Inactive Infected with Win64/Patched.A (service.exe)

Status
Not open for further replies.
Sinko666

Sinko666

Hi,
My name is Simon and I'm student from Slovenia. ;)

I'm infected with Win64/Patched.A (service.exe) and I need your help ASAP.

After reading few threads I found out that I have to scan my computer with Farbar Recovery Scan Tool. I'm using Win 7 64-bit.

Here is my FRST.txt:



Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-11-2012
Ran by Simon at 20-11-2012 12:44:44
Running from G:\
Service Pack 1 (X64) OS Language: English(US)
Attention: Could not load system hive.ATTENTION:=====> THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNCTION PROPERLY.


==================== One Month Created Files and Folders ========

2012-11-20 12:29 - 2012-11-20 12:29 - 00000326 ____A C:\Users\Simon\Downloads\fixlist.txt
2012-11-19 08:34 - 2012-11-20 21:41 - 00000000 ____D C:\Program Files (x86)\Verimatrix
2012-11-19 08:33 - 2012-11-19 08:34 - 11154432 ____A C:\Users\Simon\Downloads\ViewRightWebInstaller (1).msi
2012-11-19 07:40 - 2012-11-19 07:40 - 00003210 ____A C:\Users\Simon\Desktop\RKreport[1]_S_11192012_02d0740.txt
2012-11-19 07:39 - 2012-11-19 07:40 - 00000000 ____D C:\Users\Simon\Desktop\RK_Quarantine
2012-11-19 07:39 - 2012-11-19 07:39 - 00729088 ____A C:\Users\Simon\Downloads\RogueKiller.exe
2012-11-18 21:58 - 2012-11-18 21:58 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-11-18 21:47 - 2012-11-18 21:47 - 00000000 ____D C:\Windows\System32\appmgmt
2012-11-18 21:24 - 2012-11-18 21:24 - 00697272 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-11-18 21:24 - 2012-11-18 21:24 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-11-18 20:47 - 2012-11-18 20:47 - 00000000 ____D C:\Program Files (x86)\Mega Codec Pack
2012-11-18 20:09 - 2012-11-18 20:41 - 00000000 ____D C:\Users\Simon\Downloads\Pitch Perfect 2012 Eng [DVDRip] Dual Audio - DiAMOND
2012-11-18 20:09 - 2012-11-18 20:09 - 00030903 ____A C:\Users\Simon\Downloads\[isoHunt] 4935305.torrent
2012-11-18 20:06 - 2012-11-18 20:07 - 09060224 ____A (Gygan Inc ) C:\Users\Simon\Downloads\gyganinstall_0775 (1).exe
2012-11-18 20:05 - 2012-11-18 20:05 - 00000000 ____D C:\Program Files (x86)\Xvid
2012-11-18 20:05 - 2011-05-30 14:42 - 00255488 ____A C:\Windows\System32\xvidvfw.dll
2012-11-18 20:05 - 2011-05-30 14:42 - 00240640 ____A C:\Windows\SysWOW64\xvidvfw.dll
2012-11-18 20:05 - 2011-05-23 10:52 - 00153088 ____A C:\Windows\SysWOW64\xvid.ax
2012-11-18 20:05 - 2011-05-23 08:49 - 00173568 ____A C:\Windows\System32\xvid.ax
2012-11-18 20:05 - 2011-05-23 08:46 - 00645632 ____A C:\Windows\SysWOW64\xvidcore.dll
2012-11-18 20:05 - 2011-05-23 08:45 - 00696832 ____A C:\Windows\System32\xvidcore.dll
2012-11-18 20:03 - 2012-11-18 20:04 - 10768856 ____A (Xvid Team) C:\Users\Simon\Downloads\Xvid-1.3.2-20110601.exe
2012-11-18 20:00 - 2012-11-18 20:01 - 09060224 ____A (Gygan Inc ) C:\Users\Simon\Downloads\gyganinstall_0775.exe
2012-11-18 19:41 - 2012-11-18 20:09 - 00000000 ____D C:\Users\Simon\Downloads\Pitch Perfect 2012 DVDRip XviD-HELLRAZ0R
2012-11-18 19:40 - 2012-11-18 19:40 - 00014370 ____A C:\Users\Simon\Downloads\[isoHunt] Pitch Perfect 2012 DVDRip XviD-HELLRAZ0R.torrent
2012-11-18 17:46 - 2012-11-18 19:40 - 00000000 ____D C:\Users\Simon\Downloads\Pitch Perfect [2012] R5 XViD - RAWNiTRO
2012-11-18 17:45 - 2012-11-18 17:45 - 00000000 ____D C:\Users\Simon\Downloads\Pitch Perfect 2012 English HD-quality
2012-11-18 17:44 - 2012-11-18 17:44 - 00008591 ____A C:\Users\Simon\Downloads\[isoHunt] Pitch Perfect [2012] R5 XViD - RAWNiTRO.torrent
2012-11-18 17:41 - 2012-11-18 17:42 - 00056893 ____A C:\Users\Simon\Downloads\[isoHunt] download.torrent
2012-11-14 03:05 - 2012-07-26 05:55 - 00785512 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\Wdf01000.sys
2012-11-14 03:05 - 2012-07-26 05:55 - 00054376 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WdfLdr.sys
2012-11-14 03:05 - 2012-07-26 03:36 - 00009728 ____A (Microsoft Corporation) C:\Windows\System32\Wdfres.dll
2012-11-14 03:05 - 2012-06-02 15:35 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2012-11-14 03:01 - 2012-10-08 13:19 - 17811968 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-11-14 03:01 - 2012-10-08 12:42 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-11-14 03:01 - 2012-10-08 12:31 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-11-14 03:01 - 2012-10-08 12:24 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-11-14 03:01 - 2012-10-08 12:23 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-11-14 03:01 - 2012-10-08 12:22 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-11-14 03:01 - 2012-10-08 12:22 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-11-14 03:01 - 2012-10-08 12:20 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-11-14 03:01 - 2012-10-08 12:18 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-11-14 03:01 - 2012-10-08 12:17 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-11-14 03:01 - 2012-10-08 12:17 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-11-14 03:01 - 2012-10-08 12:15 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-11-14 03:01 - 2012-10-08 12:15 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-11-14 03:01 - 2012-10-08 12:13 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-11-14 03:01 - 2012-10-08 12:13 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-11-14 03:01 - 2012-10-08 12:09 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-11-14 03:01 - 2012-10-08 09:28 - 12320768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-11-14 03:01 - 2012-10-08 09:02 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-11-14 03:01 - 2012-10-08 08:56 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-11-14 03:01 - 2012-10-08 08:48 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-11-14 03:01 - 2012-10-08 08:48 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-11-14 03:01 - 2012-10-08 08:47 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-11-14 03:01 - 2012-10-08 08:46 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-11-14 03:01 - 2012-10-08 08:45 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-11-14 03:01 - 2012-10-08 08:44 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-11-14 03:01 - 2012-10-08 08:43 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-11-14 03:01 - 2012-10-08 08:43 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-11-14 03:01 - 2012-10-08 08:42 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-11-14 03:01 - 2012-10-08 08:41 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-11-14 03:01 - 2012-10-08 08:41 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-11-14 03:01 - 2012-10-08 08:40 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-11-14 03:01 - 2012-10-08 08:37 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-11-14 03:00 - 2012-07-26 04:08 - 00744448 ____A (Microsoft Corporation) C:\Windows\System32\WUDFx.dll
2012-11-14 03:00 - 2012-07-26 04:08 - 00229888 ____A (Microsoft Corporation) C:\Windows\System32\WUDFHost.exe
2012-11-14 03:00 - 2012-07-26 04:08 - 00194048 ____A (Microsoft Corporation) C:\Windows\System32\WUDFPlatform.dll
2012-11-14 03:00 - 2012-07-26 04:08 - 00084992 ____A (Microsoft Corporation) C:\Windows\System32\WUDFSvc.dll
2012-11-14 03:00 - 2012-07-26 04:08 - 00045056 ____A (Microsoft Corporation) C:\Windows\System32\WUDFCoinstaller.dll
2012-11-14 03:00 - 2012-07-26 03:26 - 00198656 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFRd.sys
2012-11-14 03:00 - 2012-07-26 03:26 - 00087040 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFPf.sys
2012-11-14 03:00 - 2012-06-02 15:57 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2012-11-14 01:04 - 2012-11-14 03:15 - 00000000 ____D C:\Users\Simon\Downloads\Call.of.Duty.Black.Ops.II-SKIDROW
2012-11-14 01:03 - 2012-11-14 01:03 - 00151230 ____A C:\Users\Simon\Downloads\Call.of.Duty.Black.Ops.II-SKIDROW.torrent
2012-11-13 23:05 - 2012-10-18 19:25 - 03149824 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-11-13 23:05 - 2012-10-09 19:17 - 00226816 ____A (Microsoft Corporation) C:\Windows\System32\dhcpcore6.dll
2012-11-13 23:05 - 2012-10-09 19:17 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\dhcpcsvc6.dll
2012-11-13 23:05 - 2012-10-09 18:40 - 00193536 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore6.dll
2012-11-13 23:05 - 2012-10-09 18:40 - 00044032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc6.dll
2012-11-13 23:05 - 2012-10-03 18:56 - 01914248 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-11-13 23:05 - 2012-10-03 18:44 - 00303104 ____A (Microsoft Corporation) C:\Windows\System32\nlasvc.dll
2012-11-13 23:05 - 2012-10-03 18:44 - 00246272 ____A (Microsoft Corporation) C:\Windows\System32\netcorehc.dll
2012-11-13 23:05 - 2012-10-03 18:44 - 00216576 ____A (Microsoft Corporation) C:\Windows\System32\ncsi.dll
2012-11-13 23:05 - 2012-10-03 18:44 - 00070656 ____A (Microsoft Corporation) C:\Windows\System32\nlaapi.dll
2012-11-13 23:05 - 2012-10-03 18:44 - 00018944 ____A (Microsoft Corporation) C:\Windows\System32\netevent.dll
2012-11-13 23:05 - 2012-10-03 18:42 - 00569344 ____A (Microsoft Corporation) C:\Windows\System32\iphlpsvc.dll
2012-11-13 23:05 - 2012-10-03 17:42 - 00175104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netcorehc.dll
2012-11-13 23:05 - 2012-10-03 17:42 - 00156672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2012-11-13 23:05 - 2012-10-03 17:42 - 00018944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netevent.dll
2012-11-13 23:05 - 2012-10-03 17:07 - 00045568 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpipreg.sys
2012-11-13 23:05 - 2012-01-13 08:12 - 00052224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2012-11-13 23:04 - 2012-09-25 23:47 - 00078336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\synceng.dll
2012-11-13 23:04 - 2012-09-25 23:46 - 00095744 ____A (Microsoft Corporation) C:\Windows\System32\synceng.dll
2012-11-11 20:58 - 2012-11-11 20:58 - 00004376 ____A C:\WirelessDiagLog.csv
2012-11-10 17:08 - 2012-11-10 17:08 - 00027520 ____A C:\Users\Simon\AppData\Local\dt.dat
2012-11-10 16:36 - 2012-11-10 16:56 - 00000000 ____D C:\Program Files\Dell Support Center
2012-11-10 16:36 - 2012-11-10 16:36 - 00000000 ____D C:\Users\Simon\AppData\Roaming\Dell
2012-11-10 16:36 - 2012-11-10 16:36 - 00000000 ____D C:\Users\All Users\PCDr
2012-11-10 16:32 - 2012-11-10 16:32 - 00038984 ____A (Dell Computer Corporation) C:\Users\Simon\Downloads\DellPCDiagnostics.exe
2012-11-10 16:32 - 2012-11-10 16:32 - 00000000 ____D C:\Users\Simon\AppData\Roaming\PCDr
2012-11-10 16:25 - 2012-11-10 16:26 - 06059000 ____A C:\Users\Simon\Downloads\R295126.exe
2012-11-10 16:24 - 2012-11-10 16:25 - 08276776 ____A C:\Users\Simon\Downloads\USB3_Renesas_W7_A03_Setup-61X2W_ZPE.exe
2012-11-10 16:16 - 2012-11-10 16:18 - 17371337 ____A C:\Users\Simon\Downloads\R317457.zip
2012-11-10 16:12 - 2012-11-10 16:13 - 04300104 ____A C:\Users\Simon\Downloads\CW1394A0.exe
2012-11-10 15:59 - 2012-11-20 21:41 - 00000000 ____D C:\Users\Simon\AppData\Local\Akamai
2012-11-10 15:57 - 2012-11-10 15:58 - 11064264 ____A (Akamai Technologies, Inc.) C:\Users\Simon\Downloads\Dell_Download_Manager_Setup.exe
2012-11-10 15:49 - 2012-11-10 15:49 - 00127480 ____A C:\Users\Simon\Downloads\DELL_S2230MX-MONITOR_A00-00_R303587.exe
2012-11-10 15:48 - 2012-11-10 15:49 - 10797616 ____A C:\Users\Simon\Downloads\R296901.exe
2012-11-10 15:47 - 2012-11-10 15:47 - 00010579 ____A C:\Users\Simon\Downloads\dellsystemdetect.application
2012-11-10 15:46 - 2012-11-10 15:46 - 00000000 ____D C:\Users\Simon\AppData\Roaming\Verimatrix
2012-11-10 15:46 - 2012-11-10 15:46 - 00000000 ____D C:\Users\All Users\Verimatrix
2012-11-10 15:39 - 2012-11-10 15:40 - 11154432 ____A C:\Users\Simon\Downloads\ViewRightWebInstaller.msi
2012-11-04 20:19 - 2012-11-04 20:19 - 00000000 ____D C:\Windows\System32\Macromed
2012-11-04 20:19 - 2012-11-04 20:19 - 00000000 ____D C:\Users\All Users\ALM
2012-11-04 20:13 - 2012-11-04 20:13 - 00000000 ____D C:\Users\Simon\Adobe Flash Builder 4.6
2012-11-04 20:08 - 2012-11-04 20:08 - 00002026 ____A C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk
2012-11-04 18:53 - 2012-11-04 19:06 - 00000000 ____D C:\Users\Simon\Desktop\Adobe CS6 Master Collection
2012-11-04 17:35 - 2012-11-04 17:35 - 00016981 ____A C:\Users\Simon\Downloads\[isoHunt] Adobe CS6 Master Collection (1).torrent
2012-11-04 17:26 - 2012-11-04 17:26 - 00000616 ____A C:\Users\Simon\Downloads\ADOBE_CS6.0_MASTER_COLLECTION_WIN_OSX_KEYGEN-XFORCE.torrent
2012-11-04 17:26 - 2012-11-04 17:26 - 00000000 ____D C:\Users\Simon\Downloads\ADOBE_CS6.0_MASTER_COLLECTION_WIN_OSX_KEYGEN-XFORCE
2012-11-04 17:25 - 2012-11-04 17:25 - 00001706 ____A C:\Users\Simon\Downloads\Adobe_CS6_All_Products_Activator__x32___x64___2012_-MPT (1).torrent
2012-11-04 13:55 - 2012-11-09 00:37 - 00000000 ____D C:\Users\Simon\AppData\Roaming\TeamViewer
2012-11-04 13:54 - 2012-11-04 13:54 - 00001166 ____A C:\Users\Public\Desktop\TeamViewer 7.lnk
2012-11-04 13:54 - 2012-11-04 13:54 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2012-11-04 13:52 - 2012-11-04 13:52 - 04939440 ____A (TeamViewer GmbH) C:\Users\Simon\Downloads\TeamViewer_Setup.exe
2012-11-04 13:50 - 2012-11-18 21:45 - 00000000 ____D C:\Program Files (x86)\VaudiX
2012-11-04 13:49 - 2012-11-20 12:43 - 00000370 ___AH C:\Windows\Tasks\VaudiXUpdaterTask{6F5B29B3-E8F2-4AE4-83C7-C188B6020673}.job
2012-11-04 13:49 - 2012-11-04 13:50 - 00000000 ____D C:\Users\All Users\Premium
2012-11-04 13:48 - 2012-11-18 21:45 - 00000000 ____D C:\Users\All Users\InstallMate
2012-11-04 13:48 - 2012-11-04 13:48 - 00300936 ____A (Premium) C:\Users\Simon\Downloads\VaudiX.exe
2012-11-04 13:48 - 2012-11-04 13:48 - 00000000 ____D C:\Users\All Users\Vaudix
2012-11-04 10:03 - 2012-11-04 10:03 - 00015872 ____A C:\Users\Simon\Downloads\seminarji.xls
2012-11-03 22:55 - 2012-11-03 22:55 - 00000000 ____D C:\Users\Simon\AppData\Roaming\Mozilla
2012-10-30 09:41 - 2012-10-30 09:41 - 00482816 ____H C:\Users\Simon\Downloads\~WRL2901.tmp
2012-10-28 17:33 - 2012-10-28 17:33 - 00056823 ____A C:\Users\Simon\Downloads\Ice.Age.4.Continental.Drift.2012.SLOSubs.DVDRip.XviD-DrSi.torrent
2012-10-26 22:13 - 2012-10-27 00:37 - 00000000 ____D C:\CS6
2012-10-26 21:58 - 2012-10-26 22:09 - 00000000 ____D C:\Users\Simon\Downloads\Project.X.2012.EXTENDED.SLOSubs.DVDRip.XviD-DrSi
2012-10-24 21:41 - 2012-10-24 21:41 - 00055176 ____A C:\Users\Simon\Downloads\Adobe.CS6.Master.Collection-milkman (1).torrent
2012-10-24 21:35 - 2012-10-24 21:35 - 00001845 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
2012-10-24 21:35 - 2012-10-24 21:35 - 00000000 ____D C:\Program Files (x86)\QuickTime
2012-10-24 21:32 - 2012-10-24 21:34 - 39483256 ____A (Apple Inc.) C:\Users\Simon\Downloads\QuickTimeInstaller.exe
2012-10-23 18:06 - 2012-10-23 18:07 - 16061064 ____A C:\Users\Simon\Downloads\getOrder_promo_mix.mp4
2012-10-22 11:33 - 2012-10-22 11:33 - 00000000 ____D C:\Users\All Users\Hewlett-Packard
2012-10-21 21:20 - 2012-11-20 12:44 - 00000000 ___RD C:\Users\Simon\Dropbox
2012-10-21 21:20 - 2012-10-21 21:20 - 00001043 ____A C:\Users\Simon\Desktop\Dropbox.lnk
2012-10-21 21:18 - 2012-11-20 12:44 - 00000000 ____D C:\Users\Simon\AppData\Roaming\Dropbox
2012-10-21 21:18 - 2012-10-21 21:18 - 05694794 ____A C:\Users\Simon\Downloads\template-discsurface.zip
2012-10-21 21:16 - 2012-10-21 21:17 - 17813784 ____A (Dropbox, Inc.) C:\Users\Simon\Downloads\Dropbox 1.4.17.exe


==================== One Month Modified Files and Folders =======

2012-11-20 21:41 - 2012-11-19 08:34 - 00000000 ____D C:\Program Files (x86)\Verimatrix
2012-11-20 21:41 - 2012-11-10 15:59 - 00000000 ____D C:\Users\Simon\AppData\Local\Akamai
2012-11-20 21:41 - 2012-07-15 14:09 - 00000000 ____D C:\Program Files (x86)\DAEMON Tools Lite
2012-11-20 21:41 - 2012-07-10 14:13 - 00000000 ____D C:\Windows\System32\Drivers\AVG
2012-11-20 21:41 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration
2012-11-20 21:41 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\AppCompat
2012-11-20 12:44 - 2012-11-20 12:44 - 00000000 ____D C:\FRST
2012-11-20 12:44 - 2012-10-21 21:20 - 00000000 ___RD C:\Users\Simon\Dropbox
2012-11-20 12:44 - 2012-10-21 21:18 - 00000000 ____D C:\Users\Simon\AppData\Roaming\Dropbox
2012-11-20 12:43 - 2012-11-04 13:49 - 00000370 ___AH C:\Windows\Tasks\VaudiXUpdaterTask{6F5B29B3-E8F2-4AE4-83C7-C188B6020673}.job
2012-11-20 12:43 - 2012-08-04 22:00 - 00001050 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-11-20 12:43 - 2012-07-10 13:18 - 00000000 ____D C:\Users\All Users\NVIDIA
2012-11-20 12:43 - 2012-07-10 12:52 - 00000000 ____D C:\users\Simon
2012-11-20 12:43 - 2009-07-14 06:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-11-20 12:43 - 2009-07-14 05:51 - 00038635 ____A C:\Windows\setupact.log
2012-11-20 12:29 - 2012-11-20 12:29 - 00000326 ____A C:\Users\Simon\Downloads\fixlist.txt
2012-11-20 02:00 - 2012-08-22 12:16 - 00000000 ____D C:\Users\Simon\AppData\Local\Adobe
2012-11-19 08:34 - 2012-11-19 08:33 - 11154432 ____A C:\Users\Simon\Downloads\ViewRightWebInstaller (1).msi
2012-11-19 08:10 - 2012-08-04 22:00 - 00001054 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-11-19 07:49 - 2009-07-14 05:45 - 00022032 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-11-19 07:49 - 2009-07-14 05:45 - 00022032 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-11-19 07:48 - 2009-07-14 06:13 - 00778660 ____A C:\Windows\System32\PerfStringBackup.INI
2012-11-19 07:42 - 2012-07-10 14:13 - 00000000 ____D C:\Users\All Users\AVG2012
2012-11-19 07:42 - 2010-11-21 04:47 - 00010042 ____A C:\Windows\PFRO.log
2012-11-19 07:41 - 2012-07-21 12:40 - 00000000 ____D C:\Users\Simon\AppData\Roaming\uTorrent
2012-11-19 07:40 - 2012-11-19 07:40 - 00003210 ____A C:\Users\Simon\Desktop\RKreport[1]_S_11192012_02d0740.txt
2012-11-19 07:40 - 2012-11-19 07:39 - 00000000 ____D C:\Users\Simon\Desktop\RK_Quarantine
2012-11-19 07:39 - 2012-11-19 07:39 - 00729088 ____A C:\Users\Simon\Downloads\RogueKiller.exe
2012-11-19 07:37 - 2012-07-10 13:54 - 00001066 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4188228576-3451463030-3658580190-1000UA.job
2012-11-19 07:00 - 2012-07-10 14:04 - 00000000 ____D C:\Users\All Users\MFAData
2012-11-18 21:58 - 2012-11-18 21:58 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-11-18 21:47 - 2012-11-18 21:47 - 00000000 ____D C:\Windows\System32\appmgmt
2012-11-18 21:45 - 2012-11-04 13:50 - 00000000 ____D C:\Program Files (x86)\VaudiX
2012-11-18 21:45 - 2012-11-04 13:48 - 00000000 ____D C:\Users\All Users\InstallMate
2012-11-18 21:27 - 2012-07-15 14:42 - 00000000 ____D C:\Users\Simon\AppData\Roaming\vlc
2012-11-18 21:24 - 2012-11-18 21:24 - 00697272 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-11-18 21:24 - 2012-11-18 21:24 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-11-18 20:47 - 2012-11-18 20:47 - 00000000 ____D C:\Program Files (x86)\Mega Codec Pack
2012-11-18 20:47 - 2012-07-10 12:52 - 01728130 ____A C:\Windows\WindowsUpdate.log
2012-11-18 20:41 - 2012-11-18 20:09 - 00000000 ____D C:\Users\Simon\Downloads\Pitch Perfect 2012 Eng [DVDRip] Dual Audio - DiAMOND
2012-11-18 20:09 - 2012-11-18 20:09 - 00030903 ____A C:\Users\Simon\Downloads\[isoHunt] 4935305.torrent
2012-11-18 20:09 - 2012-11-18 19:41 - 00000000 ____D C:\Users\Simon\Downloads\Pitch Perfect 2012 DVDRip XviD-HELLRAZ0R
2012-11-18 20:07 - 2012-11-18 20:06 - 09060224 ____A (Gygan Inc ) C:\Users\Simon\Downloads\gyganinstall_0775 (1).exe
2012-11-18 20:05 - 2012-11-18 20:05 - 00000000 ____D C:\Program Files (x86)\Xvid
2012-11-18 20:04 - 2012-11-18 20:03 - 10768856 ____A (Xvid Team) C:\Users\Simon\Downloads\Xvid-1.3.2-20110601.exe
2012-11-18 20:01 - 2012-11-18 20:00 - 09060224 ____A (Gygan Inc ) C:\Users\Simon\Downloads\gyganinstall_0775.exe
2012-11-18 19:40 - 2012-11-18 19:40 - 00014370 ____A C:\Users\Simon\Downloads\[isoHunt] Pitch Perfect 2012 DVDRip XviD-HELLRAZ0R.torrent
2012-11-18 19:40 - 2012-11-18 17:46 - 00000000 ____D C:\Users\Simon\Downloads\Pitch Perfect [2012] R5 XViD - RAWNiTRO
2012-11-18 17:45 - 2012-11-18 17:45 - 00000000 ____D C:\Users\Simon\Downloads\Pitch Perfect 2012 English HD-quality
2012-11-18 17:44 - 2012-11-18 17:44 - 00008591 ____A C:\Users\Simon\Downloads\[isoHunt] Pitch Perfect [2012] R5 XViD - RAWNiTRO.torrent
2012-11-18 17:42 - 2012-11-18 17:41 - 00056893 ____A C:\Users\Simon\Downloads\[isoHunt] download.torrent
2012-11-18 16:59 - 2012-07-24 14:42 - 00000000 ____D C:\Users\Simon\AppData\Roaming\Skype
2012-11-18 15:55 - 2012-07-10 13:54 - 00001014 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4188228576-3451463030-3658580190-1000Core.job
2012-11-16 15:55 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\System32\NDF
2012-11-15 01:30 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2012-11-14 03:29 - 2012-07-10 13:51 - 00087984 ____A C:\Users\Simon\AppData\Local\GDIPFONTCACHEV1.DAT
2012-11-14 03:24 - 2009-07-14 05:45 - 04990416 ____A C:\Windows\System32\FNTCACHE.DAT
2012-11-14 03:23 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2012-11-14 03:15 - 2012-11-14 01:04 - 00000000 ____D C:\Users\Simon\Downloads\Call.of.Duty.Black.Ops.II-SKIDROW
2012-11-14 01:03 - 2012-11-14 01:03 - 00151230 ____A C:\Users\Simon\Downloads\Call.of.Duty.Black.Ops.II-SKIDROW.torrent
2012-11-11 20:58 - 2012-11-11 20:58 - 00004376 ____A C:\WirelessDiagLog.csv
2012-11-10 17:16 - 2012-07-10 13:54 - 00000000 ____D C:\Users\Simon\AppData\Local\Deployment
2012-11-10 17:08 - 2012-11-10 17:08 - 00027520 ____A C:\Users\Simon\AppData\Local\dt.dat
2012-11-10 16:56 - 2012-11-10 16:36 - 00000000 ____D C:\Program Files\Dell Support Center
2012-11-10 16:36 - 2012-11-10 16:36 - 00000000 ____D C:\Users\Simon\AppData\Roaming\Dell
2012-11-10 16:36 - 2012-11-10 16:36 - 00000000 ____D C:\Users\All Users\PCDr
2012-11-10 16:36 - 2012-07-10 14:09 - 00000000 ____D C:\Users\All Users\Dell
2012-11-10 16:32 - 2012-11-10 16:32 - 00038984 ____A (Dell Computer Corporation) C:\Users\Simon\Downloads\DellPCDiagnostics.exe
2012-11-10 16:32 - 2012-11-10 16:32 - 00000000 ____D C:\Users\Simon\AppData\Roaming\PCDr
2012-11-10 16:26 - 2012-11-10 16:25 - 06059000 ____A C:\Users\Simon\Downloads\R295126.exe
2012-11-10 16:25 - 2012-11-10 16:24 - 08276776 ____A C:\Users\Simon\Downloads\USB3_Renesas_W7_A03_Setup-61X2W_ZPE.exe
2012-11-10 16:18 - 2012-11-10 16:16 - 17371337 ____A C:\Users\Simon\Downloads\R317457.zip
2012-11-10 16:13 - 2012-11-10 16:12 - 04300104 ____A C:\Users\Simon\Downloads\CW1394A0.exe
2012-11-10 15:58 - 2012-11-10 15:57 - 11064264 ____A (Akamai Technologies, Inc.) C:\Users\Simon\Downloads\Dell_Download_Manager_Setup.exe
2012-11-10 15:51 - 2012-07-10 13:17 - 00000000 ____D C:\Program Files (x86)\Intel
2012-11-10 15:49 - 2012-11-10 15:49 - 00127480 ____A C:\Users\Simon\Downloads\DELL_S2230MX-MONITOR_A00-00_R303587.exe
2012-11-10 15:49 - 2012-11-10 15:48 - 10797616 ____A C:\Users\Simon\Downloads\R296901.exe
2012-11-10 15:47 - 2012-11-10 15:47 - 00010579 ____A C:\Users\Simon\Downloads\dellsystemdetect.application
2012-11-10 15:46 - 2012-11-10 15:46 - 00000000 ____D C:\Users\Simon\AppData\Roaming\Verimatrix
2012-11-10 15:46 - 2012-11-10 15:46 - 00000000 ____D C:\Users\All Users\Verimatrix
2012-11-10 15:40 - 2012-11-10 15:39 - 11154432 ____A C:\Users\Simon\Downloads\ViewRightWebInstaller.msi
2012-11-09 00:37 - 2012-11-04 13:55 - 00000000 ____D C:\Users\Simon\AppData\Roaming\TeamViewer
2012-11-09 00:36 - 2012-07-22 21:53 - 00001998 ___AH C:\Users\Simon\Documents\Default.rdp
2012-11-08 23:56 - 2012-07-10 14:14 - 00000000 ____D C:\Users\All Users\AVG Secure Search
2012-11-08 23:56 - 2012-07-10 14:14 - 00000000 ____D C:\Program Files (x86)\AVG Secure Search
2012-11-08 23:55 - 2012-08-27 08:43 - 00030568 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx64.sys
2012-11-05 00:11 - 2012-09-02 10:30 - 00000021 ____A C:\Windows\SurCode.INI
2012-11-05 00:11 - 2012-09-02 10:30 - 00000000 ____D C:\Users\Simon\Documents\Adobe
2012-11-04 20:29 - 2012-08-22 13:54 - 00000000 ____D C:\Users\All Users\Adobe
2012-11-04 20:27 - 2012-09-30 20:12 - 00000000 ____D C:\Program Files\Common Files\Adobe
2012-11-04 20:19 - 2012-11-04 20:19 - 00000000 ____D C:\Windows\System32\Macromed
2012-11-04 20:19 - 2012-11-04 20:19 - 00000000 ____D C:\Users\All Users\ALM
2012-11-04 20:19 - 2012-07-10 13:57 - 00000000 ____D C:\Users\Simon\AppData\Roaming\Adobe
2012-11-04 20:17 - 2012-08-22 14:01 - 00000000 ____D C:\Program Files (x86)\Adobe
2012-11-04 20:13 - 2012-11-04 20:13 - 00000000 ____D C:\Users\Simon\Adobe Flash Builder 4.6
2012-11-04 20:08 - 2012-11-04 20:08 - 00002026 ____A C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk
2012-11-04 19:56 - 2012-08-22 14:00 - 00000000 ____D C:\Program Files\Adobe
2012-11-04 19:06 - 2012-11-04 18:53 - 00000000 ____D C:\Users\Simon\Desktop\Adobe CS6 Master Collection
2012-11-04 17:58 - 2012-08-20 12:37 - 00000000 ____D C:\Users\Simon\Downloads\Adobe CS6 Master Collection
2012-11-04 17:40 - 2012-09-30 22:22 - 00000000 ____D C:\Users\Simon\Downloads\Adobe.Master.Collection.CS6.LS16+Patch [WORKING]
2012-11-04 17:40 - 2012-09-26 12:49 - 00000000 ____D C:\Users\Simon\Downloads\Adobe.CS6.Master.Collection-milkman
2012-11-04 17:40 - 2012-07-23 18:35 - 00000000 ____D C:\Users\Simon\Downloads\Adobe Premiere Pro CS6 (64 Bit) - Cool Release
2012-11-04 17:35 - 2012-11-04 17:35 - 00016981 ____A C:\Users\Simon\Downloads\[isoHunt] Adobe CS6 Master Collection (1).torrent
2012-11-04 17:26 - 2012-11-04 17:26 - 00000616 ____A C:\Users\Simon\Downloads\ADOBE_CS6.0_MASTER_COLLECTION_WIN_OSX_KEYGEN-XFORCE.torrent
2012-11-04 17:26 - 2012-11-04 17:26 - 00000000 ____D C:\Users\Simon\Downloads\ADOBE_CS6.0_MASTER_COLLECTION_WIN_OSX_KEYGEN-XFORCE
2012-11-04 17:25 - 2012-11-04 17:25 - 00001706 ____A C:\Users\Simon\Downloads\Adobe_CS6_All_Products_Activator__x32___x64___2012_-MPT (1).torrent
2012-11-04 13:54 - 2012-11-04 13:54 - 00001166 ____A C:\Users\Public\Desktop\TeamViewer 7.lnk
2012-11-04 13:54 - 2012-11-04 13:54 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2012-11-04 13:52 - 2012-11-04 13:52 - 04939440 ____A (TeamViewer GmbH) C:\Users\Simon\Downloads\TeamViewer_Setup.exe
2012-11-04 13:50 - 2012-11-04 13:49 - 00000000 ____D C:\Users\All Users\Premium
2012-11-04 13:48 - 2012-11-04 13:48 - 00300936 ____A (Premium) C:\Users\Simon\Downloads\VaudiX.exe
2012-11-04 13:48 - 2012-11-04 13:48 - 00000000 ____D C:\Users\All Users\Vaudix
2012-11-04 11:40 - 2012-07-15 10:46 - 00000000 ____D C:\Users\Simon\AppData\Local\Apple Computer
2012-11-04 10:03 - 2012-11-04 10:03 - 00015872 ____A C:\Users\Simon\Downloads\seminarji.xls
2012-11-03 22:55 - 2012-11-03 22:55 - 00000000 ____D C:\Users\Simon\AppData\Roaming\Mozilla
2012-10-30 09:41 - 2012-10-30 09:41 - 00482816 ____H C:\Users\Simon\Downloads\~WRL2901.tmp
2012-10-28 17:33 - 2012-10-28 17:33 - 00056823 ____A C:\Users\Simon\Downloads\Ice.Age.4.Continental.Drift.2012.SLOSubs.DVDRip.XviD-DrSi.torrent
2012-10-27 00:37 - 2012-10-26 22:13 - 00000000 ____D C:\CS6
2012-10-26 22:09 - 2012-10-26 21:58 - 00000000 ____D C:\Users\Simon\Downloads\Project.X.2012.EXTENDED.SLOSubs.DVDRip.XviD-DrSi
2012-10-24 21:41 - 2012-10-24 21:41 - 00055176 ____A C:\Users\Simon\Downloads\Adobe.CS6.Master.Collection-milkman (1).torrent
2012-10-24 21:35 - 2012-10-24 21:35 - 00001845 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
2012-10-24 21:35 - 2012-10-24 21:35 - 00000000 ____D C:\Program Files (x86)\QuickTime
2012-10-24 21:34 - 2012-10-24 21:32 - 39483256 ____A (Apple Inc.) C:\Users\Simon\Downloads\QuickTimeInstaller.exe
2012-10-23 18:07 - 2012-10-23 18:06 - 16061064 ____A C:\Users\Simon\Downloads\getOrder_promo_mix.mp4
2012-10-22 11:33 - 2012-10-22 11:33 - 00000000 ____D C:\Users\All Users\Hewlett-Packard
2012-10-21 21:20 - 2012-10-21 21:20 - 00001043 ____A C:\Users\Simon\Desktop\Dropbox.lnk
2012-10-21 21:18 - 2012-10-21 21:18 - 05694794 ____A C:\Users\Simon\Downloads\template-discsurface.zip
2012-10-21 21:17 - 2012-10-21 21:16 - 17813784 ____A (Dropbox, Inc.) C:\Users\Simon\Downloads\Dropbox 1.4.17.exe

ZeroAccess:
C:\Windows\Installer\{4a932166-9e69-a220-2dc9-039feeedcfac}
C:\Windows\Installer\{4a932166-9e69-a220-2dc9-039feeedcfac}\@
C:\Windows\Installer\{4a932166-9e69-a220-2dc9-039feeedcfac}\L
C:\Windows\Installer\{4a932166-9e69-a220-2dc9-039feeedcfac}\U
C:\Windows\Installer\{4a932166-9e69-a220-2dc9-039feeedcfac}\L\00000004.@
C:\Windows\Installer\{4a932166-9e69-a220-2dc9-039feeedcfac}\L\201d3dde
C:\Windows\Installer\{4a932166-9e69-a220-2dc9-039feeedcfac}\L\55490ac4
C:\Windows\Installer\{4a932166-9e69-a220-2dc9-039feeedcfac}\U\00000004.@
C:\Windows\Installer\{4a932166-9e69-a220-2dc9-039feeedcfac}\U\00000008.@
C:\Windows\Installer\{4a932166-9e69-a220-2dc9-039feeedcfac}\U\000000cb.@
C:\Windows\Installer\{4a932166-9e69-a220-2dc9-039feeedcfac}\U\80000000.@
C:\Windows\Installer\{4a932166-9e69-a220-2dc9-039feeedcfac}\U\80000032.@
C:\Windows\Installer\{4a932166-9e69-a220-2dc9-039feeedcfac}\U\80000064.@

ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 50BEA589F7D7958BDD2528A8F69D05CC ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Restore Points =========================


==================== Memory info ===========================

Percentage of memory in use: 24%
Total physical RAM: 8086.17 MB
Available physical RAM: 6103.46 MB
Total Pagefile: 16170.53 MB
Available Pagefile: 14007.01 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB

==================== Partitions =============================

1 Drive c: () (Fixed) (Total:390.62 GB) (Free:100.36 GB) NTFS
2 Drive d: () (Fixed) (Total:288.38 GB) (Free:38.71 GB) NTFS
3 Drive e: (GSP1RMCPRXFRER_EN_DVD) (CDROM) (Total:3.09 GB) (Free:0 GB) UDF
5 Drive g: () (Removable) (Total:7.44 GB) (Free:3.45 GB) FAT32

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 698 GB 0 B
Disk 1 Online 7638 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 101 MB 31 KB
Partition 2 Primary 19 GB 104 MB
Partition 3 Primary 288 GB 19 GB
Partition 4 Primary 390 GB 308 GB

==================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

There is no volume associated with this partition.

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 RECOVERY NTFS Partition 19 GB Healthy System (partition with boot components)

=========================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 D NTFS Partition 288 GB Healthy

=========================================================

Disk: 0
Partition 4
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 C NTFS Partition 390 GB Healthy Boot

=========================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7634 MB 4032 KB

==================================================================================

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 6 G FAT32 Removable 7634 MB Healthy

=========================================================

Last Boot: 2012-11-15 01:23

==================== End Of Log =============================
 
Welcome aboard
yahooo.gif


Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
 
Malwarebytes Anti-Malware (Trial) 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.20.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Simon :: SIMON-LAPTOP [administrator]

Protection: Enabled

20.11.2012 17:35:53
mbam-log-2012-11-20 (17-35-53).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 226177
Time elapsed: 4 minute(s), 14 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 7
C:\Users\Simon\AppData\Local\Temp\Rar$EXa0.403\Adobe CS6 All Products Activator (x32 & x64)\adobe.cs6.all.products.activator.(x32.y.x64)_up01-MPT.exe (PUP.Hacktool.Patcher) -> Quarantined and deleted successfully.
C:\Users\Simon\Downloads\VaudiX.exe (Affiliate.Downloader) -> Quarantined and deleted successfully.
C:\Users\Simon\Local Settings\Temporary Internet Files\Content.IE5\QPONUTMJ\agent_setup[1].exe (Affiliate.Downloader) -> Quarantined and deleted successfully.
C:\Users\Simon\Local Settings\Temporary Internet Files\Content.IE5\QPONUTMJ\uninstaller[1].exe (Affiliate.Downloader) -> Quarantined and deleted successfully.
C:\Users\Simon\Local Settings\Temporary Internet Files\Content.IE5\X85TT6F8\5096643e47b9f[1].exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\Installer\{4a932166-9e69-a220-2dc9-039feeedcfac}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.
C:\Windows\Installer\{4a932166-9e69-a220-2dc9-039feeedcfac}\U\000000cb.@ (Rootkit.0Access) -> Quarantined and deleted successfully.

(end)

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16455
Run by Simon at 17:54:58 on 2012-11-20
Microsoft Windows 7 Professional 6.1.7601.1.1250.386.1033.18.8086.5274 [GMT 1:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
c:\xampp\apache\bin\httpd.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\xampp\apache\bin\httpd.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
c:\xampp\mysql\bin\mysqld.exe
C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
"C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\System32\M-AudioTaskBarIcon.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Users\Simon\AppData\Local\Akamai\netsession_win.exe
C:\Users\Simon\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Users\Simon\AppData\Local\Akamai\netsession_win.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Users\Simon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Simon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Simon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Simon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Simon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Simon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Simon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Simon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Simon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Simon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Simon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Simon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Simon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Simon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Simon\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Users\Simon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.com/
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL
BHO: Microsoft SPFS Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
uRun: [Google Update] "C:\Users\Simon\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [AdobeBridge] <no file>
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [HF_G_Jul] "C:\Program Files (x86)\AVG Secure Search\HF_G_Jul.exe" /DoAction
mRun: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
StartupFolder: C:\Users\Simon\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Simon\AppData\Roaming\Dropbox\bin\Dropbox.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~1\Office15\EXCEL.EXE/3000
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
LSP: mswsock.dll
Trusted Zone: dell.com
TCP: NameServer = 10.0.0.1
TCP: Interfaces\{546D3127-7DF7-427C-8160-F67FA42CFCD2} : DHCPNameServer = 10.0.0.1
TCP: Interfaces\{546D3127-7DF7-427C-8160-F67FA42CFCD2}\3596E6B6F6 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{546D3127-7DF7-427C-8160-F67FA42CFCD2}\67C61646F6 : DHCPNameServer = 84.255.209.79 84.255.210.79 10.6.112.4
TCP: Interfaces\{546D3127-7DF7-427C-8160-F67FA42CFCD2}\8696F557E6966756273756 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{546D3127-7DF7-427C-8160-F67FA42CFCD2}\D657765627C696 : DHCPNameServer = 212.103.128.66 212.103.128.67
TCP: Interfaces\{9B5090E1-E1AD-424B-826D-96D4E9FB292D} : DHCPNameServer = 10.0.0.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll
AppInit_DLLs= c:\windows\syswow64\nvinit.dll
SSODL: WebCheck - <orphaned>
x64-BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX3
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [NVHotkey] rundll32.exe C:\Windows\System32\nvHotkey.dll,Start
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [IntelPAN] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray
x64-Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
x64-Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
x64-Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
x64-Run: [M-Audio Taskbar Icon] C:\Windows\System32\M-AudioTaskBarIcon.exe
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll
x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-4-19 28480]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-1-31 36944]
R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2012-7-10 28992]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-8-22 56208]
R0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\Windows\System32\drivers\stdcfltn.sys [2012-7-10 21616]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-7-26 291680]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2011-12-23 47696]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-8-24 384352]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-8-27 30568]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2012-7-15 283200]
R1 nvkflt;nvkflt;C:\Windows\System32\drivers\nvkflt.sys [2012-7-10 249152]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2012-7-10 98208]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-9-15 1166848]
R2 Apache2.4;Apache2.4;C:\xampp\apache\bin\httpd.exe [2012-6-6 22016]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-8-13 5167736]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
R2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-6-3 134928]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-7-10 13336]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-11-20 399432]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-11-20 676936]
R2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe [2012-4-11 204304]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-11-3 381248]
R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-11-4 2848168]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2010-11-29 16120]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-7-10 2656280]
R2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [2012-11-8 711112]
R3 Acceler;Accelerometer Service;C:\Windows\System32\drivers\Accelern.sys [2012-7-10 27760]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;C:\Windows\System32\drivers\AmpPal.sys [2011-9-15 299008]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2011-12-23 124496]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\System32\drivers\avgidsfiltera.sys [2011-12-23 29776]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-7-10 317440]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-11-20 25928]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2011-9-13 95744]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2011-9-13 212992]
R3 qicflt;upper Device Filter Driver;C:\Windows\System32\drivers\qicflt.sys [2012-7-10 29288]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-7-10 565352]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;C:\Windows\System32\drivers\AmpPal.sys [2011-9-15 299008]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]
S3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2012-7-10 174168]
S3 MAUSBFASTTRACKPRO;Service for M-Audio FastTrack Pro;C:\Windows\System32\drivers\MAudioFastTrackPro.sys [2010-12-7 187912]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-9-15 340240]
S3 NMgamingmsFltr;USB Optical Mouse;C:\Windows\System32\drivers\NMgamingms.sys [2009-7-24 11264]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2012-6-23 178784]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-7-14 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
.
=============== File Associations ===============
.
FileExt: .js: jsfile="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS6\Dreamweaver.exe","%1"
ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS6\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2012-11-20 16:34:45--------d-----w-C:\Users\Simon\AppData\Roaming\Malwarebytes
2012-11-20 16:34:38--------d-----w-C:\ProgramData\Malwarebytes
2012-11-20 16:34:3725928----a-w-C:\Windows\System32\drivers\mbam.sys
2012-11-20 16:34:37--------d-----w-C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-11-20 11:44:38--------d-----w-C:\FRST
2012-11-19 07:34:27--------d-----w-C:\Program Files (x86)\Verimatrix
2012-11-18 20:58:57--------d-sh--w-C:\Windows\SysWow64\%APPDATA%
2012-11-18 20:47:09--------d-----w-C:\Windows\System32\appmgmt
2012-11-18 20:24:3173656----a-w-C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-18 20:24:31697272----a-w-C:\Windows\SysWow64\FlashPlayerApp.exe
2012-11-18 19:47:34220160----a-w-C:\ProgramData\Microsoft\Media Tools\MediaIconsOverlays.dll
2012-11-18 19:47:26--------d-----w-C:\Program Files (x86)\Mega Codec Pack
2012-11-18 19:05:30696832----a-w-C:\Windows\System32\xvidcore.dll
2012-11-18 19:05:30645632----a-w-C:\Windows\SysWow64\xvidcore.dll
2012-11-18 19:05:30255488----a-w-C:\Windows\System32\xvidvfw.dll
2012-11-18 19:05:30240640----a-w-C:\Windows\SysWow64\xvidvfw.dll
2012-11-18 19:05:30173568----a-w-C:\Windows\System32\xvid.ax
2012-11-18 19:05:30153088----a-w-C:\Windows\SysWow64\xvid.ax
2012-11-18 19:05:27--------d-----w-C:\Program Files (x86)\Xvid
2012-11-14 02:05:259728----a-w-C:\Windows\System32\Wdfres.dll
2012-11-14 02:05:25785512----a-w-C:\Windows\System32\drivers\Wdf01000.sys
2012-11-14 02:05:2554376----a-w-C:\Windows\System32\drivers\WdfLdr.sys
2012-11-14 02:05:252560----a-w-C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2012-11-14 02:00:3987040----a-w-C:\Windows\System32\drivers\WUDFPf.sys
2012-11-14 02:00:39198656----a-w-C:\Windows\System32\drivers\WUDFRd.sys
2012-11-14 02:00:3784992----a-w-C:\Windows\System32\WUDFSvc.dll
2012-11-14 02:00:3745056----a-w-C:\Windows\System32\WUDFCoinstaller.dll
2012-11-14 02:00:37194048----a-w-C:\Windows\System32\WUDFPlatform.dll
2012-11-14 02:00:36744448----a-w-C:\Windows\System32\WUDFx.dll
2012-11-14 02:00:36229888----a-w-C:\Windows\System32\WUDFHost.exe
2012-11-13 22:04:5895744----a-w-C:\Windows\System32\synceng.dll
2012-11-13 22:04:5878336----a-w-C:\Windows\SysWow64\synceng.dll
2012-11-10 15:36:39--------d-----w-C:\Users\Simon\AppData\Roaming\Dell
2012-11-10 15:36:32--------d-----w-C:\ProgramData\PC-Doctor for Windows
2012-11-10 15:36:31--------d-----w-C:\ProgramData\PCDr
2012-11-10 15:36:09--------d-----w-C:\Program Files\Dell Support Center
2012-11-10 15:32:31--------d-----w-C:\Users\Simon\AppData\Roaming\PCDr
2012-11-10 15:32:23--------d-----w-C:\temp
2012-11-10 14:59:36--------d-----w-C:\Users\Simon\AppData\Local\Akamai
2012-11-10 14:46:58--------d-----w-C:\Users\Simon\AppData\Roaming\Verimatrix
2012-11-10 14:46:49--------d-----w-C:\ProgramData\Verimatrix
2012-11-04 19:19:37--------d-----w-C:\ProgramData\ALM
2012-11-04 19:13:27--------d-----w-C:\Users\Simon\Adobe Flash Builder 4.6
2012-11-04 12:55:14--------d-----w-C:\Users\Simon\AppData\Roaming\TeamViewer
2012-11-04 12:54:13--------d-----w-C:\Program Files (x86)\TeamViewer
2012-11-04 12:50:06--------d-----w-C:\Program Files (x86)\VaudiX
2012-11-04 12:49:57--------d-----w-C:\ProgramData\Premium
2012-11-04 12:48:33--------d-----w-C:\ProgramData\Vaudix
2012-11-04 12:48:18--------d-----w-C:\ProgramData\InstallMate
2012-10-26 21:13:21--------d-----w-C:\CS6
2012-10-24 20:35:59159744----a-w-C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-10-24 20:35:59159744----a-w-C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-10-24 20:35:59159744----a-w-C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-10-24 20:35:59159744----a-w-C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-10-24 20:35:59159744----a-w-C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-10-24 20:35:59159744----a-w-C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-10-24 20:35:59159744----a-w-C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-10-22 10:33:37230400----a-w-C:\Windows\System32\Spool\prtprocs\x64\hpzppw71.dll
2012-10-21 20:20:12--------d-----r-C:\Users\Simon\Dropbox
2012-10-21 20:18:36--------d-----w-C:\Users\Simon\AppData\Roaming\Dropbox
.
==================== Find3M ====================
.
2012-11-08 22:55:5930568----a-w-C:\Windows\System32\drivers\avgtpx64.sys
2012-10-18 18:25:583149824----a-w-C:\Windows\System32\win32k.sys
2012-10-09 18:17:1355296----a-w-C:\Windows\System32\dhcpcsvc6.dll
2012-10-09 18:17:13226816----a-w-C:\Windows\System32\dhcpcore6.dll
2012-10-09 17:40:3144032----a-w-C:\Windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40:31193536----a-w-C:\Windows\SysWow64\dhcpcore6.dll
2012-10-08 11:31:032312704----a-w-C:\Windows\System32\jscript9.dll
2012-10-08 11:23:521392128----a-w-C:\Windows\System32\wininet.dll
2012-10-08 11:22:551494528----a-w-C:\Windows\System32\inetcpl.cpl
2012-10-08 11:18:22173056----a-w-C:\Windows\System32\ieUnatt.exe
2012-10-08 11:17:35599040----a-w-C:\Windows\System32\vbscript.dll
2012-10-08 11:13:332382848----a-w-C:\Windows\System32\mshtml.tlb
2012-10-08 07:56:241800704----a-w-C:\Windows\SysWow64\jscript9.dll
2012-10-08 07:48:031129472----a-w-C:\Windows\SysWow64\wininet.dll
2012-10-08 07:47:441427968----a-w-C:\Windows\SysWow64\inetcpl.cpl
2012-10-08 07:44:05142848----a-w-C:\Windows\SysWow64\ieUnatt.exe
2012-10-08 07:43:21420864----a-w-C:\Windows\SysWow64\vbscript.dll
2012-10-08 07:40:562382848----a-w-C:\Windows\SysWow64\mshtml.tlb
2012-10-03 17:56:541914248----a-w-C:\Windows\System32\drivers\tcpip.sys
2012-10-03 17:44:2170656----a-w-C:\Windows\System32\nlaapi.dll
2012-10-03 17:44:21303104----a-w-C:\Windows\System32\nlasvc.dll
2012-10-03 17:44:17246272----a-w-C:\Windows\System32\netcorehc.dll
2012-10-03 17:44:1718944----a-w-C:\Windows\System32\netevent.dll
2012-10-03 17:44:16216576----a-w-C:\Windows\System32\ncsi.dll
2012-10-03 17:42:16569344----a-w-C:\Windows\System32\iphlpsvc.dll
2012-10-03 16:42:2418944----a-w-C:\Windows\SysWow64\netevent.dll
2012-10-03 16:42:24175104----a-w-C:\Windows\SysWow64\netcorehc.dll
2012-10-03 16:42:23156672----a-w-C:\Windows\SysWow64\ncsi.dll
2012-10-03 16:07:2645568----a-w-C:\Windows\System32\drivers\tcpipreg.sys
2012-09-20 14:02:061832760----a-w-C:\Windows\System32\LogiLDA.DLL
2012-09-14 19:19:292048----a-w-C:\Windows\System32\tzres.dll
2012-09-14 18:28:532048----a-w-C:\Windows\SysWow64\tzres.dll
2012-08-31 18:19:351659760----a-w-C:\Windows\System32\drivers\ntfs.sys
2012-08-30 18:03:455559664----a-w-C:\Windows\System32\ntoskrnl.exe
2012-08-30 17:12:023968880----a-w-C:\Windows\SysWow64\ntkrnlpa.exe
2012-08-30 17:12:023914096----a-w-C:\Windows\SysWow64\ntoskrnl.exe
2012-08-24 18:05:07220160----a-w-C:\Windows\System32\wintrust.dll
2012-08-24 16:57:48172544----a-w-C:\Windows\SysWow64\wintrust.dll
2012-08-24 13:43:16384352----a-w-C:\Windows\System32\drivers\avgtdia.sys
2012-08-22 18:12:40950128----a-w-C:\Windows\System32\drivers\ndis.sys
2012-08-22 18:12:40376688----a-w-C:\Windows\System32\drivers\netio.sys
2012-08-22 18:12:33288624----a-w-C:\Windows\System32\drivers\FWPKCLNT.SYS
.
============= FINISH: 17:55:28,31 ===============
 

Attachments

  • attach.zip
    2.4 KB · Views: 0
Please observe forum rules.
All logs have to be pasted not attached.
Paste Attach.txt into your next reply.

Then...

Create new restore point before proceeding with the next step....
How to:
- Windows 8: http://www.vikitech.com/11302/system-restore-windows-8
- Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
- Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
- XP: http://support.microsoft.com/kb/948247

********************************************

Download Malwarebytes Anti-Rootkit (MBAR) from HERE
  • Unzip downloaded file.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
 
Status
Not open for further replies.

Similar threads

E
Solved Svchost.exe launching multiple iexplore.exe - unknown cause
Replies
23
Views
3K
Broni
Broni
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni
R
Solved Data Hijacking, Help Please
2
Replies
37
Views
5K
Broni
Broni

Latest posts

Back