid.ax
    2012-11-18 20:05 - 2011-05-23 08:49 - 00173568 ____A C:\Windows\System32\xvid.ax
    2012-11-18 20:05 - 2011-05-23 08:46 - 00645632 ____A C:\Windows\SysWOW64\xvidcore.dll
    2012-11-18 20:05 - 2011-05-23 08:45 - 00696832 ____A C:\Windows\System32\xvidcore.dll
    2012-11-18 20:03 - 2012-11-18 20:04 - 10768856 ____A (Xvid Team) C:\Users\Simon\Downloads\Xvid-1.3.2-20110601.exe
    2012-11-18 20:00 - 2012-11-18 20:01 - 09060224 ____A (Gygan Inc ) C:\Users\Simon\Downloads\gyganinstall_0775.exe
    2012-11-18 19:41 - 2012-11-18 20:09 - 00000000 ____D C:\Users\Simon\Downloads\Pitch Perfect 2012 DVDRip XviD-HELLRAZ0R
    2012-11-18 19:40 - 2012-11-18 19:40 - 00014370 ____A C:\Users\Simon\Downloads\[isoHunt] Pitch Perfect 2012 DVDRip XviD-HELLRAZ0R.torrent
    2012-11-18 17:46 - 2012-11-18 19:40 - 00000000 ____D C:\Users\Simon\Downloads\Pitch Perfect [2012] R5 XViD - RAWNiTRO
    2012-11-18 17:45 - 2012-11-18 17:45 - 00000000 ____D C:\Users\Simon\Downloads\Pitch Perfect 2012 English HD-quality
    2012-11-18 17:44 - 2012-11-18 17:44 - 00008591 ____A C:\Users\Simon\Downloads\[isoHunt] Pitch Perfect [2012] R5 XViD - RAWNiTRO.torrent
    2012-11-18 17:41 - 2012-11-18 17:42 - 00056893 ____A C:\Users\Simon\Downloads\[isoHunt] download.torrent
    2012-11-14 03:05 - 2012-07-26 05:55 - 00785512 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\Wdf01000.sys
    2012-11-14 03:05 - 2012-07-26 05:55 - 00054376 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WdfLdr.sys
    2012-11-14 03:05 - 2012-07-26 03:36 - 00009728 ____A (Microsoft Corporation) C:\Windows\System32\Wdfres.dll
    2012-11-14 03:05 - 2012-06-02 15:35 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
    2012-11-14 03:01 - 2012-10-08 13:19 - 17811968 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-11-14 03:01 - 2012-10-08 12:42 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-11-14 03:01 - 2012-10-08 12:31 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-11-14 03:01 - 2012-10-08 12:24 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-11-14 03:01 - 2012-10-08 12:23 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-11-14 03:01 - 2012-10-08 12:22 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-11-14 03:01 - 2012-10-08 12:22 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-11-14 03:01 - 2012-10-08 12:20 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-11-14 03:01 - 2012-10-08 12:18 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-11-14 03:01 - 2012-10-08 12:17 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-11-14 03:01 - 2012-10-08 12:17 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
    2012-11-14 03:01 - 2012-10-08 12:15 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-11-14 03:01 - 2012-10-08 12:15 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
    2012-11-14 03:01 - 2012-10-08 12:13 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-11-14 03:01 - 2012-10-08 12:13 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-11-14 03:01 - 2012-10-08 12:09 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-11-14 03:01 - 2012-10-08 09:28 - 12320768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-11-14 03:01 - 2012-10-08 09:02 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-11-14 03:01 - 2012-10-08 08:56 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-11-14 03:01 - 2012-10-08 08:48 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-11-14 03:01 - 2012-10-08 08:48 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-11-14 03:01 - 2012-10-08 08:47 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-11-14 03:01 - 2012-10-08 08:46 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-11-14 03:01 - 2012-10-08 08:45 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-11-14 03:01 - 2012-10-08 08:44 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-11-14 03:01 - 2012-10-08 08:43 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-11-14 03:01 - 2012-10-08 08:43 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2012-11-14 03:01 - 2012-10-08 08:42 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2012-11-14 03:01 - 2012-10-08 08:41 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-11-14 03:01 - 2012-10-08 08:41 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-11-14 03:01 - 2012-10-08 08:40 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-11-14 03:01 - 2012-10-08 08:37 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-11-14 03:00 - 2012-07-26 04:08 - 00744448 ____A (Microsoft Corporation) C:\Windows\System32\WUDFx.dll
    2012-11-14 03:00 - 2012-07-26 04:08 - 00229888 ____A (Microsoft Corporation) C:\Windows\System32\WUDFHost.exe
    2012-11-14 03:00 - 2012-07-26 04:08 - 00194048 ____A (Microsoft Corporation) C:\Windows\System32\WUDFPlatform.dll
    2012-11-14 03:00 - 2012-07-26 04:08 - 00084992 ____A (Microsoft Corporation) C:\Windows\System32\WUDFSvc.dll
    2012-11-14 03:00 - 2012-07-26 04:08 - 00045056 ____A (Microsoft Corporation) C:\Windows\System32\WUDFCoinstaller.dll
    2012-11-14 03:00 - 2012-07-26 03:26 - 00198656 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFRd.sys
    2012-11-14 03:00 - 2012-07-26 03:26 - 00087040 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFPf.sys
    2012-11-14 03:00 - 2012-06-02 15:57 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
    2012-11-14 01:04 - 2012-11-14 03:15 - 00000000 ____D C:\Users\Simon\Downloads\Call.of.Duty.Black.Ops.II-SKIDROW
    2012-11-14 01:03 - 2012-11-14 01:03 - 00151230 ____A C:\Users\Simon\Downloads\Call.of.Duty.Black.Ops.II-SKIDROW.torrent
    2012-11-13 23:05 - 2012-10-18 19:25 - 03149824 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-11-13 23:05 - 2012-10-09 19:17 - 00226816 ____A (Microsoft Corporation) C:\Windows\System32\dhcpcore6.dll
    2012-11-13 23:05 - 2012-10-09 19:17 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\dhcpcsvc6.dll
    2012-11-13 23:05 - 2012-10-09 18:40 - 00193536 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore6.dll
    2012-11-13 23:05 - 2012-10-09 18:40 - 00044032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc6.dll
    2012-11-13 23:05 - 2012-10-03 18:56 - 01914248 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
    2012-11-13 23:05 - 2012-10-03 18:44 - 00303104 ____A (Microsoft Corporation) C:\Windows\System32\nlasvc.dll
    2012-11-13 23:05 - 2012-10-03 18:44 - 00246272 ____A (Microsoft Corporation) C:\Windows\System32\netcorehc.dll
    2012-11-13 23:05 - 2012-10-03 18:44 - 00216576 ____A (Microsoft Corporation) C:\Windows\System32\ncsi.dll
    2012-11-13 23:05 - 2012-10-03 18:44 - 00070656 ____A (Microsoft Corporation) C:\Windows\System32\nlaapi.dll
    2012-11-13 23:05 - 2012-10-03 18:44 - 00018944 ____A (Microsoft Corporation) C:\Windows\System32\netevent.dll
    2012-11-13 23:05 - 2012-10-03 18:42 - 00569344 ____A (Microsoft Corporation) C:\Windows\System32\iphlpsvc.dll
    2012-11-13 23:05 - 2012-10-03 17:42 - 00175104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netcorehc.dll
    2012-11-13 23:05 - 2012-10-03 17:42 - 00156672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
    2012-11-13 23:05 - 2012-10-03 17:42 - 00018944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netevent.dll
    2012-11-13 23:05 - 2012-10-03 17:07 - 00045568 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpipreg.sys
    2012-11-13 23:05 - 2012-01-13 08:12 - 00052224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
    2012-11-13 23:04 - 2012-09-25 23:47 - 00078336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\synceng.dll
    2012-11-13 23:04 - 2012-09-25 23:46 - 00095744 ____A (Microsoft Corporation) C:\Windows\System32\synceng.dll
    2012-11-11 20:58 - 2012-11-11 20:58 - 00004376 ____A C:\WirelessDiagLog.csv
    2012-11-10 17:08 - 2012-11-10 17:08 - 00027520 ____A C:\Users\Simon\AppData\Local\dt.dat
    2012-11-10 16:36 - 2012-11-10 16:56 - 00000000 ____D C:\Program Files\Dell Support Center
    2012-11-10 16:36 - 2012-11-10 16:36 - 00000000 ____D C:\Users\Simon\AppData\Roaming\Dell
    2012-11-10 16:36 - 2012-11-10 16:36 - 00000000 ____D C:\Users\All Users\PCDr
    2012-11-10 16:32 - 2012-11-10 16:32 - 00038984 ____A (Dell Computer Corporation) C:\Users\Simon\Downloads\DellPCDiagnostics.exe
    2012-11-10 16:32 - 2012-11-10 16:32 - 00000000 ____D C:\Users\Simon\AppData\Roaming\PCDr
    2012-11-10 16:25 - 2012-11-10 16:26 - 06059000 ____A C:\Users\Simon\Downloads\R295126.exe
    2012-11-10 16:24 - 2012-11-10 16:25 - 08276776 ____A C:\Users\Simon\Downloads\USB3_Renesas_W7_A03_Setup-61X2W_ZPE.exe
    2012-11-10 16:16 - 2012-11-10 16:18 - 17371337 ____A C:\Users\Simon\Downloads\R317457.zip
    2012-11-10 16:12 - 2012-11-10 16:13 - 04300104 ____A C:\Users\Simon\Downloads\CW1394A0.exe
    2012-11-10 15:59 - 2012-11-20 21:41 - 00000000 ____D C:\Users\Simon\AppData\Local\Akamai
    2012-11-10 15:57 - 2012-11-10 15:58 - 11064264 ____A (Akamai Technologies, Inc.) C:\Users\Simon\Downloads\Dell_Download_Manager_Setup.exe
    2012-11-10 15:49 - 2012-11-10 15:49 - 00127480 ____A C:\Users\Simon\Downloads\DELL_S2230MX-MONITOR_A00-00_R303587.exe
    2012-11-10 15:48 - 2012-11-10 15:49 - 10797616 ____A C:\Users\Simon\Downloads\R296901.exe
    2012-11-10 15:47 - 2012-11-10 15:47 - 00010579 ____A C:\Users\Simon\Downloads\dellsystemdetect.application
    2012-11-10 15:46 - 2012-11-10 15:46 - 00000000 ____D C:\Users\Simon\AppData\Roaming\Verimatrix
    2012-11-10 15:46 - 2012-11-10 15:46 - 00000000 ____D C:\Users\All Users\Verimatrix
    2012-11-10 15:39 - 2012-11-10 15:40 - 11154432 ____A C:\Users\Simon\Downloads\ViewRightWebInstaller.msi
    2012-11-04 20:19 - 2012-11-04 20:19 - 00000000 ____D C:\Windows\System32\Macromed
    2012-11-04 20:19 - 2012-11-04 20:19 - 00000000 ____D C:\Users\All Users\ALM
    2012-11-04 20:13 - 2012-11-04 20:13 - 00000000 ____D C:\Users\Simon\Adobe Flash Builder 4.6
    2012-11-04 20:08 - 2012-11-04 20:08 - 00002026 ____A C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk
    2012-11-04 18:53 - 2012-11-04 19:06 - 00000000 ____D C:\Users\Simon\Desktop\Adobe CS6 Master Collection
    2012-11-04 17:35 - 2012-11-04 17:35 - 00016981 ____A C:\Users\Simon\Downloads\[isoHunt] Adobe CS6 Master Collection (1).torrent
    2012-11-04 17:26 - 2012-11-04 17:26 - 00000616 ____A C:\Users\Simon\Downloads\ADOBE_CS6.0_MASTER_COLLECTION_WIN_OSX_KEYGEN-XFORCE.torrent
    2012-11-04 17:26 - 2012-11-04 17:26 - 00000000 ____D C:\Users\Simon\Downloads\ADOBE_CS6.0_MASTER_COLLECTION_WIN_OSX_KEYGEN-XFORCE
    2012-11-04 17:25 - 2012-11-04 17:25 - 00001706 ____A C:\Users\Simon\Downloads\Adobe_CS6_All_Products_Activator__x32___x64___2012_-MPT (1).torrent
    2012-11-04 13:55 - 2012-11-09 00:37 - 00000000 ____D C:\Users\Simon\AppData\Roaming\TeamViewer
    2012-11-04 13:54 - 2012-11-04 13:54 - 00001166 ____A C:\Users\Public\Desktop\TeamViewer 7.lnk
    2012-11-04 13:54 - 2012-11-04 13:54 - 00000000 ____D C:\Program Files (x86)\TeamViewer
    2012-11-04 13:52 - 2012-11-04 13:52 - 04939440 ____A (TeamViewer GmbH) C:\Users\Simon\Downloads\TeamViewer_Setup.exe
    2012-11-04 13:50 - 2012-11-18 21:45 - 00000000 ____D C:\Program Files (x86)\VaudiX
    2012-11-04 13:49 - 2012-11-20 12:43 - 00000370 ___AH C:\Windows\Tasks\VaudiXUpdaterTask{6F5B29B3-E8F2-4AE4-83C7-C188B6020673}.job
    2012-11-04 13:49 - 2012-11-04 13:50 - 00000000 ____D C:\Users\All Users\Premium
    2012-11-04 13:48 - 2012-11-18 21:45 - 00000000 ____D C:\Users\All Users\InstallMate
    2012-11-04 13:48 - 2012-11-04 13:48 - 00300936 ____A (Premium) C:\Users\Simon\Downloads\VaudiX.exe
    2012-11-04 13:48 - 2012-11-04 13:48 - 00000000 ____D C:\Users\All Users\Vaudix
    2012-11-04 10:03 - 2012-11-04 10:03 - 00015872 ____A C:\Users\Simon\Downloads\seminarji.xls
    2012-11-03 22:55 - 2012-11-03 22:55 - 00000000 ____D C:\Users\Simon\AppData\Roaming\Mozilla
    2012-10-30 09:41 - 2012-10-30 09:41 - 00482816 ____H C:\Users\Simon\Downloads\~WRL2901.tmp
    2012-10-28 17:33 - 2012-10-28 17:33 - 00056823 ____A C:\Users\Simon\Downloads\Ice.Age.4.Continental.Drift.2012.SLOSubs.DVDRip.XviD-DrSi.torrent
    2012-10-26 22:13 - 2012-10-27 00:37 - 00000000 ____D C:\CS6
    2012-10-26 21:58 - 2012-10-26 22:09 - 00000000 ____D C:\Users\Simon\Downloads\Project.X.2012.EXTENDED.SLOSubs.DVDRip.XviD-DrSi
    2012-10-24 21:41 - 2012-10-24 21:41 - 00055176 ____A C:\Users\Simon\Downloads\Adobe.CS6.Master.Collection-milkman (1).torrent
    2012-10-24 21:35 - 2012-10-24 21:35 - 00001845 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
    2012-10-24 21:35 - 2012-10-24 21:35 - 00000000 ____D C:\Program Files (x86)\QuickTime
    2012-10-24 21:32 - 2012-10-24 21:34 - 39483256 ____A (Apple Inc.) C:\Users\Simon\Downloads\QuickTimeInstaller.exe
    2012-10-23 18:06 - 2012-10-23 18:07 - 16061064 ____A C:\Users\Simon\Downloads\getOrder_promo_mix.mp4
    2012-10-22 11:33 - 2012-10-22 11:33 - 00000000 ____D C:\Users\All Users\Hewlett-Packard
    2012-10-21 21:20 - 2012-11-20 12:44 - 00000000 ___RD C:\Users\Simon\Dropbox
    2012-10-21 21:20 - 2012-10-21 21:20 - 00001043 ____A C:\Users\Simon\Desktop\Dropbox.lnk
    2012-10-21 21:18 - 2012-11-20 12:44 - 00000000 ____D C:\Users\Simon\AppData\Roaming\Dropbox
    2012-10-21 21:18 - 2012-10-21 21:18 - 05694794 ____A C:\Users\Simon\Downloads\template-discsurface.zip
    2012-10-21 21:16 - 2012-10-21 21:17 - 17813784 ____A (Dropbox, Inc.) C:\Users\Simon\Downloads\Dropbox 1.4.17.exe


    ==================== One Month Modified Files and Folders =======

    2012-11-20 21:41 - 2012-11-19 08:34 - 00000000 ____D C:\Program Files (x86)\Verimatrix
    2012-11-20 21:41 - 2012-11-10 15:59 - 00000000 ____D C:\Users\Simon\AppData\Local\Akamai
    2012-11-20 21:41 - 2012-07-15 14:09 - 00000000 ____D C:\Program Files (x86)\DAEMON Tools Lite
    2012-11-20 21:41 - 2012-07-10 14:13 - 00000000 ____D C:\Windows\System32\Drivers\AVG
    2012-11-20 21:41 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration
    2012-11-20 21:41 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\AppCompat
    2012-11-20 12:44 - 2012-11-20 12:44 - 00000000 ____D C:\FRST
    2012-11-20 12:44 - 2012-10-21 21:20 - 00000000 ___RD C:\Users\Simon\Dropbox
    2012-11-20 12:44 - 2012-10-21 21:18 - 00000000 ____D C:\Users\Simon\AppData\Roaming\Dropbox
    2012-11-20 12:43 - 2012-11-04 13:49 - 00000370 ___AH C:\Windows\Tasks\VaudiXUpdaterTask{6F5B29B3-E8F2-4AE4-83C7-C188B6020673}.job
    2012-11-20 12:43 - 2012-08-04 22:00 - 00001050 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2012-11-20 12:43 - 2012-07-10 13:18 - 00000000 ____D C:\Users\All Users\NVIDIA
    2012-11-20 12:43 - 2012-07-10 12:52 - 00000000 ____D C:\users\Simon
    2012-11-20 12:43 - 2009-07-14 06:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-11-20 12:43 - 2009-07-14 05:51 - 00038635 ____A C:\Windows\setupact.log
    2012-11-20 12:29 - 2012-11-20 12:29 - 00000326 ____A C:\Users\Simon\Downloads\fixlist.txt
    2012-11-20 02:00 - 2012-08-22 12:16 - 00000000 ____D C:\Users\Simon\AppData\Local\Adobe
    2012-11-19 08:34 - 2012-11-19 08:33 - 11154432 ____A C:\Users\Simon\Downloads\ViewRightWebInstaller (1).msi
    2012-11-19 08:10 - 2012-08-04 22:00 - 00001054 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2012-11-19 07:49 - 2009-07-14 05:45 - 00022032 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-11-19 07:49 - 2009-07-14 05:45 - 00022032 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-11-19 07:48 - 2009-07-14 06:13 - 00778660 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-11-19 07:42 - 2012-07-10 14:13 - 00000000 ____D C:\Users\All Users\AVG2012
    2012-11-19 07:42 - 2010-11-21 04:47 - 00010042 ____A C:\Windows\PFRO.log
    2012-11-19 07:41 - 2012-07-21 12:40 - 00000000 ____D C:\Users\Simon\AppData\Roaming\uTorrent
    2012-11-19 07:40 - 2012-11-19 07:40 - 00003210 ____A C:\Users\Simon\Desktop\RKreport[1]_S_11192012_02d0740.txt
    2012-11-19 07:40 - 2012-11-19 07:39 - 00000000 ____D C:\Users\Simon\Desktop\RK_Quarantine
    2012-11-19 07:39 - 2012-11-19 07:39 - 00729088 ____A C:\Users\Simon\Downloads\RogueKiller.exe
    2012-11-19 07:37 - 2012-07-10 13:54 - 00001066 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4188228576-3451463030-3658580190-1000UA.job
    2012-11-19 07:00 - 2012-07-10 14:04 - 00000000 ____D C:\Users\All Users\MFAData
    2012-11-18 21:58 - 2012-11-18 21:58 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
    2012-11-18 21:47 - 2012-11-18 21:47 - 00000000 ____D C:\Windows\System32\appmgmt
    2012-11-18 21:45 - 2012-11-04 13:50 - 00000000 ____D C:\Program Files (x86)\VaudiX
    2012-11-18 21:45 - 2012-11-04 13:48 - 00000000 ____D C:\Users\All Users\InstallMate
    2012-11-18 21:27 - 2012-07-15 14:42 - 00000000 ____D C:\Users\Simon\AppData\Roaming\vlc
    2012-11-18 21:24 - 2012-11-18 21:24 - 00697272 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-11-18 21:24 - 2012-11-18 21:24 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2012-11-18 20:47 - 2012-11-18 20:47 - 00000000 ____D C:\Program Files (x86)\Mega Codec Pack
    2012-11-18 20:47 - 2012-07-10 12:52 - 01728130 ____A C:\Windows\WindowsUpdate.log
    2012-11-18 20:41 - 2012-11-18 20:09 - 00000000 ____D C:\Users\Simon\Downloads\Pitch Perfect 2012 Eng [DVDRip] Dual Audio - DiAMOND
    2012-11-18 20:09 - 2012-11-18 20:09 - 00030903 ____A C:\Users\Simon\Downloads\[isoHunt] 4935305.torrent
    2012-11-18 20:09 - 2012-11-18 19:41 - 00000000 ____D C:\Users\Simon\Downloads\Pitch Perfect 2012 DVDRip XviD-HELLRAZ0R
    2012-11-18 20:07 - 2012-11-18 20:06 - 09060224 ____A (Gygan Inc ) C:\Users\Simon\Downloads\gyganinstall_0775 (1).exe
    2012-11-18 20:05 - 2012-11-18 20:05 - 00000000 ____D C:\Program Files (x86)\Xvid
    2012-11-18 20:04 - 2012-11-18 20:03 - 10768856 ____A (Xvid Team) C:\Users\Simon\Downloads\Xvid-1.3.2-20110601.exe
    2012-11-18 20:01 - 2012-11-18 20:00 - 09060224 ____A (Gygan Inc ) C:\Users\Simon\Downloads\gyganinstall_0775.exe
    2012-11-18 19:40 - 2012-11-18 19:40 - 00014370 ____A C:\Users\Simon\Downloads\[isoHunt] Pitch Perfect 2012 DVDRip XviD-HELLRAZ0R.torrent
    2012-11-18 19:40 - 2012-11-18 17:46 - 00000000 ____D C:\Users\Simon\Downloads\Pitch Perfect [2012] R5 XViD - RAWNiTRO
    2012-11-18 17:45 - 2012-11-18 17:45 - 00000000 ____D C:\Users\Simon\Downloads\Pitch Perfect 2012 English HD-quality
    2012-11-18 17:44 - 2012-11-18 17:44 - 00008591 ____A C:\Users\Simon\Downloads\[isoHunt] Pitch Perfect [2012] R5 XViD - RAWNiTRO.torrent
    2012-11-18 17:42 - 2012-11-18 17:41 - 00056893 ____A C:\Users\Simon\Downloads\[isoHunt] download.torrent
    2012-11-18 16:59 - 2012-07-24 14:42 - 00000000 ____D C:\Users\Simon\AppData\Roaming\Skype
    2012-11-18 15:55 - 2012-07-10 13:54 - 00001014 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4188228576-3451463030-3658580190-1000Core.job
    2012-11-16 15:55 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\System32\NDF
    2012-11-15 01:30 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
    2012-11-14 03:29 - 2012-07-10 13:51 - 00087984 ____A C:\Users\Simon\AppData\Local\GDIPFONTCACHEV1.DAT
    2012-11-14 03:24 - 2009-07-14 05:45 - 04990416 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-11-14 03:23 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\PolicyDefinitions
    2012-11-14 03:15 - 2012-11-14 01:04 - 00000000 ____D C:\Users\Simon\Downloads\Call.of.Duty.Black.Ops.II-SKIDROW
    2012-11-14 01:03 - 2012-11-14 01:03 - 00151230 ____A C:\Users\Simon\Downloads\Call.of.Duty.Black.Ops.II-SKIDROW.torrent
    2012-11-11 20:58 - 2012-11-11 20:58 - 00004376 ____A C:\WirelessDiagLog.csv
    2012-11-10 17:16 - 2012-07-10 13:54 - 00000000 ____D C:\Users\Simon\AppData\Local\Deployment
    2012-11-10 17:08 - 2012-11-10 17:08 - 00027520 ____A C:\Users\Simon\AppData\Local\dt.dat
    2012-11-10 16:56 - 2012-11-10 16:36 - 00000000 ____D C:\Program Files\Dell Support Center
    2012-11-10 16:36 - 2012-11-10 16:36 - 00000000 ____D C:\Users\Simon\AppData\Roaming\Dell
    2012-11-10 16:36 - 2012-11-10 16:36 - 00000000 ____D C:\Users\All Users\PCDr
    2012-11-10 16:36 - 2012-07-10 14:09 - 00000000 ____D C:\Users\All Users\Dell
    2012-11-10 16:32 - 2012-11-10 16:32 - 00038984 ____A (Dell Computer Corporation) C:\Users\Simon\Downloads\DellPCDiagnostics.exe
    2012-11-10 16:32 - 2012-11-10 16:32 - 00000000 ____D C:\Users\Simon\AppData\Roaming\PCDr
    2012-11-10 16:26 - 2012-11-10 16:25 - 06059000 ____A C:\Users\Simon\Downloads\R295126.exe
    2012-11-10 16:25 - 2012-11-10 16:24 - 08276776 ____A C:\Users\Simon\Downloads\USB3_Renesas_W7_A03_Setup-61X2W_ZPE.exe
    2012-11-10 16:18 - 2012-11-10 16:16 - 17371337 ____A C:\Users\Simon\Downloads\R317457.zip
    2012-11-10 16:13 - 2012-11-10 16:12 - 04300104 ____A C:\Users\Simon\Downloads\CW1394A0.exe
    2012-11-10 15:58 - 2012-11-10 15:57 - 11064264 ____A (Akamai Technologies, Inc.) C:\Users\Simon\Downloads\Dell_Download_Manager_Setup.exe
    2012-11-10 15:51 - 2012-07-10 13:17 - 00000000 ____D C:\Program Files (x86)\Intel
    2012-11-10 15:49 - 2012-11-10 15:49 - 00127480 ____A C:\Users\Simon\Downloads\DELL_S2230MX-MONITOR_A00-00_R303587.exe
    2012-11-10 15:49 - 2012-11-10 15:48 - 10797616 ____A C:\Users\Simon\Downloads\R296901.exe
    2012-11-10 15:47 - 2012-11-10 15:47 - 00010579 ____A C:\Users\Simon\Downloads\dellsystemdetect.application
    2012-11-10 15:46 - 2012-11-10 15:46 - 00000000 ____D C:\Users\Simon\AppData\Roaming\Verimatrix
    2012-11-10 15:46 - 2012-11-10 15:46 - 00000000 ____D C:\Users\All Users\Verimatrix
    2012-11-10 15:40 - 2012-11-10 15:39 - 11154432 ____A C:\Users\Simon\Downloads\ViewRightWebInstaller.msi
    2012-11-09 00:37 - 2012-11-04 13:55 - 00000000 ____D C:\Users\Simon\AppData\Roaming\TeamViewer
    2012-11-09 00:36 - 2012-07-22 21:53 - 00001998 ___AH C:\Users\Simon\Documents\Default.rdp
    2012-11-08 23:56 - 2012-07-10 14:14 - 00000000 ____D C:\Users\All Users\AVG Secure Search
    2012-11-08 23:56 - 2012-07-10 14:14 - 00000000 ____D C:\Program Files (x86)\AVG Secure Search
    2012-11-08 23:55 - 2012-08-27 08:43 - 00030568 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx64.sys
    2012-11-05 00:11 - 2012-09-02 10:30 - 00000021 ____A C:\Windows\SurCode.INI
    2012-11-05 00:11 - 2012-09-02 10:30 - 00000000 ____D C:\Users\Simon\Documents\Adobe
    2012-11-04 20:29 - 2012-08-22 13:54 - 00000000 ____D C:\Users\All Users\Adobe
    2012-11-04 20:27 - 2012-09-30 20:12 - 00000000 ____D C:\Program Files\Common Files\Adobe
    2012-11-04 20:19 - 2012-11-04 20:19 - 00000000 ____D C:\Windows\System32\Macromed
    2012-11-04 20:19 - 2012-11-04 20:19 - 00000000 ____D C:\Users\All Users\ALM
    2012-11-04 20:19 - 2012-07-10 13:57 - 00000000 ____D C:\Users\Simon\AppData\Roaming\Adobe
    2012-11-04 20:17 - 2012-08-22 14:01 - 00000000 ____D C:\Program Files (x86)\Adobe
    2012-11-04 20:13 - 2012-11-04 20:13 - 00000000 ____D C:\Users\Simon\Adobe Flash Builder 4.6
    2012-11-04 20:08 - 2012-11-04 20:08 - 00002026 ____A C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk
    2012-11-04 19:56 - 2012-08-22 14:00 - 00000000 ____D C:\Program Files\Adobe
    2012-11-04 19:06 - 2012-11-04 18:53 - 00000000 ____D C:\Users\Simon\Desktop\Adobe CS6 Master Collection
    2012-11-04 17:58 - 2012-08-20 12:37 - 00000000 ____D C:\Users\Simon\Downloads\Adobe CS6 Master Collection
    2012-11-04 17:40 - 2012-09-30 22:22 - 00000000 ____D C:\Users\Simon\Downloads\Adobe.Master.Collection.CS6.LS16+Patch [WORKING]
    2012-11-04 17:40 - 2012-09-26 12:49 - 00000000 ____D C:\Users\Simon\Downloads\Adobe.CS6.Master.Collection-milkman
    2012-11-04 17:40 - 2012-07-23 18:35 - 00000000 ____D C:\Users\Simon\Downloads\Adobe Premiere Pro CS6 (64 Bit) - Cool Release
    2012-11-04 17:35 - 2012-11-04 17:35 - 00016981 ____A C:\Users\Simon\Downloads\[isoHunt] Adobe CS6 Master Collection (1).torrent
    2012-11-04 17:26 - 2012-11-04 17:26 - 00000616 ____A C:\Users\Simon\Downloads\ADOBE_CS6.0_MASTER_COLLECTION_WIN_OSX_KEYGEN-XFORCE.torrent
    2012-11-04 17:26 - 2012-11-04 17:26 - 00000000 ____D C:\Users\Simon\Downloads\ADOBE_CS6.0_MASTER_COLLECTION_WIN_OSX_KEYGEN-XFORCE
    2012-11-04 17:25 - 2012-11-04 17:25 - 00001706 ____A C:\Users\Simon\Downloads\Adobe_CS6_All_Products_Activator__x32___x64___2012_-MPT (1).torrent
    2012-11-04 13:54 - 2012-11-04 13:54 - 00001166 ____A C:\Users\Public\Desktop\TeamViewer 7.lnk
    2012-11-04 13:54 - 2012-11-04 13:54 - 00000000 ____D C:\Program Files (x86)\TeamViewer
    2012-11-04 13:52 - 2012-11-04 13:52 - 04939440 ____A (TeamViewer GmbH) C:\Users\Simon\Downloads\TeamViewer_Setup.exe
    2012-11-04 13:50 - 2012-11-04 13:49 - 00000000 ____D C:\Users\All Users\Premium
    2012-11-04 13:48 - 2012-11-04 13:48 - 00300936 ____A (Premium) C:\Users\Simon\Downloads\VaudiX.exe
    2012-11-04 13:48 - 2012-11-04 13:48 - 00000000 ____D C:\Users\All Users\Vaudix
    2012-11-04 11:40 - 2012-07-15 10:46 - 00000000 ____D C:\Users\Simon\AppData\Local\Apple Computer
    2012-11-04 10:03 - 2012-11-04 10:03 - 00015872 ____A C:\Users\Simon\Downloads\seminarji.xls
    2012-11-03 22:55 - 2012-11-03 22:55 - 00000000 ____D C:\Users\Simon\AppData\Roaming\Mozilla
    2012-10-30 09:41 - 2012-10-30 09:41 - 00482816 ____H C:\Users\Simon\Downloads\~WRL2901.tmp
    2012-10-28 17:33 - 2012-10-28 17:33 - 00056823 ____A C:\Users\Simon\Downloads\Ice.Age.4.Continental.Drift.2012.SLOSubs.DVDRip.XviD-DrSi.torrent
    2012-10-27 00:37 - 2012-10-26 22:13 - 00000000 ____D C:\CS6
    2012-10-26 22:09 - 2012-10-26 21:58 - 00000000 ____D C:\Users\Simon\Downloads\Project.X.2012.EXTENDED.SLOSubs.DVDRip.XviD-DrSi
    2012-10-24 21:41 - 2012-10-24 21:41 - 00055176 ____A C:\Users\Simon\Downloads\Adobe.CS6.Master.Collection-milkman (1).torrent
    2012-10-24 21:35 - 2012-10-24 21:35 - 00001845 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
    2012-10-24 21:35 - 2012-10-24 21:35 - 00000000 ____D C:\Program Files (x86)\QuickTime
    2012-10-24 21:34 - 2012-10-24 21:32 - 39483256 ____A (Apple Inc.) C:\Users\Simon\Downloads\QuickTimeInstaller.exe
    2012-10-23 18:07 - 2012-10-23 18:06 - 16061064 ____A C:\Users\Simon\Downloads\getOrder_promo_mix.mp4
    2012-10-22 11:33 - 2012-10-22 11:33 - 00000000 ____D C:\Users\All Users\Hewlett-Packard
    2012-10-21 21:20 - 2012-10-21 21:20 - 00001043 ____A C:\Users\Simon\Desktop\Dropbox.lnk
    2012-10-21 21:18 - 2012-10-21 21:18 - 05694794 ____A C:\Users\Simon\Downloads\template-discsurface.zip
    2012-10-21 21:17 - 2012-10-21 21:16 - 17813784 ____A (Dropbox, Inc.) C:\Users\Simon\Downloads\Dropbox 1.4.17.exe

    ZeroAccess:
    C:\Windows\Installer\{4a932166-9e69-a220-2dc9-039feeedcfac}
    C:\Windows\Installer\{4a932166-9e69-a220-2dc9-039feeedcfac}\@
    C:\Windows\Installer\{4a932166-9e69-a220-2dc9-039feeedcfac}\L
    C:\Windows\Installer\{4a932166-9e69-a220-2dc9-039feeedcfac}\U
    C:\Windows\Installer\{4a932166-9e69-a220-2dc9-039feeedcfac}\L\00000004.@
    C:\Windows\Installer\{4a932166-9e69-a220-2dc9-039feeedcfac}\L\201d3dde
    C:\Windows\Installer\{4a932166-9e69-a220-2dc9-039feeedcfac}\L\55490ac4
    C:\Windows\Installer\{4a932166-9e69-a220-2dc9-039feeedcfac}\U\00000004.@
    C:\Windows\Installer\{4a932166-9e69-a220-2dc9-039feeedcfac}\U\00000008.@
    C:\Windows\Installer\{4a932166-9e69-a220-2dc9-039feeedcfac}\U\000000cb.@
    C:\Windows\Installer\{4a932166-9e69-a220-2dc9-039feeedcfac}\U\80000000.@
    C:\Windows\Installer\{4a932166-9e69-a220-2dc9-039feeedcfac}\U\80000032.@
    C:\Windows\Installer\{4a932166-9e69-a220-2dc9-039feeedcfac}\U\80000064.@

    ZeroAccess:
    C:\Windows\assembly\GAC_32\Desktop.ini

    ZeroAccess:
    C:\Windows\assembly\GAC_64\Desktop.ini

    ==================== Bamital & volsnap Check =================

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe 50BEA589F7D7958BDD2528A8F69D05CC ZeroAccess <==== ATTENTION!.
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== Restore Points =========================


    ==================== Memory info ===========================

    Percentage of memory in use: 24%
    Total physical RAM: 8086.17 MB
    Available physical RAM: 6103.46 MB
    Total Pagefile: 16170.53 MB
    Available Pagefile: 14007.01 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.86 MB

    ==================== Partitions =============================

    1 Drive c: () (Fixed) (Total:390.62 GB) (Free:100.36 GB) NTFS
    2 Drive d: () (Fixed) (Total:288.38 GB) (Free:38.71 GB) NTFS
    3 Drive e: (GSP1RMCPRXFRER_EN_DVD) (CDROM) (Total:3.09 GB) (Free:0 GB) UDF
    5 Drive g: () (Removable) (Total:7.44 GB) (Free:3.45 GB) FAT32

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 698 GB 0 B
    Disk 1 Online 7638 MB 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 OEM 101 MB 31 KB
    Partition 2 Primary 19 GB 104 MB
    Partition 3 Primary 288 GB 19 GB
    Partition 4 Primary 390 GB 308 GB

    ==================================================================================

    Disk: 0
    Partition 1
    Type : DE
    Hidden: Yes
    Active: No

    There is no volume associated with this partition.

    =========================================================

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 RECOVERY NTFS Partition 19 GB Healthy System (partition with boot components)

    =========================================================

    Disk: 0
    Partition 3
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 4 D NTFS Partition 288 GB Healthy

    =========================================================

    Disk: 0
    Partition 4
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 5 C NTFS Partition 390 GB Healthy Boot

    =========================================================

    Partitions of Disk 1:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 7634 MB 4032 KB

    ==================================================================================

    Disk: 1
    Partition 1
    Type : 0B
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 6 G FAT32 Removable 7634 MB Healthy

    =========================================================

    Last Boot: 2012-11-15 01:23

    ==================== End Of Log =============================
     
  2. Broni

    Broni Malware Annihilator Posts: 47,630   +267

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
  3. Sinko666

    Sinko666 TS Rookie Topic Starter

    Malwarebytes Anti-Malware (Trial) 1.65.1.1000
    www.malwarebytes.org

    Database version: v2012.11.20.03

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Simon :: SIMON-LAPTOP [administrator]

    Protection: Enabled

    20.11.2012 17:35:53
    mbam-log-2012-11-20 (17-35-53).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 226177
    Time elapsed: 4 minute(s), 14 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 7
    C:\Users\Simon\AppData\Local\Temp\Rar$EXa0.403\Adobe CS6 All Products Activator (x32 & x64)\adobe.cs6.all.products.activator.(x32.y.x64)_up01-MPT.exe (PUP.Hacktool.Patcher) -> Quarantined and deleted successfully.
    C:\Users\Simon\Downloads\VaudiX.exe (Affiliate.Downloader) -> Quarantined and deleted successfully.
    C:\Users\Simon\Local Settings\Temporary Internet Files\Content.IE5\QPONUTMJ\agent_setup[1].exe (Affiliate.Downloader) -> Quarantined and deleted successfully.
    C:\Users\Simon\Local Settings\Temporary Internet Files\Content.IE5\QPONUTMJ\uninstaller[1].exe (Affiliate.Downloader) -> Quarantined and deleted successfully.
    C:\Users\Simon\Local Settings\Temporary Internet Files\Content.IE5\X85TT6F8\5096643e47b9f[1].exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{4a932166-9e69-a220-2dc9-039feeedcfac}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{4a932166-9e69-a220-2dc9-039feeedcfac}\U\000000cb.@ (Rootkit.0Access) -> Quarantined and deleted successfully.

    (end)

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16455
    Run by Simon at 17:54:58 on 2012-11-20
    Microsoft Windows 7 Professional 6.1.7601.1.1250.386.1033.18.8086.5274 [GMT 1:00]
    .
    AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
    C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\WLANExt.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
    c:\xampp\apache\bin\httpd.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\xampp\apache\bin\httpd.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    c:\xampp\mysql\bin\mysqld.exe
    C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe
    C:\Windows\SysWOW64\PnkBstrA.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
    C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
    C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
    C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
    C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Windows\System32\WUDFHost.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    "C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
    C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Windows\System32\M-AudioTaskBarIcon.exe
    C:\Program Files (x86)\Skype\Phone\Skype.exe
    C:\Users\Simon\AppData\Local\Akamai\netsession_win.exe
    C:\Users\Simon\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
    C:\Program Files (x86)\AVG Secure Search\vprot.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Users\Simon\AppData\Local\Akamai\netsession_win.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Users\Simon\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Simon\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Simon\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Simon\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Simon\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Simon\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Simon\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Simon\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Simon\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Simon\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Simon\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Simon\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Simon\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Simon\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Simon\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
    C:\Windows\sysWOW64\wbem\wmiprvse.exe
    C:\Users\Simon\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\wbem\WmiApSrv.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://google.com/
    mWinlogon: Userinit = userinit.exe,
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
    BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL
    BHO: Microsoft SPFS Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL
    BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
    TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    uRun: [Google Update] "C:\Users\Simon\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
    uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
    uRun: [AdobeBridge] <no file>
    mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
    mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
    mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [HF_G_Jul] "C:\Program Files (x86)\AVG Secure Search\HF_G_Jul.exe" /DoAction
    mRun: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1
    mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
    mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
    StartupFolder: C:\Users\Simon\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Simon\AppData\Roaming\Dropbox\bin\Dropbox.exe
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableLUA = dword:0
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-System: PromptOnSecureDesktop = dword:0
    IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~1\Office15\EXCEL.EXE/3000
    IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
    LSP: mswsock.dll
    Trusted Zone: dell.com
    TCP: NameServer = 10.0.0.1
    TCP: Interfaces\{546D3127-7DF7-427C-8160-F67FA42CFCD2} : DHCPNameServer = 10.0.0.1
    TCP: Interfaces\{546D3127-7DF7-427C-8160-F67FA42CFCD2}\3596E6B6F6 : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{546D3127-7DF7-427C-8160-F67FA42CFCD2}\67C61646F6 : DHCPNameServer = 84.255.209.79 84.255.210.79 10.6.112.4
    TCP: Interfaces\{546D3127-7DF7-427C-8160-F67FA42CFCD2}\8696F557E6966756273756 : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{546D3127-7DF7-427C-8160-F67FA42CFCD2}\D657765627C696 : DHCPNameServer = 212.103.128.66 212.103.128.67
    TCP: Interfaces\{9B5090E1-E1AD-424B-826D-96D4E9FB292D} : DHCPNameServer = 10.0.0.1
    Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
    Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll
    AppInit_DLLs= c:\windows\syswow64\nvinit.dll
    SSODL: WebCheck - <orphaned>
    x64-BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll
    x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
    x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL
    x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
    x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX3
    x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
    x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
    x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
    x64-Run: [NVHotkey] rundll32.exe C:\Windows\System32\nvHotkey.dll,Start
    x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
    x64-Run: [IntelPAN] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray
    x64-Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
    x64-Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
    x64-Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
    x64-Run: [M-Audio Taskbar Icon] C:\Windows\System32\M-AudioTaskBarIcon.exe
    x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
    x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
    x64-IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll
    x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
    x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll
    x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
    x64-Notify: igfxcui - igfxdev.dll
    x64-SSODL: WebCheck - <orphaned>
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-4-19 28480]
    R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-1-31 36944]
    R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2012-7-10 28992]
    R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-8-22 56208]
    R0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\Windows\System32\drivers\stdcfltn.sys [2012-7-10 21616]
    R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-7-26 291680]
    R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2011-12-23 47696]
    R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-8-24 384352]
    R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-8-27 30568]
    R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2012-7-15 283200]
    R1 nvkflt;nvkflt;C:\Windows\System32\drivers\nvkflt.sys [2012-7-10 249152]
    R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2012-7-10 98208]
    R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-9-15 1166848]
    R2 Apache2.4;Apache2.4;C:\xampp\apache\bin\httpd.exe [2012-6-6 22016]
    R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-8-13 5167736]
    R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
    R2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-6-3 134928]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-7-10 13336]
    R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-11-20 399432]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-11-20 676936]
    R2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe [2012-4-11 204304]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-11-3 381248]
    R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-11-4 2848168]
    R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2010-11-29 16120]
    R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-7-10 2656280]
    R2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [2012-11-8 711112]
    R3 Acceler;Accelerometer Service;C:\Windows\System32\drivers\Accelern.sys [2012-7-10 27760]
    R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;C:\Windows\System32\drivers\AmpPal.sys [2011-9-15 299008]
    R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2011-12-23 124496]
    R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\System32\drivers\avgidsfiltera.sys [2011-12-23 29776]
    R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-7-10 317440]
    R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-11-20 25928]
    R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2011-9-13 95744]
    R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2011-9-13 212992]
    R3 qicflt;upper Device Filter Driver;C:\Windows\System32\drivers\qicflt.sys [2012-7-10 29288]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-7-10 565352]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
    S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;C:\Windows\System32\drivers\AmpPal.sys [2011-9-15 299008]
    S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]
    S3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2012-7-10 174168]
    S3 MAUSBFASTTRACKPRO;Service for M-Audio FastTrack Pro;C:\Windows\System32\drivers\MAudioFastTrackPro.sys [2010-12-7 187912]
    S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-9-15 340240]
    S3 NMgamingmsFltr;USB Optical Mouse;C:\Windows\System32\drivers\NMgamingms.sys [2009-7-24 11264]
    S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2012-6-23 178784]
    S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
    S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
    S3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-7-14 1255736]
    S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
    .
    =============== File Associations ===============
    .
    FileExt: .js: jsfile="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS6\Dreamweaver.exe","%1"
    ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS6\dreamweaver.exe", "%1"
    .
    =============== Created Last 30 ================
    .
    2012-11-20 16:34:45--------d-----w-C:\Users\Simon\AppData\Roaming\Malwarebytes
    2012-11-20 16:34:38--------d-----w-C:\ProgramData\Malwarebytes
    2012-11-20 16:34:3725928----a-w-C:\Windows\System32\drivers\mbam.sys
    2012-11-20 16:34:37--------d-----w-C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-11-20 11:44:38--------d-----w-C:\FRST
    2012-11-19 07:34:27--------d-----w-C:\Program Files (x86)\Verimatrix
    2012-11-18 20:58:57--------d-sh--w-C:\Windows\SysWow64\%APPDATA%
    2012-11-18 20:47:09--------d-----w-C:\Windows\System32\appmgmt
    2012-11-18 20:24:3173656----a-w-C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-11-18 20:24:31697272----a-w-C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-11-18 19:47:34220160----a-w-C:\ProgramData\Microsoft\Media Tools\MediaIconsOverlays.dll
    2012-11-18 19:47:26--------d-----w-C:\Program Files (x86)\Mega Codec Pack
    2012-11-18 19:05:30696832----a-w-C:\Windows\System32\xvidcore.dll
    2012-11-18 19:05:30645632----a-w-C:\Windows\SysWow64\xvidcore.dll
    2012-11-18 19:05:30255488----a-w-C:\Windows\System32\xvidvfw.dll
    2012-11-18 19:05:30240640----a-w-C:\Windows\SysWow64\xvidvfw.dll
    2012-11-18 19:05:30173568----a-w-C:\Windows\System32\xvid.ax
    2012-11-18 19:05:30153088----a-w-C:\Windows\SysWow64\xvid.ax
    2012-11-18 19:05:27--------d-----w-C:\Program Files (x86)\Xvid
    2012-11-14 02:05:259728----a-w-C:\Windows\System32\Wdfres.dll
    2012-11-14 02:05:25785512----a-w-C:\Windows\System32\drivers\Wdf01000.sys
    2012-11-14 02:05:2554376----a-w-C:\Windows\System32\drivers\WdfLdr.sys
    2012-11-14 02:05:252560----a-w-C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
    2012-11-14 02:00:3987040----a-w-C:\Windows\System32\drivers\WUDFPf.sys
    2012-11-14 02:00:39198656----a-w-C:\Windows\System32\drivers\WUDFRd.sys
    2012-11-14 02:00:3784992----a-w-C:\Windows\System32\WUDFSvc.dll
    2012-11-14 02:00:3745056----a-w-C:\Windows\System32\WUDFCoinstaller.dll
    2012-11-14 02:00:37194048----a-w-C:\Windows\System32\WUDFPlatform.dll
    2012-11-14 02:00:36744448----a-w-C:\Windows\System32\WUDFx.dll
    2012-11-14 02:00:36229888----a-w-C:\Windows\System32\WUDFHost.exe
    2012-11-13 22:04:5895744----a-w-C:\Windows\System32\synceng.dll
    2012-11-13 22:04:5878336----a-w-C:\Windows\SysWow64\synceng.dll
    2012-11-10 15:36:39--------d-----w-C:\Users\Simon\AppData\Roaming\Dell
    2012-11-10 15:36:32--------d-----w-C:\ProgramData\PC-Doctor for Windows
    2012-11-10 15:36:31--------d-----w-C:\ProgramData\PCDr
    2012-11-10 15:36:09--------d-----w-C:\Program Files\Dell Support Center
    2012-11-10 15:32:31--------d-----w-C:\Users\Simon\AppData\Roaming\PCDr
    2012-11-10 15:32:23--------d-----w-C:\temp
    2012-11-10 14:59:36--------d-----w-C:\Users\Simon\AppData\Local\Akamai
    2012-11-10 14:46:58--------d-----w-C:\Users\Simon\AppData\Roaming\Verimatrix
    2012-11-10 14:46:49--------d-----w-C:\ProgramData\Verimatrix
    2012-11-04 19:19:37--------d-----w-C:\ProgramData\ALM
    2012-11-04 19:13:27--------d-----w-C:\Users\Simon\Adobe Flash Builder 4.6
    2012-11-04 12:55:14--------d-----w-C:\Users\Simon\AppData\Roaming\TeamViewer
    2012-11-04 12:54:13--------d-----w-C:\Program Files (x86)\TeamViewer
    2012-11-04 12:50:06--------d-----w-C:\Program Files (x86)\VaudiX
    2012-11-04 12:49:57--------d-----w-C:\ProgramData\Premium
    2012-11-04 12:48:33--------d-----w-C:\ProgramData\Vaudix
    2012-11-04 12:48:18--------d-----w-C:\ProgramData\InstallMate
    2012-10-26 21:13:21--------d-----w-C:\CS6
    2012-10-24 20:35:59159744----a-w-C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
    2012-10-24 20:35:59159744----a-w-C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
    2012-10-24 20:35:59159744----a-w-C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
    2012-10-24 20:35:59159744----a-w-C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
    2012-10-24 20:35:59159744----a-w-C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
    2012-10-24 20:35:59159744----a-w-C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
    2012-10-24 20:35:59159744----a-w-C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
    2012-10-22 10:33:37230400----a-w-C:\Windows\System32\Spool\prtprocs\x64\hpzppw71.dll
    2012-10-21 20:20:12--------d-----r-C:\Users\Simon\Dropbox
    2012-10-21 20:18:36--------d-----w-C:\Users\Simon\AppData\Roaming\Dropbox
    .
    ==================== Find3M ====================
    .
    2012-11-08 22:55:5930568----a-w-C:\Windows\System32\drivers\avgtpx64.sys
    2012-10-18 18:25:583149824----a-w-C:\Windows\System32\win32k.sys
    2012-10-09 18:17:1355296----a-w-C:\Windows\System32\dhcpcsvc6.dll
    2012-10-09 18:17:13226816----a-w-C:\Windows\System32\dhcpcore6.dll
    2012-10-09 17:40:3144032----a-w-C:\Windows\SysWow64\dhcpcsvc6.dll
    2012-10-09 17:40:31193536----a-w-C:\Windows\SysWow64\dhcpcore6.dll
    2012-10-08 11:31:032312704----a-w-C:\Windows\System32\jscript9.dll
    2012-10-08 11:23:521392128----a-w-C:\Windows\System32\wininet.dll
    2012-10-08 11:22:551494528----a-w-C:\Windows\System32\inetcpl.cpl
    2012-10-08 11:18:22173056----a-w-C:\Windows\System32\ieUnatt.exe
    2012-10-08 11:17:35599040----a-w-C:\Windows\System32\vbscript.dll
    2012-10-08 11:13:332382848----a-w-C:\Windows\System32\mshtml.tlb
    2012-10-08 07:56:241800704----a-w-C:\Windows\SysWow64\jscript9.dll
    2012-10-08 07:48:031129472----a-w-C:\Windows\SysWow64\wininet.dll
    2012-10-08 07:47:441427968----a-w-C:\Windows\SysWow64\inetcpl.cpl
    2012-10-08 07:44:05142848----a-w-C:\Windows\SysWow64\ieUnatt.exe
    2012-10-08 07:43:21420864----a-w-C:\Windows\SysWow64\vbscript.dll
    2012-10-08 07:40:562382848----a-w-C:\Windows\SysWow64\mshtml.tlb
    2012-10-03 17:56:541914248----a-w-C:\Windows\System32\drivers\tcpip.sys
    2012-10-03 17:44:2170656----a-w-C:\Windows\System32\nlaapi.dll
    2012-10-03 17:44:21303104----a-w-C:\Windows\System32\nlasvc.dll
    2012-10-03 17:44:17246272----a-w-C:\Windows\System32\netcorehc.dll
    2012-10-03 17:44:1718944----a-w-C:\Windows\System32\netevent.dll
    2012-10-03 17:44:16216576----a-w-C:\Windows\System32\ncsi.dll
    2012-10-03 17:42:16569344----a-w-C:\Windows\System32\iphlpsvc.dll
    2012-10-03 16:42:2418944----a-w-C:\Windows\SysWow64\netevent.dll
    2012-10-03 16:42:24175104----a-w-C:\Windows\SysWow64\netcorehc.dll
    2012-10-03 16:42:23156672----a-w-C:\Windows\SysWow64\ncsi.dll
    2012-10-03 16:07:2645568----a-w-C:\Windows\System32\drivers\tcpipreg.sys
    2012-09-20 14:02:061832760----a-w-C:\Windows\System32\LogiLDA.DLL
    2012-09-14 19:19:292048----a-w-C:\Windows\System32\tzres.dll
    2012-09-14 18:28:532048----a-w-C:\Windows\SysWow64\tzres.dll
    2012-08-31 18:19:351659760----a-w-C:\Windows\System32\drivers\ntfs.sys
    2012-08-30 18:03:455559664----a-w-C:\Windows\System32\ntoskrnl.exe
    2012-08-30 17:12:023968880----a-w-C:\Windows\SysWow64\ntkrnlpa.exe
    2012-08-30 17:12:023914096----a-w-C:\Windows\SysWow64\ntoskrnl.exe
    2012-08-24 18:05:07220160----a-w-C:\Windows\System32\wintrust.dll
    2012-08-24 16:57:48172544----a-w-C:\Windows\SysWow64\wintrust.dll
    2012-08-24 13:43:16384352----a-w-C:\Windows\System32\drivers\avgtdia.sys
    2012-08-22 18:12:40950128----a-w-C:\Windows\System32\drivers\ndis.sys
    2012-08-22 18:12:40376688----a-w-C:\Windows\System32\drivers\netio.sys
    2012-08-22 18:12:33288624----a-w-C:\Windows\System32\drivers\FWPKCLNT.SYS
    .
    ============= FINISH: 17:55:28,31 ===============
     

    Attached Files:

  4. Broni

    Broni Malware Annihilator Posts: 47,630   +267

    Please observe forum rules.
    All logs have to be pasted not attached.
    Paste Attach.txt into your next reply.

    Then...

    Create new restore point before proceeding with the next step....
    How to:
    - Windows 8: http://www.vikitech.com/11302/system-restore-windows-8
    - Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
    - Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
    - XP: http://support.microsoft.com/kb/948247

    ********************************************

    Download Malwarebytes Anti-Rootkit (MBAR) from HERE
    • Unzip downloaded file.
    • Open the folder where the contents were unzipped and run mbar.exe
    • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
    • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
    • Wait while the system shuts down and the cleanup process is performed.
    • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
    • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.