Solved Infection: sirefef.r, sirefef.ab, sirefef.ah

[sapphireX]

hello, hi Techspot,
I currently have a problem with the sirefef.r, sirefef.ab and sirefef.ah.
when windows start it say critical error restart in one minutes.
I'm using Windows 7, 32-bit. currently I online in Ubuntu 11.04 (dual boot)
hope these infection can be resolve.
thank you in advance

 

[Jay Pfoutz]

Hello, and welcome to TechSpot.

Please see here for the board rules and other FAQ.

Please feel free to introduce yourself, after you follow the steps below to get started.

Information

• From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
• Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
• If you have already asked for help somewhere, please post the link to the topic you were helped.
• We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
• Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

Download Farbar Recovery Scan Tool and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

• Restart the computer.
• As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
• Use the arrow keys to select the Repair your computer menu item.
• Choose your language settings, and then click Next.
• Select the operating system you want to repair, and then click Next.
• Select your user account and click Next.

To enter System Recovery Options by using Windows installation disc:

• Insert the installation disc.
• Restart your computer.
• If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
• Click Repair your computer.
• Choose your language settings, and then click Next.
• Select the operating system you want to repair, and then click Next.
• Select your user account an click Next.

On the System Recovery Options menu you will get the following options:

• • Startup Repair
    System Restore
    Windows Complete PC Restore
    Windows Memory Diagnostic Tool
    Command Prompt
• Select Command Prompt
• In the command window type in notepad and press Enter.
• The notepad opens. Under File menu select Open.
• Select "Computer" and find your flash drive letter and close the notepad.
• In the command window type e:\frst.exe and press Enter
  Note: Replace letter e with the drive letter of your flash drive.
• The tool will start to run.
• When the tool opens click Yes to the disclaimer.
• Place a check next to List Drivers MD5 as well as the default check marks that are already there
• Press Scan button.
• type exit and reboot the computer normally
• FRST will make a log (FRST.txt) on the flash drive, please copy and paste the log in your reply.

 

[sapphireX]

This is the log at FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 07-07-2012 03
Ran by SYSTEM at 08-07-2012 20:17:35
Running from G:\
Windows 7 Ultimate (X86) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [NBAgent] "C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart [1234216 2010-03-25] (Nero AG)
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [135168 2009-09-02] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [167424 2009-09-02] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [144384 2009-09-02] (Intel Corporation)
HKLM\...\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming [1352272 2010-10-28] (Logitech, Inc.)
HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s [10828392 2011-08-26] (Realtek Semiconductor)
HKLM\...\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-12] (Microsoft Corporation)
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-09-26] (Apple Inc.)
HKLM\...\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe [1163272 2009-06-22] (Dritek System Inc.)
HKLM\...\Run: [BtTray] "C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe" [278016 2009-02-27] ()
HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2012-03-27] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-01] (Adobe Systems Incorporated)
HKLM\...\Run: [Simpo PDF Creator Pro Server] "C:\Program Files\Simpo PDF Creator Pro\SpcProSrv.exe" [101376 2010-12-11] (Simpo Technologies)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [931200 2012-03-26] (Microsoft Corporation)
HKU\SYAH\...\Run: [Akamai NetSession Interface] "C:\Users\SYAH\AppData\Local\Akamai\netsession_win.exe" [4327744 2012-05-25] (Akamai Technologies, Inc)
HKU\SYAH\...\Run: [googletalk] C:\Users\SYAH\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart [3739648 2007-01-01] (Google)
HKU\SYAH\...\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet [6591800 2012-02-22] (Yahoo! Inc.)
HKU\SYAH\...\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot [3437976 2011-10-24] (Tonec Inc.)
HKU\SYAH\...\Run: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE" [718720 2011-07-21] (Microsoft Corporation)
HKU\SYAH\...\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun [3672384 2012-04-11] (DT Soft Ltd)
HKU\SYAH\...\Run: [GoogleDriveSync] "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart [x]
HKU\SYAH\...\Run: [Connectify] C:\Program Files\Connectify\Connectify.exe [4116296 2012-05-02] (Connectify)
HKU\SYAH\...\Run: [XSECVA] C:\Users\SYAH\AppData\Roaming\xsecva\xsecva.exe -s [130048 2012-07-07] ()
HKU\SYAH\...\CurrentVersion\Windows: [Load] C:\TCWIN45\PIPELINE\remind.exe
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Startup: C:\Users\SYAH\Start Menu\Programs\Startup\Stardock ObjectDock.lnk
ShortcutTarget: Stardock ObjectDock.lnk -> C:\Program Files\Stardock\ObjectDockPlus2\ObjectDock.exe (Stardock)

================================ Services (Whitelisted) ==================

3 1394hub; C:\Windows\System32\svchost.exe -k netsvcs [20992 2009-07-13] (Microsoft Corporation)
2 AIPS; C:\Program Files\netcut\services\AIPS.exe [262144 2011-07-28] (Arcai.com)
2 BlueSoleilCS; C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe [850432 2009-02-27] ()
3 BsHelpCS; C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe [98407 2009-02-27] ()
2 BsMobileCS; C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe [143467 2009-02-27] ()
2 Change Modem Device Service; "C:\Windows\system32\ChgService.exe" -service [135168 2009-04-20] ()
2 Connectify; C:\Program Files\Connectify\ConnectifyService.exe [65536 2012-05-02] ()
2 eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [20992 2009-07-13] (Microsoft Corporation)
2 fsproflt; C:\Windows\system32\fsproflt.exe [73392 2009-03-08] (FSPro Labs)
2 HFGService; C:\Windows\System32\HFGService.dll [356864 2006-11-19] (CSR, plc)
2 NAUpdate; "C:\Program Files\Nero\Update\NASvc.exe" [490280 2010-03-24] (Nero AG)
3 npggsvc; C:\Windows\system32\GameMon.des -service [3739080 2010-08-29] (INCA Internet Co., Ltd.)
3 ose; "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE" [149352 2010-01-09] (Microsoft Corporation)
3 osppsvc; "C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE" [4640000 2010-01-09] (Microsoft Corporation)
2 UCStream; C:\Program Files\UCStream\UCStream.exe [57344 2011-11-16] ()
2 VMAuthdService; "C:\Program Files\VMware\VMware Player\vmware-authd.exe" [79872 2011-11-13] (VMware, Inc.)
2 VMnetDHCP; C:\Windows\system32\vmnetdhcp.exe [354416 2011-11-13] (VMware, Inc.)
2 VMUSBArbService; "C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe" [665200 2011-08-29] (VMware, Inc.)
2 VMware NAT Service; C:\Windows\system32\vmnat.exe [433264 2011-11-13] (VMware, Inc.)
2 Akamai; c:\program files\common files\akamai/netsession_win_80c2ffa.dll [x]
2 MsMpSvc; "c:\Program Files\Microsoft Security Client\MsMpEng.exe" [x]
3 NisSrv; "c:\Program Files\Microsoft Security Client\NisSrv.exe" [x]
3 rpcapd; "C:\Program Files\WinPcap\rpcapd.exe" -d -f "C:\Program Files\WinPcap\rpcapd.ini" [x]

========================== Drivers (Whitelisted) =============

3 Andbus; C:\Windows\System32\DRIVERS\lgandbus.sys [14336 2010-12-06] (LG Electronics Inc.)
3 AndDiag; C:\Windows\System32\DRIVERS\lganddiag.sys [20736 2010-12-06] (LG Electronics Inc.)
3 AndGps; C:\Windows\System32\DRIVERS\lgandgps.sys [20096 2010-12-06] (LG Electronics Inc.)
3 ANDModem; C:\Windows\System32\DRIVERS\lgandmodem.sys [25088 2010-12-06] (LG Electronics Inc.)
3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag.sys [23296 2011-04-08] (LG Electronics Inc.)
3 AndNetGps; C:\Windows\System32\DRIVERS\lgandnetgps.sys [22400 2011-04-08] (LG Electronics Inc.)
3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem.sys [28160 2011-04-08] (LG Electronics Inc.)
3 andnetndis; C:\Windows\System32\DRIVERS\lgandnetndis.sys [72192 2011-04-08] (LG Electronics Inc.)
3 androidusb; C:\Windows\System32\Drivers\lgandadb.sys [25728 2010-08-02] (Google Inc)
3 apf001; \??\C:\Windows\system32\apf001.sys [13232 2012-01-24] ()
1 blbdrive; C:\Windows\System32\DRIVERS\BLBDRIVE.SYS [35328 2011-11-01] ()
3 Bridge; C:\Windows\System32\DRIVERS\bridge.sys [78336 2009-07-13] (Microsoft Corporation)
3 Btcsrusb; C:\Windows\System32\Drivers\btcusb.sys [39304 2009-01-03] (IVT Corporation.)
3 BthAudioHF; C:\Windows\System32\DRIVERS\BthAudioHF.sys [29184 2006-11-19] (CSR, plc)
3 bthav; C:\Windows\System32\drivers\bthav.sys [36352 2006-10-11] (CSR, plc)
3 BthAvrcp; C:\Windows\System32\DRIVERS\BthAvrcp.sys [12800 2006-10-11] (CSR, plc)
0 BtHidBus; C:\Windows\System32\Drivers\BtHidBus.sys [20744 2009-01-07] (IVT Corporation.)
3 btnetBUs; C:\Windows\System32\Drivers\btnetBus.sys [30088 2008-12-06] ()
3 BTNetFilter; \??\C:\Program Files\IVT Corporation\BlueSoleil\Device\Win2k\BTNetFilter.sys [22416 2006-11-21] (IVT Corporation.)
3 cmnsusbser; C:\Windows\System32\DRIVERS\cmnsusbser.sys [103424 2008-10-31] (Mobile Connector)
1 cnnctfy2; C:\Windows\System32\DRIVERS\cnnctfy2.sys [27248 2011-10-28] (Connectify)
3 DKbFltr; C:\Windows\System32\DRIVERS\DKbFltr.sys [21000 2009-03-25] (Dritek System Inc.)
1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2012-04-15] (DT Soft Ltd)
0 FSProFilter; C:\Windows\System32\Drivers\FSPFltd.sys [43792 2008-06-05] (FSPro Labs)
0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-03] ()
2 hcmon; \??\C:\Windows\system32\drivers\hcmon.sys [32496 2011-08-29] (VMware, Inc.)
3 hwdatacard; C:\Windows\System32\DRIVERS\ewusbmdm.sys [102784 2008-12-12] (Huawei Technologies Co., Ltd.)
3 hwusbfake; C:\Windows\System32\DRIVERS\ewusbfake.sys [103040 2008-12-29] (Huawei Technologies Co., Ltd.)
2 IDMWFP; C:\Windows\System32\DRIVERS\idmwfp.sys [89376 2011-07-06] (Tonec Inc.)
3 IvtBtBUs; C:\Windows\System32\Drivers\IvtBtBus.sys [26248 2008-07-01] (IVT Corporation.)
3 JMCR; C:\Windows\System32\DRIVERS\jmcr.sys [116136 2009-07-20] (JMicron Technology Corporation)
3 KMWDFILTERx86; C:\Windows\System32\DRIVERS\KMWDFILTER.sys [25088 2009-04-28] (Windows (R) Codename Longhorn DDK provider)
3 L1E; C:\Windows\System32\DRIVERS\L1E62x86.sys [48640 2009-08-22] (Atheros Communications, Inc.)
3 LgBttPort; C:\Windows\System32\DRIVERS\lgbtport.sys [12160 2009-09-28] (LG Electronics Inc.)
3 lgbusenum; C:\Windows\System32\DRIVERS\lgbtbus.sys [10496 2009-09-28] (LG Electronics Inc.)
3 LGVMODEM; C:\Windows\System32\DRIVERS\lgvmodem.sys [12928 2009-09-28] (LG Electronics Inc.)
3 LUsbFilt; C:\Windows\System32\Drivers\LUsbFilt.Sys [28624 2010-08-24] (Logitech, Inc.)
0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [171064 2012-03-20] (Microsoft Corporation)
3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [657408 2009-07-13] (Ralink Technology Corp.)
3 NETwNs32; C:\Windows\System32\DRIVERS\NETwNs32.sys [7430144 2010-11-08] (Intel Corporation)
2 NPF; C:\Windows\System32\drivers\npf.sys [35088 2010-06-25] (CACE Technologies, Inc.)
3 NPPTNT2; \??\C:\Windows\system32\npptNT2.sys [4682 2005-01-03] (INCA Internet Co., Ltd.)
3 NSNDIS5; \??\C:\Windows\system32\NSNDIS5.SYS [17280 2004-03-23] (Printing Communications Assoc., Inc. (PCAUSA))
3 pwdrvio; \??\C:\Windows\system32\pwdrvio.sys [16472 2011-05-05] ()
3 pwdspio; \??\C:\Windows\system32\pwdspio.sys [11104 2011-05-05] ()
2 Sentinel; C:\Windows\System32\Drivers\SENTINEL.SYS [76288 2004-05-13] (Rainbow Technologies, Inc.)
0 speedfan; C:\Windows\System32\speedfan.sys [25240 2011-03-18] (Almico Software)
3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [25984 2009-12-11] (The OpenVPN Project)
3 VComm; C:\Windows\System32\DRIVERS\VComm.sys [14856 2008-01-21] (IVT Corporation.)
3 VcommMgr; C:\Windows\System32\Drivers\VcommMgr.sys [31880 2009-01-07] (IVT Corporation.)
3 VHidMinidrv; C:\Windows\System32\drivers\VHIDMini.sys [17416 2008-12-21] (IVT Corporation.)
3 vmkbd; \??\C:\Windows\system32\drivers\VMkbd.sys [25584 2011-11-13] (VMware, Inc.)
3 VMnetAdapter; C:\Windows\System32\DRIVERS\vmnetadapter.sys [16624 2011-11-13] (VMware, Inc.)
2 VMnetBridge; C:\Windows\System32\DRIVERS\vmnetbridge.sys [36464 2011-11-13] (VMware, Inc.)
2 VMnetuserif; \??\C:\Windows\system32\drivers\vmnetuserif.sys [25712 2011-11-13] (VMware, Inc.)
3 vmusb; C:\Windows\System32\Drivers\vmusb.sys [31280 2011-08-29] (VMware, Inc.)
2 vmx86; \??\C:\Windows\system32\Drivers\vmx86.sys [55664 2011-11-13] (VMware, Inc.)
3 WmBEnum; C:\Windows\System32\drivers\WmBEnum.sys [22856 2010-04-27] (Logitech Inc.)
3 WmFilter; C:\Windows\System32\drivers\WmFilter.sys [37704 2010-04-26] (Logitech Inc.)
3 WmVirHid; C:\Windows\System32\drivers\WmVirHid.sys [15048 2010-04-27] (Logitech Inc.)
3 WmXlCore; C:\Windows\System32\drivers\WmXlCore.sys [66632 2010-04-27] (Logitech Inc.)
1 aoxzfpti; \??\C:\Windows\system32\drivers\aoxzfpti.sys [x]
1 ayeueffp; \??\C:\Windows\system32\drivers\ayeueffp.sys [x]
3 BT; C:\Windows\System32\DRIVERS\btnetdrv.sys [x]
3 BTCOM; C:\Windows\System32\DRIVERS\btcomport.sys [x]
3 BTCOMBUS; C:\Windows\System32\Drivers\btcombus.sys [x]
3 BzeekDM; C:\Windows\System32\DRIVERS\drone.sys [x]
3 BzeekDP; C:\Windows\System32\DRIVERS\drone.sys [x]
1 cbhhguqg; \??\C:\Windows\system32\drivers\cbhhguqg.sys [x]
1 ccestdch; \??\C:\Windows\system32\drivers\ccestdch.sys [x]
3 cpuz135; \??\C:\Users\SYAH\AppData\Local\Temp\cpuz135\cpuz135_x32.sys [x]
3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [x]
1 ewvolyvb; \??\C:\Windows\system32\drivers\ewvolyvb.sys [x]
1 exauhrbn; \??\C:\Windows\system32\drivers\exauhrbn.sys [x]
1 fiohwgri; \??\C:\Windows\system32\drivers\fiohwgri.sys [x]
3 GarenaPEngine; \??\C:\Users\SYAH\AppData\Local\Temp\OIRB4B0.tmp [x]
3 GGSAFERDriver; \??\C:\Program Files\Garena\safedrv.sys [x]
1 ibwxyqpd; \??\C:\Windows\system32\drivers\ibwxyqpd.sys [x]
1 irtyrqto; \??\C:\Windows\system32\drivers\irtyrqto.sys [x]
1 kkfzsvms; \??\C:\Windows\system32\drivers\kkfzsvms.sys [x]
1 ksdcimkg; \??\C:\Windows\system32\drivers\ksdcimkg.sys [x]
1 lsgjtsaw; \??\C:\Windows\system32\drivers\lsgjtsaw.sys [x]
1 mihgearo; \??\C:\Windows\system32\drivers\mihgearo.sys [x]
1 mxaecdbf; \??\C:\Windows\system32\drivers\mxaecdbf.sys [x]
3 NANMp50; C:\Windows\System32\Drivers\NANMp50.sys [x]
3 NANSp50; C:\Windows\System32\Drivers\NANSp50.sys [x]
1 pityzfbl; \??\C:\Windows\system32\drivers\pityzfbl.sys [x]
1 pqldacck; \??\C:\Windows\system32\drivers\pqldacck.sys [x]
1 qstabewh; \??\C:\Windows\system32\drivers\qstabewh.sys [x]
1 qzpxtvtm; \??\C:\Windows\system32\drivers\qzpxtvtm.sys [x]
1 scmuoarn; \??\C:\Windows\system32\drivers\scmuoarn.sys [x]
1 svglmqvw; \??\C:\Windows\system32\drivers\svglmqvw.sys [x]
3 Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [x]
1 tmrwegig; \??\C:\Windows\system32\drivers\tmrwegig.sys [x]
3 tsusbhub; C:\Windows\System32\drivers\tsusbhub.sys [x]
1 ucfllsmn; \??\C:\Windows\system32\drivers\ucfllsmn.sys [x]
1 upqqassd; \??\C:\Windows\system32\drivers\upqqassd.sys [x]
1 uyupxfrj; \??\C:\Windows\system32\drivers\uyupxfrj.sys [x]
3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-07-07 08:24 - 2012-07-07 08:24 - 00000000 ____D C:\Users\S\AppData\Roaming\Macromedia
2012-07-07 08:24 - 2012-07-07 08:24 - 00000000 ____D C:\Users\S\AppData\Roaming\Adobe
2012-07-07 08:18 - 2012-07-07 08:18 - 00000000 ____D C:\Users\S\AppData\Roaming\Nero
2012-07-07 08:18 - 2012-07-07 08:18 - 00000000 ____D C:\Users\S\AppData\Roaming\Logitech
2012-07-07 08:18 - 2012-07-07 08:18 - 00000000 ____D C:\Users\S\AppData\Roaming\Apple Computer
2012-07-07 08:18 - 2012-07-07 08:18 - 00000000 ____D C:\Users\S\AppData\Local\bluesoleil
2012-07-07 08:17 - 2012-07-07 08:17 - 00000020 ___SH C:\Users\S\ntuser.ini
2012-07-07 08:17 - 2012-07-07 08:17 - 00000000 ____D C:\Users\S\AppData\Local\VirtualStore
2012-07-07 08:16 - 2012-07-07 08:17 - 00000000 ____D C:\users\S
2012-07-07 08:16 - 2012-05-08 03:33 - 00000000 ____D C:\Users\S\AppData\LocalGoogle
2012-07-07 08:16 - 2012-05-08 03:33 - 00000000 ____D C:\Users\S\AppData\Local\Google
2012-07-07 08:16 - 2011-08-18 07:55 - 00000000 ____D C:\Users\S\AppData\Local\Microsoft Help
2012-07-07 07:26 - 2012-07-07 07:27 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-07-07 00:52 - 2012-07-07 00:59 - 00000000 ____D C:\Users\SYAH\AppData\Roaming\xsecva
2012-07-07 00:05 - 2012-07-07 00:12 - 37310580 ____A C:\Users\SYAH\Downloads\JTTK.Kuryu.TH.rar
2012-07-02 06:55 - 2012-07-02 06:55 - 00000000 ____D C:\Users\SYAH\AppData\Roaming\Edraw Max
2012-07-02 06:54 - 2012-07-02 06:55 - 00000000 ____D C:\Program Files\Edraw Max
2012-07-02 06:27 - 2012-07-02 06:33 - 42171536 ____A (EdrawSoft ) C:\Users\SYAH\Downloads\edrawmax.exe
2012-07-02 05:29 - 2012-07-02 08:02 - 00000000 ____D C:\New folder (2)
2012-07-02 05:15 - 2012-07-02 05:15 - 01174959 ____A C:\Users\SYAH\Downloads\EzwanDVD.pptx
2012-06-25 07:09 - 2012-06-25 07:09 - 00029380 ____A C:\Users\SYAH\Downloads\preve150612.zip
2012-06-25 05:13 - 2012-06-02 14:19 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-25 05:13 - 2012-06-02 14:19 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-25 05:13 - 2012-06-02 14:19 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-25 05:13 - 2012-06-02 14:19 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-25 05:13 - 2012-06-02 14:19 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-25 05:13 - 2012-06-02 14:12 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-25 05:13 - 2012-06-02 14:12 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-25 05:13 - 2012-06-01 23:19 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-25 05:13 - 2012-06-01 23:12 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-13 05:03 - 2012-07-08 00:26 - 00000000 ____D C:\New folder
2012-06-13 04:22 - 2012-05-17 15:11 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-13 04:22 - 2012-05-17 14:48 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-13 04:22 - 2012-05-17 14:45 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-13 04:22 - 2012-05-17 14:36 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-13 04:22 - 2012-05-17 14:35 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-13 04:22 - 2012-05-17 14:35 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-13 04:22 - 2012-05-17 14:33 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-13 04:22 - 2012-05-17 14:31 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-13 04:22 - 2012-05-17 14:29 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-13 04:22 - 2012-05-17 14:29 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-13 04:22 - 2012-05-17 14:27 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-13 04:22 - 2012-05-17 14:25 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-13 04:22 - 2012-05-17 14:24 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-13 04:22 - 2012-05-17 14:20 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-13 04:22 - 2012-04-27 20:41 - 00919040 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll
2012-06-13 04:22 - 2012-04-27 19:17 - 00183808 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-06-13 04:21 - 2012-05-14 17:05 - 02343936 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-13 04:21 - 2012-04-25 20:45 - 00129536 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-06-13 04:21 - 2012-04-25 20:45 - 00058880 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-06-13 04:21 - 2012-04-25 20:41 - 00008192 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-06-12 14:31 - 2012-06-12 14:31 - 02074728 ____A (Acer Inc.) C:\Users\SYAH\Downloads\HWVendorDetection.exe
2012-06-12 13:41 - 2012-06-12 13:51 - 00000000 ____D C:\Aspire 4315
2012-06-11 04:08 - 2012-06-11 04:08 - 00000000 ____D C:\Users\SYAH\AppData\Local\Macromedia
2012-06-10 03:59 - 2012-06-10 04:00 - 08079675 ____A C:\Users\SYAH\Downloads\PYH_IY.rar


============ 3 Months Modified Files ========================

2012-07-08 04:11 - 2011-12-08 10:13 - 00005815 ____A C:\Windows\System32\LOCALSERVICE.INI
2012-07-08 04:11 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-08 04:11 - 2009-07-13 20:34 - 00023312 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-08 04:11 - 2009-07-13 20:34 - 00023312 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-08 04:11 - 2009-02-27 01:04 - 00000915 ____A C:\Windows\System32\bscs.ini
2012-07-08 04:10 - 2011-12-03 07:14 - 00037523 ____A C:\Windows\setupact.log
2012-07-08 01:43 - 2009-07-13 15:11 - 00259072 ____A (Microsoft Corporation) C:\Windows\System32\services.exe
2012-07-08 01:41 - 2011-03-15 08:15 - 00000878 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-07-07 15:00 - 2010-07-28 19:41 - 01508132 ____A C:\Windows\WindowsUpdate.log
2012-07-07 08:17 - 2012-07-07 08:17 - 00000020 ___SH C:\Users\S\ntuser.ini
2012-07-07 08:14 - 2011-03-15 08:15 - 00000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-07-07 07:34 - 2011-07-08 01:19 - 00000924 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1292417973-226250186-4237057250-1000UA.job
2012-07-07 07:29 - 2010-07-28 04:58 - 00799786 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-07 07:27 - 2011-08-17 02:56 - 00001945 ____A C:\Windows\epplauncher.mif
2012-07-07 00:57 - 2012-04-25 04:22 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-07-07 00:57 - 2011-05-19 17:40 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-07-07 00:12 - 2012-07-07 00:05 - 37310580 ____A C:\Users\SYAH\Downloads\JTTK.Kuryu.TH.rar
2012-07-07 00:04 - 2010-07-28 07:02 - 00000312 ____A C:\Users\SYAH\.packettracer
2012-07-06 19:34 - 2011-07-08 01:19 - 00000902 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1292417973-226250186-4237057250-1000Core.job
2012-07-02 06:33 - 2012-07-02 06:27 - 42171536 ____A (EdrawSoft ) C:\Users\SYAH\Downloads\edrawmax.exe
2012-07-02 05:15 - 2012-07-02 05:15 - 01174959 ____A C:\Users\SYAH\Downloads\EzwanDVD.pptx
2012-06-29 05:05 - 2009-07-13 20:53 - 00032652 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-06-25 07:09 - 2012-06-25 07:09 - 00029380 ____A C:\Users\SYAH\Downloads\preve150612.zip
2012-06-16 08:51 - 2011-07-19 18:59 - 00000600 ____A C:\Users\SYAH\PUTTY.RND
2012-06-13 04:36 - 2009-07-13 20:33 - 01757696 ____A C:\Windows\System32\FNTCACHE.DAT
2012-06-13 04:26 - 2010-07-31 08:42 - 56731752 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-06-12 14:31 - 2012-06-12 14:31 - 02074728 ____A (Acer Inc.) C:\Users\SYAH\Downloads\HWVendorDetection.exe
2012-06-10 04:00 - 2012-06-10 03:59 - 08079675 ____A C:\Users\SYAH\Downloads\PYH_IY.rar
2012-06-02 14:19 - 2012-06-25 05:13 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-25 05:13 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-25 05:13 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-25 05:13 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-25 05:13 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:12 - 2012-06-25 05:13 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:12 - 2012-06-25 05:13 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-01 23:19 - 2012-06-25 05:13 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-01 23:12 - 2012-06-25 05:13 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-01 08:37 - 2012-06-01 08:32 - 02275328 ____A C:\Users\SYAH\Downloads\SLA.ppt
2012-06-01 08:35 - 2012-06-01 08:34 - 00522388 ____A C:\Users\SYAH\Downloads\ITIL Tools.pptx
2012-06-01 07:45 - 2012-06-01 07:42 - 10288512 ____A (Microsoft Corporation) C:\Users\SYAH\Downloads\mseinstall.exe
2012-06-01 07:36 - 2012-01-27 18:07 - 00223194 ____A C:\Windows\PFRO.log
2012-05-23 10:07 - 2012-05-23 10:07 - 00005754 ____A C:\Users\SYAH\Downloads\Pretest Answer_Sashikumaran.txt
2012-05-19 10:48 - 2012-05-19 10:26 - 76595971 ____A C:\Users\SYAH\Downloads\kucing s01e19.rmvb
2012-05-19 08:06 - 2012-05-19 08:06 - 00000210 ____A C:\Users\SYAH\Downloads\g5xd5nic00000000.js
2012-05-19 07:50 - 2012-05-19 07:47 - 09765910 ____A C:\Users\SYAH\Downloads\kucingkilat.S01E20.rar
2012-05-17 15:11 - 2012-06-13 04:22 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-05-17 14:48 - 2012-06-13 04:22 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-05-17 14:45 - 2012-06-13 04:22 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-05-17 14:36 - 2012-06-13 04:22 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-05-17 14:35 - 2012-06-13 04:22 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-05-17 14:35 - 2012-06-13 04:22 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-05-17 14:33 - 2012-06-13 04:22 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-05-17 14:31 - 2012-06-13 04:22 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-05-17 14:29 - 2012-06-13 04:22 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-05-17 14:29 - 2012-06-13 04:22 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-05-17 14:27 - 2012-06-13 04:22 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-05-17 14:25 - 2012-06-13 04:22 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-05-17 14:24 - 2012-06-13 04:22 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-05-17 14:20 - 2012-06-13 04:22 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-05-17 04:34 - 2012-05-17 04:34 - 00001105 ____A C:\Users\Public\Desktop\Yahoo! Messenger.lnk
2012-05-17 04:19 - 2012-05-17 04:19 - 00424048 ____A (Yahoo! Inc.) C:\Users\SYAH\Downloads\msgr11us.exe
2012-05-14 17:05 - 2012-06-13 04:21 - 02343936 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-10 04:26 - 2012-01-06 10:21 - 00000989 ____A C:\Users\Public\Desktop\Connectify.lnk
2012-05-06 00:09 - 2012-05-06 00:09 - 00002479 ____A C:\Users\Public\Desktop\Safari.lnk
2012-04-30 07:41 - 2012-04-30 07:41 - 00001644 ____A C:\Users\SYAH\Desktop\Google Drive.lnk
2012-04-30 07:30 - 2012-04-30 07:30 - 00740088 ____A (Google Inc.) C:\Users\SYAH\Downloads\googledrivesync.exe
2012-04-28 07:35 - 2012-04-28 07:35 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2012-04-27 20:41 - 2012-06-13 04:22 - 00919040 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll
2012-04-27 19:17 - 2012-06-13 04:22 - 00183808 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-25 20:45 - 2012-06-13 04:21 - 00129536 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-04-25 20:45 - 2012-06-13 04:21 - 00058880 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-04-25 20:41 - 2012-06-13 04:21 - 00008192 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-04-23 08:38 - 2012-04-23 08:38 - 00000277 ____A C:\Windows\LkmdfCoInst.log
2012-04-23 08:38 - 2011-01-01 23:42 - 00016400 ____A (Logitech, Inc.) C:\Windows\System32\Drivers\LNonPnP.sys
2012-04-23 04:46 - 2012-04-23 04:46 - 00000989 ____A C:\Users\SYAH\Desktop\PhotoScape.lnk
2012-04-23 04:46 - 2012-04-23 04:46 - 00000989 ____A C:\Users\Guest\Desktop\PhotoScape.lnk
2012-04-22 11:23 - 2012-04-22 11:23 - 00027759 ____A C:\Users\SYAH\Downloads\loe_skil_list (1).ods
2012-04-15 21:08 - 2012-04-15 21:08 - 00001896 ____A C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2012-04-15 21:07 - 2012-04-15 21:07 - 00242240 ____A (DT Soft Ltd) C:\Windows\System32\Drivers\dtsoftbus01.sys
2012-04-12 23:34 - 2012-01-27 04:13 - 00001984 ____A C:\Users\Public\Desktop\Adobe Reader 9.lnk
2012-04-12 22:24 - 2012-04-12 22:24 - 00358912 ____A C:\Users\SYAH\Downloads\Edda+Skill+List+by+Ashla+(Lv.+41+)_1334269434.xls
2012-04-12 22:24 - 2012-04-12 22:24 - 00027759 ____A C:\Users\SYAH\Downloads\loe_skil_list.ods
2012-04-11 21:56 - 2009-07-13 18:04 - 00000663 ____A C:\Windows\win.ini


ZeroAccess:
C:\Windows\Installer\{6a394af4-d0fb-2174-0b3e-91bc48e8b8ec}
C:\Windows\Installer\{6a394af4-d0fb-2174-0b3e-91bc48e8b8ec}\@
C:\Windows\Installer\{6a394af4-d0fb-2174-0b3e-91bc48e8b8ec}\L
C:\Windows\Installer\{6a394af4-d0fb-2174-0b3e-91bc48e8b8ec}\n
C:\Windows\Installer\{6a394af4-d0fb-2174-0b3e-91bc48e8b8ec}\U
C:\Windows\Installer\{6a394af4-d0fb-2174-0b3e-91bc48e8b8ec}\L\00000004.@
C:\Windows\Installer\{6a394af4-d0fb-2174-0b3e-91bc48e8b8ec}\L\00000008.@
C:\Windows\Installer\{6a394af4-d0fb-2174-0b3e-91bc48e8b8ec}\U\00000008.@

ZeroAccess:
C:\Users\SYAH\AppData\Local\{6a394af4-d0fb-2174-0b3e-91bc48e8b8ec}
C:\Users\SYAH\AppData\Local\{6a394af4-d0fb-2174-0b3e-91bc48e8b8ec}\@
C:\Users\SYAH\AppData\Local\{6a394af4-d0fb-2174-0b3e-91bc48e8b8ec}\L
C:\Users\SYAH\AppData\Local\{6a394af4-d0fb-2174-0b3e-91bc48e8b8ec}\U

ZeroAccess:
C:\Windows\assembly\GAC\Desktop.ini

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe A302BBFF2A7278C0E239EE5D471D86A9 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 15%
Total physical RAM: 3002.01 MB
Available physical RAM: 2524.35 MB
Total Pagefile: 3000.29 MB
Available Pagefile: 2535.15 MB
Total Virtual: 2047.88 MB
Available Virtual: 1968.7 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:58.5 GB) (Free:5.89 GB) NTFS
2 Drive e: (SYAH) (Fixed) (Total:136.72 GB) (Free:2.38 GB) NTFS
4 Drive g: (KINGSTON) (Removable) (Total:1.86 GB) (Free:1.86 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
6 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.04 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 232 GB 1024 KB
Disk 1 Online 1906 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 58 GB 101 MB
Partition 3 Primary 136 GB 58 GB
Partition 0 Extended 37 GB 195 GB
Partition 4 Logical 3814 MB 195 GB
Partition 5 Logical 33 GB 199 GB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y System Rese NTFS Partition 100 MB Healthy

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 58 GB Healthy

==================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E SYAH NTFS Partition 136 GB Healthy

==================================================================================

Disk: 0
Partition 4
Type : 82
Hidden: Yes
Active: No

There is no volume associated with this partition.

==================================================================================

Disk: 0
Partition 5
Type : 83
Hidden: Yes
Active: No

There is no volume associated with this partition.

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
* Partition 1 Primary 1906 MB 0 B

==================================================================================

Disk: 1
There is no partition selected.

There is no partition selected.
Please select a partition and try again.

==================================================================================

==========================================================

Last Boot: 2012-06-23 08:22

======================= End Of Log ==========================

 

[Jay Pfoutz]

Need additional scan

I forgot this scan, please do this before we continue with fixes, otherwise we'll be wasting our time.

Once again, please boot to the System Recovery Options and run FRST, as done previously.

Type the following text in the blank box after Search:

services.exe

Click: Search file(s)

When done searching, FRST makes a log, Search.txt, on the C:\ drive.

Please provide the Search.txt in your reply.

 

[sapphireX]

This is from the Search.txt

Farbar Recovery Scan Tool Version: 07-07-2012 03
Ran by SYSTEM at 2012-07-09 03:55:21
Running from G:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe
[2009-07-13 15:11] - [2009-07-13 17:14] - 0259072 ____A (Microsoft Corporation) 5F1B6A9C35D3D5CA72D6D6FDEF9747D6

C:\Windows\System32\services.exe
[2009-07-13 15:11] - [2012-07-08 06:59] - 0259072 ____A (Microsoft Corporation) A302BBFF2A7278C0E239EE5D471D86A9

=== End Of Search ===

 

[Jay Pfoutz]

FRST Fixlist

Please run the following:

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
Replace: C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe c:\windows\system32\services.exe
C:\Windows\Installer\{6a394af4-d0fb-2174-0b3e-91bc48e8b8ec}
C:\Users\SYAH\AppData\Local\{6a394af4-d0fb-2174-0b3e-91bc48e8b8ec}
C:\Windows\assembly\GAC\Desktop.ini
end

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now, please enter System Recovery Options then select Command Prompt.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Now restart, let it boot normally and tell me how it went.


Virus Removal Tool

There are way too many drivers in your log that look unknown. We'll run this tool to scan whole files...

Save these instructions so you can have access to them while in Safe Mode.

Please click hereto download AVP Tool by Kaspersky.

• Save it to your desktop.
• Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
• Double click the setup file to run it.
• Click Next to continue.
• Accept the License agreement and click on next.
• It will, by default, install it to your desktop folder. Click Next.
• It will then open a box There will be a tab that says Automatic scan.
• Under Automatic scan make sure these are checked.

• [*]Hidden Startup Objects [*]System Memory [*]Disk Boot Sectors. [*]My Computer. [*]Also any other drives (Removable that you may have)

Leave the rest of the settings as they appear as default.

• Then click on Scan at the to right hand Corner.
• It will automatically Neutralize any objects found.
• If some objects are left un-neutralized then click the button that says Neutralize all
• If it says it cannot be neutralized then choose the delete option when prompted.
• After that is done click on the reports button at the bottom and save it to file name it Kas.
• Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.
  
  Note: This tool will self uninstall when you close it so please save the log before closing it.

 

[sapphireX]

This is the log from Fixlog.txt

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 07-07-2012 03
Ran by SYSTEM at 2012-07-10 07:09:36 Run:1
Running from G:\
==============================================
c:\windows\system32\services.exe moved successfully.
C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe copied successfully to c:\windows\system32\services.exe
C:\Windows\Installer\{6a394af4-d0fb-2174-0b3e-91bc48e8b8ec} moved successfully.
C:\Users\SYAH\AppData\Local\{6a394af4-d0fb-2174-0b3e-91bc48e8b8ec} moved successfully.
C:\Windows\assembly\GAC\Desktop.ini moved successfully.
==== End of Fixlog ====

After I reboot normally, my PC is ok (it not have the critical error message).
The virus removal tool log I will post after I download and scan it, sorry for the late reply.

 

[Jay Pfoutz]

No problems. I look forward to the log. Thanks! (y)

 

[sapphireX]

For the first scan in safe mode using virus removal tool, the laptop auto restart,
during the auto restart:
- progress bar still at 5% (scanning just start about half an hour)
- 5 threat detected
- I have click quarantine for some of the detected file

after the auto restart, I enter safe mode again and run the scan again,
this is the second scan result:

Status: Deleted (events: 31)
7/10/2012 9:49:51 PM Deleted Trojan program Trojan.Win32.Scar.glcd C:\Documents and Settings\SYAH\AppData\Roaming\xsecva\xsecva.exe High
7/10/2012 9:49:51 PM Deleted Trojan program Trojan.Win32.Scar.glcd C:\Documents and Settings\SYAH\AppData\Roaming\xsecva\xsecva.exe//ASPack High
7/10/2012 10:24:09 PM Deleted Trojan program Trojan.Win32.Miner.dw C:\FRST\Quarantine\{6a394af4-d0fb-2174-0b3e-91bc48e8b8ec}\L\00000008.@ High
7/10/2012 10:24:28 PM Deleted Trojan program Backdoor.Win32.ZAccess.mbt C:\FRST\Quarantine\{6a394af4-d0fb-2174-0b3e-91bc48e8b8ec}\U\00000004.@ High
7/10/2012 10:24:38 PM Deleted Trojan program Trojan-Dropper.Win32.Miner.I C:\FRST\Quarantine\{6a394af4-d0fb-2174-0b3e-91bc48e8b8ec}\U\00000008.@ High
7/10/2012 10:24:39 PM Deleted Trojan program Backdoor.Win32.ZAccess.mbs C:\FRST\Quarantine\{6a394af4-d0fb-2174-0b3e-91bc48e8b8ec}\U\000000cb.@ High
7/10/2012 10:24:46 PM Deleted Trojan program Trojan.Win32.Small.bmpj C:\FRST\Quarantine\{6a394af4-d0fb-2174-0b3e-91bc48e8b8ec}\U\80000000.@ High
7/10/2012 10:24:54 PM Deleted Trojan program Backdoor.Win32.ZAccess.ual C:\FRST\Quarantine\{6a394af4-d0fb-2174-0b3e-91bc48e8b8ec}\U\80000032.@ High
7/11/2012 4:38:55 AM Deleted Trojan program Trojan.Win32.Genome.xufj D:\Games\Flash 2\Flash Games 7 - (36-in-1)\Flash Games 7 - 36in1.exe High
7/11/2012 4:38:55 AM Deleted Trojan program Trojan.Win32.Genome.xufj D:\Games\Flash 2\Flash Games 7 - (36-in-1)\Flash Games 7 - 36in1.exe/AutoPlay/Docs/Logun S-16s.exe High
7/11/2012 4:38:56 AM Deleted Trojan program Trojan.Win32.Jorik.Zbot.no D:\Software\Duplicate File Detector 5.0.0\Duplicate.File.Detector.v5.0.0.rar High
7/11/2012 4:38:56 AM Deleted Trojan program Trojan.Win32.Jorik.Zbot.no D:\Software\Duplicate File Detector 5.0.0\Duplicate.File.Detector.v5.0.0.rar//Duplicate.File.Detector.v5.0.0/Cracked/dfd.exe High
7/11/2012 4:38:56 AM Deleted Trojan program Trojan.Win32.Jorik.Zbot.no D:\Software\Duplicate File Detector 5.0.0\Duplicate.File.Detector.v5.0.0.rar//Duplicate.File.Detector.v5.0.0/Cracked/dfd.exe//data0013.res High
7/11/2012 4:38:56 AM Deleted Trojan program Trojan.Win32.Jorik.Zbot.no D:\Software\Duplicate File Detector 5.0.0\Duplicate.File.Detector.v5.0.0.rar//Duplicate.File.Detector.v5.0.0/Cracked/dfd.exe//data0013.res//IMVRHR~1.EXE High
7/11/2012 4:38:56 AM Deleted Trojan program Trojan.Win32.Jorik.Zbot.no D:\Software\Duplicate File Detector 5.0.0\Duplicate.File.Detector.v5.0.0.rar//Duplicate.File.Detector.v5.0.0/Cracked/dfd.exe//data0000.cab High
7/11/2012 4:38:56 AM Deleted Trojan program Trojan.Win32.Jorik.Zbot.no D:\Software\Duplicate File Detector 5.0.0\Duplicate.File.Detector.v5.0.0.rar//Duplicate.File.Detector.v5.0.0/dfd_setup.exe High
7/11/2012 4:38:56 AM Deleted Trojan program Trojan.Win32.Jorik.Zbot.no D:\Software\Duplicate File Detector 5.0.0\Duplicate.File.Detector.v5.0.0.rar//Duplicate.File.Detector.v5.0.0/dfd_setup.exe//data0017.res High
7/11/2012 4:38:56 AM Deleted Trojan program Trojan.Win32.Jorik.Zbot.no D:\Software\Duplicate File Detector 5.0.0\Duplicate.File.Detector.v5.0.0.rar//Duplicate.File.Detector.v5.0.0/dfd_setup.exe//data0017.res//IFSOYW~1.EXE High
7/11/2012 4:38:56 AM Deleted Trojan program Trojan.Win32.Jorik.Zbot.no D:\Software\Duplicate File Detector 5.0.0\Duplicate.File.Detector.v5.0.0.rar//Duplicate.File.Detector.v5.0.0/dfd_setup.exe//data0000.cab High
7/11/2012 4:50:24 AM Deleted Trojan program Trojan.Win32.Swisyn.tpo D:\Software\Ubuntu\U\W7\7Loader for windows 7 Release 4.rar High
7/11/2012 4:50:24 AM Deleted Trojan program Trojan.Win32.Swisyn.tpo D:\Software\Ubuntu\U\W7\7Loader for windows 7 Release 4.rar//7Loader for windows 7 Release 4/7Loader Release 4.exe High
7/11/2012 4:50:36 AM Deleted Trojan program HEUR:Trojan.Win32.Generic D:\Software\Update\Add\Anti(rash.rar High
7/11/2012 4:50:36 AM Deleted Trojan program HEUR:Trojan.Win32.Generic D:\Software\Update\Add\Anti(rash.rar//Anti(rash/Setup.exe High
7/11/2012 4:50:36 AM Deleted Trojan program HEUR:Trojan.Win32.Generic D:\Software\Update\Add\Anti(rash.rar//Anti(rash/Setup.exe//data0017.res High
7/11/2012 4:50:36 AM Deleted Trojan program HEUR:Trojan.Win32.Generic D:\Software\Update\Add\Anti(rash.rar//Anti(rash/Setup.exe//data0017.res//ITSOLY~1.EXE High
7/11/2012 4:50:36 AM Deleted Trojan program HEUR:Trojan.Win32.Generic D:\Software\Update\Add\Anti(rash.rar//Anti(rash/Setup.exe//data0000.cab High
7/11/2012 5:32:24 AM Deleted malware HackTool.Win32.Hydra.g D:\Software\WN\WifiHack2009_MG4\WifiHack2009.exe Medium
7/11/2012 5:32:24 AM Deleted malware HackTool.Win32.Hydra.g D:\Software\WN\WifiHack2009_MG4\WifiHack2009.exe/AutoPlay/Docs/THC-Hydra/hydra-5.4-win.zip Medium
7/11/2012 5:32:24 AM Deleted malware HackTool.Win32.Hydra.g D:\Software\WN\WifiHack2009_MG4\WifiHack2009.exe/AutoPlay/Docs/THC-Hydra/hydra-5.4-win.zip/hydra-5.4-win/hydra.exe Medium
7/11/2012 6:21:55 AM Deleted Trojan program Exploit.Linux.Lotoor.p D:\SYAH\LG OP1\Root\Root\root.rar High
7/11/2012 6:21:55 AM Deleted Trojan program Exploit.Linux.Lotoor.p D:\SYAH\LG OP1\Root\Root\root.rar//Exploits/GingerBreak High
Status: Absent (events: 1)
7/11/2012 7:13:48 AM Not found Trojan program Trojan.Win32.Scar.glcd C:\Documents and Settings\SYAH\Application Data\xsecva\xsecva.exe//ASPack High
Status: Disinfected (events: 8)
7/10/2012 9:50:24 PM Disinfected unknown threat not-a-virus:HEUR:HackTool.AndroidOS.FaceNiff.a C:\Documents and Settings\SYAH\Documents\Downloads\Compressed\FcNf2.1.zip Medium
7/10/2012 9:50:24 PM Disinfected unknown threat not-a-virus:HEUR:HackTool.AndroidOS.FaceNiff.a C:\Documents and Settings\SYAH\Documents\Downloads\Compressed\FcNf2.1.zip/FaceNiff-2.1b.apk Medium
7/10/2012 9:50:24 PM Disinfected unknown threat not-a-virus:HEUR:HackTool.AndroidOS.FaceNiff.a C:\Documents and Settings\SYAH\Documents\Downloads\Compressed\FcNf2.1.zip/FaceNiff-2.1b.apk/classes.dex Medium
7/10/2012 9:50:19 PM Disinfected unknown threat not-a-virus:HEUR:HackTool.AndroidOS.FaceNiff.a C:\Documents and Settings\SYAH\Documents\Downloads\Compressed\FC\FaceNiff-2.1b.apk Medium
7/10/2012 9:50:19 PM Disinfected unknown threat not-a-virus:HEUR:HackTool.AndroidOS.FaceNiff.a C:\Documents and Settings\SYAH\Documents\Downloads\Compressed\FC\FaceNiff-2.1b.apk/classes.dex Medium
7/10/2012 9:54:11 PM Disinfected unknown threat not-a-virus:HEUR:HackTool.AndroidOS.FaceNiff.a C:\Documents and Settings\SYAH\Downloads\FaceNiff-2.1b.apk Medium
7/10/2012 9:54:11 PM Disinfected unknown threat not-a-virus:HEUR:HackTool.AndroidOS.FaceNiff.a C:\Documents and Settings\SYAH\Downloads\FaceNiff-2.1b.apk/classes.dex Medium
7/10/2012 10:23:47 PM Disinfected virus Virus.Win32.ZAccess.m C:\FRST\Quarantine\services.exe High
Status: Quarantined (events: 5)
7/10/2012 10:24:27 PM Quarantined Trojan program HEUR:Trojan.Win32.Generic C:\FRST\Quarantine\{6a394af4-d0fb-2174-0b3e-91bc48e8b8ec}\n High
7/11/2012 4:55:06 AM Quarantined Trojan program HEUR:Trojan.Win32.Generic D:\Software\Update\Add\Anti(rash\Setup.exe High
7/11/2012 4:55:06 AM Quarantined Trojan program HEUR:Trojan.Win32.Generic D:\Software\Update\Add\Anti(rash\Setup.exe//data0017.res High
7/11/2012 4:55:06 AM Quarantined Trojan program HEUR:Trojan.Win32.Generic D:\Software\Update\Add\Anti(rash\Setup.exe//data0017.res//ITSOLY~1.EXE High
7/11/2012 4:55:06 AM Quarantined Trojan program HEUR:Trojan.Win32.Generic D:\Software\Update\Add\Anti(rash\Setup.exe//data0000.cab High

 

[Jay Pfoutz]

Your computer has keygens, which is a form of software piracy. What is so bad about Cracks, Hacks, Pirated software, warez, or Keygens?

Most popular cracks or keygens I see, are for Adobe CS4 or CS5, a lot of different games, Nero, Kaspersky antivirus, and much more. All of these cracks and keygens have what is called "cloaked malware," which is a form of spyware or viruses or trojans that hide themselves inside the keygen or crack files. Most hacks for games that come in the form of a program or installer, will also be infected. It is the opportunity for attackers to present a seemingly safe situation where the opportunity to steal something is in play, while the malware infects your system in the process. Yes, it will install what you were looking for, but also allow malware to potentially take control of your computer.

Lastly, it is illegal. I will counsel you that we do not report such incidents. However, it is not good practice to pirate software.


Any more issues?

We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

Many of the things to note for us would be:

• Slow computer
• Error messages
• Fake antivirus alerts or the icon in the system tray
• svchost.exe running at 100%
• System crashes or blue screen of death

 

[sapphireX]

Is my computer are clean from sirefef?
Before this sometime my computer CPU usage are 100% (I look at the CPU meter window gadget, is that normal?)

 

[Jay Pfoutz]

Does it stay constantly up there, or occasionally drifts up there?

 

[sapphireX]

It not constatly, that is before the infection occur, Right now the CPU usage is ok, ( I dont run any program right now except the internet browser because im not sure the infection is complete clean or not).

 

[Jay Pfoutz]

Run the online scanner again and post a log, please.

 

[sapphireX]

I am sorry, which one did you mean ' the online scanner' , the Farbar Recovery Scan Tool or the Kaspersky virus Removal Tool?

 

[Jay Pfoutz]

My apologies. Kaspersky's tool appeared like ESET online scanner does.

ESET Online Scan

Please run a free online scan with the ESET Online Scanner

• Tick the box next to YES, I accept the Terms of Use
• Click Start
• When asked, allow the ActiveX control to install
• Click Start
• Make sure that the options Remove found threats and the option Scan unwanted applications is checked
• Click Scan (This scan can take several hours, so please be patient)
• Once the scan is completed, you may close the window
• Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
• Copy and paste that log as a reply to this topic

 

[sapphireX]

The scan is successfull and 10 threat is detected and automatically quarantine but the log file are only have this,

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK

 

[Jay Pfoutz]

That is the only log at: C:\Program Files\EsetOnlineScanner

Check in that location for any other logs, or re-open log.txt to be sure, please.

 

[sapphireX]

there are only one file log name log.txt locate at C:\Program Files\ESET\ESET Online Scanner
the content of the log is
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK

 

[Jay Pfoutz]

Please scan with FRST again, as above, and post a new log.

 

[sapphireX]

This is the log:

Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 07-07-2012 03
Ran by SYSTEM at 17-07-2012 06:38:37
Running from G:\
Windows 7 Ultimate (X86) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [NBAgent] "C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart [1234216 2010-03-25] (Nero AG)
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [135168 2009-09-02] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [167424 2009-09-02] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [144384 2009-09-02] (Intel Corporation)
HKLM\...\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming [1352272 2010-10-28] (Logitech, Inc.)
HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s [10828392 2011-08-26] (Realtek Semiconductor)
HKLM\...\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-12] (Microsoft Corporation)
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-09-26] (Apple Inc.)
HKLM\...\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe [1163272 2009-06-22] (Dritek System Inc.)
HKLM\...\Run: [BtTray] "C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe" [278016 2009-02-27] ()
HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2012-03-27] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-01] (Adobe Systems Incorporated)
HKLM\...\Run: [Simpo PDF Creator Pro Server] "C:\Program Files\Simpo PDF Creator Pro\SpcProSrv.exe" [101376 2010-12-11] (Simpo Technologies)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [931200 2012-03-26] (Microsoft Corporation)
HKU\SYAH\...\Run: [Akamai NetSession Interface] "C:\Users\SYAH\AppData\Local\Akamai\netsession_win.exe" [4327744 2012-05-25] (Akamai Technologies, Inc)
HKU\SYAH\...\Run: [googletalk] C:\Users\SYAH\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart [3739648 2007-01-01] (Google)
HKU\SYAH\...\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet [6591800 2012-02-22] (Yahoo! Inc.)
HKU\SYAH\...\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot [3437976 2011-10-24] (Tonec Inc.)
HKU\SYAH\...\Run: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE" [718720 2011-07-21] (Microsoft Corporation)
HKU\SYAH\...\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun [3672384 2012-04-11] (DT Soft Ltd)
HKU\SYAH\...\Run: [GoogleDriveSync] "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart [x]
HKU\SYAH\...\Run: [Connectify] C:\Program Files\Connectify\Connectify.exe [4116296 2012-05-02] (Connectify)
HKU\SYAH\...\Run: [Facebook Update] "C:\Users\SYAH\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [138096 2012-07-15] (Facebook Inc.)
HKU\SYAH\...\CurrentVersion\Windows: [Load] C:\TCWIN45\PIPELINE\remind.exe
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Startup: C:\Users\SYAH\Start Menu\Programs\Startup\Stardock ObjectDock.lnk
ShortcutTarget: Stardock ObjectDock.lnk -> C:\Program Files\Stardock\ObjectDockPlus2\ObjectDock.exe (Stardock)

================================ Services (Whitelisted) ==================

3 1394hub; C:\Windows\System32\svchost.exe -k netsvcs [20992 2009-07-13] (Microsoft Corporation)
2 AIPS; C:\Program Files\netcut\services\AIPS.exe [262144 2011-07-28] (Arcai.com)
2 BlueSoleilCS; C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe [850432 2009-02-27] ()
3 BsHelpCS; C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe [98407 2009-02-27] ()
2 BsMobileCS; C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe [143467 2009-02-27] ()
2 Change Modem Device Service; "C:\Windows\system32\ChgService.exe" -service [135168 2009-04-20] ()
2 Connectify; C:\Program Files\Connectify\ConnectifyService.exe [65536 2012-05-02] ()
2 eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [20992 2009-07-13] (Microsoft Corporation)
2 fsproflt; C:\Windows\system32\fsproflt.exe [73392 2009-03-08] (FSPro Labs)
2 HFGService; C:\Windows\System32\HFGService.dll [356864 2006-11-19] (CSR, plc)
2 NAUpdate; "C:\Program Files\Nero\Update\NASvc.exe" [490280 2010-03-24] (Nero AG)
3 npggsvc; C:\Windows\system32\GameMon.des -service [3739080 2010-08-29] (INCA Internet Co., Ltd.)
3 ose; "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE" [149352 2010-01-09] (Microsoft Corporation)
3 osppsvc; "C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE" [4640000 2010-01-09] (Microsoft Corporation)
2 UCStream; C:\Program Files\UCStream\UCStream.exe [57344 2011-11-16] ()
2 VMAuthdService; "C:\Program Files\VMware\VMware Player\vmware-authd.exe" [79872 2011-11-13] (VMware, Inc.)
2 VMnetDHCP; C:\Windows\system32\vmnetdhcp.exe [354416 2011-11-13] (VMware, Inc.)
2 VMUSBArbService; "C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe" [665200 2011-08-29] (VMware, Inc.)
2 VMware NAT Service; C:\Windows\system32\vmnat.exe [433264 2011-11-13] (VMware, Inc.)
2 Akamai; c:\program files\common files\akamai/netsession_win_4f7fccd.dll [x]
2 MsMpSvc; "c:\Program Files\Microsoft Security Client\MsMpEng.exe" [x]
3 NisSrv; "c:\Program Files\Microsoft Security Client\NisSrv.exe" [x]
3 rpcapd; "C:\Program Files\WinPcap\rpcapd.exe" -d -f "C:\Program Files\WinPcap\rpcapd.ini" [x]

========================== Drivers (Whitelisted) =============

3 Andbus; C:\Windows\System32\DRIVERS\lgandbus.sys [14336 2010-12-06] (LG Electronics Inc.)
3 AndDiag; C:\Windows\System32\DRIVERS\lganddiag.sys [20736 2010-12-06] (LG Electronics Inc.)
3 AndGps; C:\Windows\System32\DRIVERS\lgandgps.sys [20096 2010-12-06] (LG Electronics Inc.)
3 ANDModem; C:\Windows\System32\DRIVERS\lgandmodem.sys [25088 2010-12-06] (LG Electronics Inc.)
3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag.sys [23296 2011-04-08] (LG Electronics Inc.)
3 AndNetGps; C:\Windows\System32\DRIVERS\lgandnetgps.sys [22400 2011-04-08] (LG Electronics Inc.)
3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem.sys [28160 2011-04-08] (LG Electronics Inc.)
3 andnetndis; C:\Windows\System32\DRIVERS\lgandnetndis.sys [72192 2011-04-08] (LG Electronics Inc.)
3 androidusb; C:\Windows\System32\Drivers\lgandadb.sys [25728 2010-08-02] (Google Inc)
3 apf001; \??\C:\Windows\system32\apf001.sys [13232 2012-01-24] ()
1 blbdrive; C:\Windows\System32\DRIVERS\BLBDRIVE.SYS [35328 2011-11-01] ()
3 Bridge; C:\Windows\System32\DRIVERS\bridge.sys [78336 2009-07-13] (Microsoft Corporation)
3 Btcsrusb; C:\Windows\System32\Drivers\btcusb.sys [39304 2009-01-03] (IVT Corporation.)
3 BthAudioHF; C:\Windows\System32\DRIVERS\BthAudioHF.sys [29184 2006-11-19] (CSR, plc)
3 bthav; C:\Windows\System32\drivers\bthav.sys [36352 2006-10-11] (CSR, plc)
3 BthAvrcp; C:\Windows\System32\DRIVERS\BthAvrcp.sys [12800 2006-10-11] (CSR, plc)
0 BtHidBus; C:\Windows\System32\Drivers\BtHidBus.sys [20744 2009-01-07] (IVT Corporation.)
3 btnetBUs; C:\Windows\System32\Drivers\btnetBus.sys [30088 2008-12-06] ()
3 BTNetFilter; \??\C:\Program Files\IVT Corporation\BlueSoleil\Device\Win2k\BTNetFilter.sys [22416 2006-11-21] (IVT Corporation.)
3 cmnsusbser; C:\Windows\System32\DRIVERS\cmnsusbser.sys [103424 2008-10-31] (Mobile Connector)
1 cnnctfy2; C:\Windows\System32\DRIVERS\cnnctfy2.sys [27248 2011-10-28] (Connectify)
3 DKbFltr; C:\Windows\System32\DRIVERS\DKbFltr.sys [21000 2009-03-25] (Dritek System Inc.)
1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2012-04-15] (DT Soft Ltd)
0 FSProFilter; C:\Windows\System32\Drivers\FSPFltd.sys [43792 2008-06-05] (FSPro Labs)
0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-03] ()
2 hcmon; \??\C:\Windows\system32\drivers\hcmon.sys [32496 2011-08-29] (VMware, Inc.)
3 hwdatacard; C:\Windows\System32\DRIVERS\ewusbmdm.sys [102784 2008-12-12] (Huawei Technologies Co., Ltd.)
3 hwusbfake; C:\Windows\System32\DRIVERS\ewusbfake.sys [103040 2008-12-29] (Huawei Technologies Co., Ltd.)
2 IDMWFP; C:\Windows\System32\DRIVERS\idmwfp.sys [89376 2011-07-06] (Tonec Inc.)
3 IvtBtBUs; C:\Windows\System32\Drivers\IvtBtBus.sys [26248 2008-07-01] (IVT Corporation.)
3 JMCR; C:\Windows\System32\DRIVERS\jmcr.sys [116136 2009-07-20] (JMicron Technology Corporation)
3 KMWDFILTERx86; C:\Windows\System32\DRIVERS\KMWDFILTER.sys [25088 2009-04-28] (Windows (R) Codename Longhorn DDK provider)
3 L1E; C:\Windows\System32\DRIVERS\L1E62x86.sys [48640 2009-08-22] (Atheros Communications, Inc.)
3 LgBttPort; C:\Windows\System32\DRIVERS\lgbtport.sys [12160 2009-09-28] (LG Electronics Inc.)
3 lgbusenum; C:\Windows\System32\DRIVERS\lgbtbus.sys [10496 2009-09-28] (LG Electronics Inc.)
3 LGVMODEM; C:\Windows\System32\DRIVERS\lgvmodem.sys [12928 2009-09-28] (LG Electronics Inc.)
3 LUsbFilt; C:\Windows\System32\Drivers\LUsbFilt.Sys [28624 2010-08-24] (Logitech, Inc.)
0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [171064 2012-03-20] (Microsoft Corporation)
3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [657408 2009-07-13] (Ralink Technology Corp.)
3 NETwNs32; C:\Windows\System32\DRIVERS\NETwNs32.sys [7430144 2010-11-08] (Intel Corporation)
2 NPF; C:\Windows\System32\drivers\npf.sys [35088 2010-06-25] (CACE Technologies, Inc.)
3 NPPTNT2; \??\C:\Windows\system32\npptNT2.sys [4682 2005-01-03] (INCA Internet Co., Ltd.)
3 NSNDIS5; \??\C:\Windows\system32\NSNDIS5.SYS [17280 2004-03-23] (Printing Communications Assoc., Inc. (PCAUSA))
3 pwdrvio; \??\C:\Windows\system32\pwdrvio.sys [16472 2011-05-05] ()
3 pwdspio; \??\C:\Windows\system32\pwdspio.sys [11104 2011-05-05] ()
2 Sentinel; C:\Windows\System32\Drivers\SENTINEL.SYS [76288 2004-05-13] (Rainbow Technologies, Inc.)
0 speedfan; C:\Windows\System32\speedfan.sys [25240 2011-03-18] (Almico Software)
3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [25984 2009-12-11] (The OpenVPN Project)
3 VComm; C:\Windows\System32\DRIVERS\VComm.sys [14856 2008-01-21] (IVT Corporation.)
3 VcommMgr; C:\Windows\System32\Drivers\VcommMgr.sys [31880 2009-01-07] (IVT Corporation.)
3 VHidMinidrv; C:\Windows\System32\drivers\VHIDMini.sys [17416 2008-12-21] (IVT Corporation.)
3 vmkbd; \??\C:\Windows\system32\drivers\VMkbd.sys [25584 2011-11-13] (VMware, Inc.)
3 VMnetAdapter; C:\Windows\System32\DRIVERS\vmnetadapter.sys [16624 2011-11-13] (VMware, Inc.)
2 VMnetBridge; C:\Windows\System32\DRIVERS\vmnetbridge.sys [36464 2011-11-13] (VMware, Inc.)
2 VMnetuserif; \??\C:\Windows\system32\drivers\vmnetuserif.sys [25712 2011-11-13] (VMware, Inc.)
3 vmusb; C:\Windows\System32\Drivers\vmusb.sys [31280 2011-08-29] (VMware, Inc.)
2 vmx86; \??\C:\Windows\system32\Drivers\vmx86.sys [55664 2011-11-13] (VMware, Inc.)
3 WmBEnum; C:\Windows\System32\drivers\WmBEnum.sys [22856 2010-04-27] (Logitech Inc.)
3 WmFilter; C:\Windows\System32\drivers\WmFilter.sys [37704 2010-04-26] (Logitech Inc.)
3 WmVirHid; C:\Windows\System32\drivers\WmVirHid.sys [15048 2010-04-27] (Logitech Inc.)
3 WmXlCore; C:\Windows\System32\drivers\WmXlCore.sys [66632 2010-04-27] (Logitech Inc.)
1 aoxzfpti; \??\C:\Windows\system32\drivers\aoxzfpti.sys [x]
1 ayeueffp; \??\C:\Windows\system32\drivers\ayeueffp.sys [x]
3 BT; C:\Windows\System32\DRIVERS\btnetdrv.sys [x]
3 BTCOM; C:\Windows\System32\DRIVERS\btcomport.sys [x]
3 BTCOMBUS; C:\Windows\System32\Drivers\btcombus.sys [x]
3 BzeekDM; C:\Windows\System32\DRIVERS\drone.sys [x]
3 BzeekDP; C:\Windows\System32\DRIVERS\drone.sys [x]
1 cbhhguqg; \??\C:\Windows\system32\drivers\cbhhguqg.sys [x]
1 ccestdch; \??\C:\Windows\system32\drivers\ccestdch.sys [x]
3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [x]
1 ewvolyvb; \??\C:\Windows\system32\drivers\ewvolyvb.sys [x]
1 exauhrbn; \??\C:\Windows\system32\drivers\exauhrbn.sys [x]
1 fiohwgri; \??\C:\Windows\system32\drivers\fiohwgri.sys [x]
3 GarenaPEngine; \??\C:\Users\SYAH\AppData\Local\Temp\OIRB4B0.tmp [x]
3 GGSAFERDriver; \??\C:\Program Files\Garena\safedrv.sys [x]
1 ibwxyqpd; \??\C:\Windows\system32\drivers\ibwxyqpd.sys [x]
1 irtyrqto; \??\C:\Windows\system32\drivers\irtyrqto.sys [x]
1 kkfzsvms; \??\C:\Windows\system32\drivers\kkfzsvms.sys [x]
1 ksdcimkg; \??\C:\Windows\system32\drivers\ksdcimkg.sys [x]
1 lsgjtsaw; \??\C:\Windows\system32\drivers\lsgjtsaw.sys [x]
1 mihgearo; \??\C:\Windows\system32\drivers\mihgearo.sys [x]
1 mxaecdbf; \??\C:\Windows\system32\drivers\mxaecdbf.sys [x]
3 NANMp50; C:\Windows\System32\Drivers\NANMp50.sys [x]
3 NANSp50; C:\Windows\System32\Drivers\NANSp50.sys [x]
1 pityzfbl; \??\C:\Windows\system32\drivers\pityzfbl.sys [x]
1 pqldacck; \??\C:\Windows\system32\drivers\pqldacck.sys [x]
1 qstabewh; \??\C:\Windows\system32\drivers\qstabewh.sys [x]
1 qzpxtvtm; \??\C:\Windows\system32\drivers\qzpxtvtm.sys [x]
1 scmuoarn; \??\C:\Windows\system32\drivers\scmuoarn.sys [x]
1 svglmqvw; \??\C:\Windows\system32\drivers\svglmqvw.sys [x]
3 Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [x]
1 tmrwegig; \??\C:\Windows\system32\drivers\tmrwegig.sys [x]
3 tsusbhub; C:\Windows\System32\drivers\tsusbhub.sys [x]
1 ucfllsmn; \??\C:\Windows\system32\drivers\ucfllsmn.sys [x]
1 upqqassd; \??\C:\Windows\system32\drivers\upqqassd.sys [x]
1 uyupxfrj; \??\C:\Windows\system32\drivers\uyupxfrj.sys [x]
3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-07-15 07:43 - 2012-07-15 07:43 - 00000000 ____D C:\Program Files\ESET
2012-07-10 15:33 - 2012-07-10 15:35 - 88540962 ____A C:\Users\SYAH\Desktop\Kas3.txt
2012-07-10 15:25 - 2012-07-10 15:32 - 343081786 ____A C:\Users\SYAH\Desktop\Kas2.txt
2012-07-10 15:22 - 2012-07-10 15:22 - 00007505 ____A C:\Users\SYAH\Desktop\Kas.txt
2012-07-10 04:22 - 2012-07-10 04:22 - 00000000 ____D C:\Users\All Users\Kaspersky Lab
2012-07-09 15:17 - 2012-07-09 15:31 - 142592280 ____A C:\Users\SYAH\Desktop\setup_11.0.0.1245.x01_2012_07_10_00_51.exe
2012-07-08 20:16 - 2012-07-08 20:17 - 00000000 ____D C:\FRST
2012-07-07 08:24 - 2012-07-07 08:24 - 00000000 ____D C:\Users\S\AppData\Roaming\Macromedia
2012-07-07 08:24 - 2012-07-07 08:24 - 00000000 ____D C:\Users\S\AppData\Roaming\Adobe
2012-07-07 08:18 - 2012-07-07 08:18 - 00000000 ____D C:\Users\S\AppData\Roaming\Nero
2012-07-07 08:18 - 2012-07-07 08:18 - 00000000 ____D C:\Users\S\AppData\Roaming\Logitech
2012-07-07 08:18 - 2012-07-07 08:18 - 00000000 ____D C:\Users\S\AppData\Roaming\Apple Computer
2012-07-07 08:18 - 2012-07-07 08:18 - 00000000 ____D C:\Users\S\AppData\Local\bluesoleil
2012-07-07 08:17 - 2012-07-07 08:17 - 00000020 ___SH C:\Users\S\ntuser.ini
2012-07-07 08:17 - 2012-07-07 08:17 - 00000000 ____D C:\Users\S\AppData\Local\VirtualStore
2012-07-07 08:16 - 2012-07-07 08:17 - 00000000 ____D C:\users\S
2012-07-07 08:16 - 2012-05-08 03:33 - 00000000 ____D C:\Users\S\AppData\LocalGoogle
2012-07-07 08:16 - 2012-05-08 03:33 - 00000000 ____D C:\Users\S\AppData\Local\Google
2012-07-07 08:16 - 2011-08-18 07:55 - 00000000 ____D C:\Users\S\AppData\Local\Microsoft Help
2012-07-07 07:26 - 2012-07-07 07:27 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-07-07 00:52 - 2012-07-10 05:49 - 00000000 ____D C:\Users\SYAH\AppData\Roaming\xsecva
2012-07-07 00:05 - 2012-07-07 00:12 - 37310580 ____A C:\Users\SYAH\Downloads\JTTK.Kuryu.TH.rar
2012-07-02 06:55 - 2012-07-02 06:55 - 00000000 ____D C:\Users\SYAH\AppData\Roaming\Edraw Max
2012-07-02 06:54 - 2012-07-02 06:55 - 00000000 ____D C:\Program Files\Edraw Max
2012-07-02 06:27 - 2012-07-02 06:33 - 42171536 ____A (EdrawSoft ) C:\Users\SYAH\Downloads\edrawmax.exe
2012-07-02 05:29 - 2012-07-02 08:02 - 00000000 ____D C:\New folder (2)
2012-07-02 05:15 - 2012-07-02 05:15 - 01174959 ____A C:\Users\SYAH\Downloads\EzwanDVD.pptx
2012-06-25 07:09 - 2012-06-25 07:09 - 00029380 ____A C:\Users\SYAH\Downloads\preve150612.zip
2012-06-25 05:13 - 2012-06-02 14:19 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-25 05:13 - 2012-06-02 14:19 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-25 05:13 - 2012-06-02 14:19 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-25 05:13 - 2012-06-02 14:19 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-25 05:13 - 2012-06-02 14:19 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-25 05:13 - 2012-06-02 14:12 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-25 05:13 - 2012-06-02 14:12 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-25 05:13 - 2012-06-01 23:19 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-25 05:13 - 2012-06-01 23:12 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe

============ 3 Months Modified Files ========================

2012-07-16 04:06 - 2011-12-08 10:13 - 00005815 ____A C:\Windows\System32\LOCALSERVICE.INI
2012-07-16 04:06 - 2010-07-28 19:41 - 01713779 ____A C:\Windows\WindowsUpdate.log
2012-07-16 04:03 - 2009-07-13 20:34 - 00023312 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-16 04:03 - 2009-07-13 20:34 - 00023312 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-16 04:01 - 2010-07-28 04:58 - 00803874 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-16 03:57 - 2011-03-15 08:15 - 00000878 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-07-16 03:56 - 2011-12-03 07:14 - 00038173 ____A C:\Windows\setupact.log
2012-07-16 03:56 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-16 03:56 - 2009-02-27 01:04 - 00000915 ____A C:\Windows\System32\bscs.ini
2012-07-15 14:14 - 2011-03-15 08:15 - 00000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-07-15 13:40 - 2011-07-08 01:19 - 00000924 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1292417973-226250186-4237057250-1000UA.job
2012-07-15 10:40 - 2011-07-08 01:19 - 00000902 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1292417973-226250186-4237057250-1000Core.job
2012-07-10 15:35 - 2012-07-10 15:33 - 88540962 ____A C:\Users\SYAH\Desktop\Kas3.txt
2012-07-10 15:32 - 2012-07-10 15:25 - 343081786 ____A C:\Users\SYAH\Desktop\Kas2.txt
2012-07-10 15:22 - 2012-07-10 15:22 - 00007505 ____A C:\Users\SYAH\Desktop\Kas.txt
2012-07-10 05:54 - 2011-11-18 04:01 - 00468911 ____A C:\Users\SYAH\Downloads\FaceNiff-2.1b.apk
2012-07-09 15:31 - 2012-07-09 15:17 - 142592280 ____A C:\Users\SYAH\Desktop\setup_11.0.0.1245.x01_2012_07_10_00_51.exe
2012-07-07 08:17 - 2012-07-07 08:17 - 00000020 ___SH C:\Users\S\ntuser.ini
2012-07-07 07:27 - 2011-08-17 02:56 - 00001945 ____A C:\Windows\epplauncher.mif
2012-07-07 00:57 - 2012-04-25 04:22 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-07-07 00:57 - 2011-05-19 17:40 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-07-07 00:12 - 2012-07-07 00:05 - 37310580 ____A C:\Users\SYAH\Downloads\JTTK.Kuryu.TH.rar
2012-07-07 00:04 - 2010-07-28 07:02 - 00000312 ____A C:\Users\SYAH\.packettracer
2012-07-02 06:33 - 2012-07-02 06:27 - 42171536 ____A (EdrawSoft ) C:\Users\SYAH\Downloads\edrawmax.exe
2012-07-02 05:15 - 2012-07-02 05:15 - 01174959 ____A C:\Users\SYAH\Downloads\EzwanDVD.pptx
2012-06-29 05:05 - 2009-07-13 20:53 - 00032652 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-06-25 07:09 - 2012-06-25 07:09 - 00029380 ____A C:\Users\SYAH\Downloads\preve150612.zip
2012-06-16 08:51 - 2011-07-19 18:59 - 00000600 ____A C:\Users\SYAH\PUTTY.RND
2012-06-13 04:36 - 2009-07-13 20:33 - 01757696 ____A C:\Windows\System32\FNTCACHE.DAT
2012-06-13 04:26 - 2010-07-31 08:42 - 56731752 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-06-12 14:31 - 2012-06-12 14:31 - 02074728 ____A (Acer Inc.) C:\Users\SYAH\Downloads\HWVendorDetection.exe
2012-06-10 04:00 - 2012-06-10 03:59 - 08079675 ____A C:\Users\SYAH\Downloads\PYH_IY.rar
2012-06-02 14:19 - 2012-06-25 05:13 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-25 05:13 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-25 05:13 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-25 05:13 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-25 05:13 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:12 - 2012-06-25 05:13 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:12 - 2012-06-25 05:13 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-01 23:19 - 2012-06-25 05:13 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-01 23:12 - 2012-06-25 05:13 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-01 08:37 - 2012-06-01 08:32 - 02275328 ____A C:\Users\SYAH\Downloads\SLA.ppt
2012-06-01 08:35 - 2012-06-01 08:34 - 00522388 ____A C:\Users\SYAH\Downloads\ITIL Tools.pptx
2012-06-01 07:45 - 2012-06-01 07:42 - 10288512 ____A (Microsoft Corporation) C:\Users\SYAH\Downloads\mseinstall.exe
2012-06-01 07:36 - 2012-01-27 18:07 - 00223194 ____A C:\Windows\PFRO.log
2012-05-23 10:07 - 2012-05-23 10:07 - 00005754 ____A C:\Users\SYAH\Downloads\Pretest Answer_Sashikumaran.txt
2012-05-19 10:48 - 2012-05-19 10:26 - 76595971 ____A C:\Users\SYAH\Downloads\kucing s01e19.rmvb
2012-05-19 08:06 - 2012-05-19 08:06 - 00000210 ____A C:\Users\SYAH\Downloads\g5xd5nic00000000.js
2012-05-19 07:50 - 2012-05-19 07:47 - 09765910 ____A C:\Users\SYAH\Downloads\kucingkilat.S01E20.rar
2012-05-17 15:11 - 2012-06-13 04:22 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-05-17 14:48 - 2012-06-13 04:22 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-05-17 14:45 - 2012-06-13 04:22 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-05-17 14:36 - 2012-06-13 04:22 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-05-17 14:35 - 2012-06-13 04:22 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-05-17 14:35 - 2012-06-13 04:22 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-05-17 14:33 - 2012-06-13 04:22 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-05-17 14:31 - 2012-06-13 04:22 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-05-17 14:29 - 2012-06-13 04:22 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-05-17 14:29 - 2012-06-13 04:22 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-05-17 14:27 - 2012-06-13 04:22 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-05-17 14:25 - 2012-06-13 04:22 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-05-17 14:24 - 2012-06-13 04:22 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-05-17 14:20 - 2012-06-13 04:22 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-05-17 04:34 - 2012-05-17 04:34 - 00001105 ____A C:\Users\Public\Desktop\Yahoo! Messenger.lnk
2012-05-17 04:19 - 2012-05-17 04:19 - 00424048 ____A (Yahoo! Inc.) C:\Users\SYAH\Downloads\msgr11us.exe
2012-05-14 17:05 - 2012-06-13 04:21 - 02343936 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-10 04:26 - 2012-01-06 10:21 - 00000989 ____A C:\Users\Public\Desktop\Connectify.lnk
2012-05-06 00:09 - 2012-05-06 00:09 - 00002479 ____A C:\Users\Public\Desktop\Safari.lnk
2012-04-30 07:41 - 2012-04-30 07:41 - 00001644 ____A C:\Users\SYAH\Desktop\Google Drive.lnk
2012-04-30 07:30 - 2012-04-30 07:30 - 00740088 ____A (Google Inc.) C:\Users\SYAH\Downloads\googledrivesync.exe
2012-04-28 07:35 - 2012-04-28 07:35 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2012-04-27 20:41 - 2012-06-13 04:22 - 00919040 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll
2012-04-27 19:17 - 2012-06-13 04:22 - 00183808 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-25 20:45 - 2012-06-13 04:21 - 00129536 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-04-25 20:45 - 2012-06-13 04:21 - 00058880 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-04-25 20:41 - 2012-06-13 04:21 - 00008192 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-04-23 08:38 - 2012-04-23 08:38 - 00000277 ____A C:\Windows\LkmdfCoInst.log
2012-04-23 08:38 - 2011-01-01 23:42 - 00016400 ____A (Logitech, Inc.) C:\Windows\System32\Drivers\LNonPnP.sys
2012-04-23 04:46 - 2012-04-23 04:46 - 00000989 ____A C:\Users\SYAH\Desktop\PhotoScape.lnk
2012-04-23 04:46 - 2012-04-23 04:46 - 00000989 ____A C:\Users\Guest\Desktop\PhotoScape.lnk
2012-04-22 11:23 - 2012-04-22 11:23 - 00027759 ____A C:\Users\SYAH\Downloads\loe_skil_list (1).ods


========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 15%
Total physical RAM: 3002.01 MB
Available physical RAM: 2524.06 MB
Total Pagefile: 3000.29 MB
Available Pagefile: 2535.16 MB
Total Virtual: 2047.88 MB
Available Virtual: 1977.62 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:58.5 GB) (Free:4.12 GB) NTFS
2 Drive e: (SYAH) (Fixed) (Total:136.72 GB) (Free:2.59 GB) NTFS
4 Drive g: (KINGSTON) (Removable) (Total:1.86 GB) (Free:1.86 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
6 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.04 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 232 GB 1024 KB
Disk 1 Online 1906 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 58 GB 101 MB
Partition 3 Primary 136 GB 58 GB
Partition 0 Extended 37 GB 195 GB
Partition 4 Logical 3814 MB 195 GB
Partition 5 Logical 33 GB 199 GB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y System Rese NTFS Partition 100 MB Healthy

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 58 GB Healthy

==================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E SYAH NTFS Partition 136 GB Healthy

==================================================================================

Disk: 0
Partition 4
Type : 82
Hidden: Yes
Active: No

There is no volume associated with this partition.

==================================================================================

Disk: 0
Partition 5
Type : 83
Hidden: Yes
Active: No

There is no volume associated with this partition.

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
* Partition 1 Primary 1906 MB 0 B

==================================================================================

Disk: 1
There is no partition selected.

There is no partition selected.
Please select a partition and try again.

==================================================================================

==========================================================

Last Boot: 2012-07-15 11:44

======================= End Of Log ==========================

 

[Jay Pfoutz]

Awesome sauce! Clean.

If there are no more issues, then we shall clean up!

Clean up System Restore

Now, to get you off to a clean start, we will be creating a new Restore Point, then clearing the old ones to make sure you do not get reinfected, in case you need to "restore back."

To manually create a new Restore Point

• Go to Control Panel and select System and Maintenance
• Select System
• On the left select Advance System Settings and accept the warning if you get one
• Select System Protection Tab
• Select Create at the bottom
• Type in a name I.e. Clean
• Select Create

Now we can purge the infected ones

• Go back to the System and Maintenance page
• Select Performance Information and Tools
• On the left select Open Disk Cleanup
• Select Files from all users and accept the warning if you get one
• In the drop down box select your main drive I.e. C
• For a few moments the system will make some calculations:
  
  
• Select the More Options tab
  
  
• In the System Restore and Shadow Backups select Clean up
  
  
• Select Delete on the pop up
• Select OK
• Select Delete

Run OTC to remove our tools

To remove all of the tools we used and the files and folders they created, please do the following:
Please download OTC.exe by OldTimer:

• Save it to your Desktop.
• Double click OTC.exe.
• Click the CleanUp! button.
• If you are prompted to Reboot during the cleanup, select Yes.
• The tool will delete itself once it finishes.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

Purge old temporary files

Please download TFC by OldTimer to your desktop

• Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
• It will close all programs when run, so make sure you have saved all your work before you begin.
• Click the Start
  button to begin the process. Depending on how often you clean temp
  files, execution time should be anywhere from a few seconds to a minute
  or two. Let it run uninterrupted to completion.
• Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

Security Check

Please download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Tell me in your next reply, if you have completed these tasks:

• Cleaned System Restore
• Ran OTC
• Ran TFC
• Ran Security Check

Also, let me know how your computer is running, and don't forget to post the contents of the Security Check log.

 

[sapphireX]

I have compete the 4 task - Cleaned System Restore, - Ran OTC, - Ran TFC and - Ran Security Check.
Now my computer are running well. Thank you
This is the content of the checkup:

Results of screen317's Security Check version 0.99.42
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Microsoft Security Essentials
(On Access scanning disabled!)
Error obtaining update status for antivirus!
`````````Anti-malware/Other Utilities Check:`````````
Trojan Remover 6.8.2
CCleaner
Java(TM) 6 Update 26
Java(TM) 7 Update 1
Java(TM) SE Development Kit 7
Java version out of Date!
Adobe Flash Player 11.3.300.262
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (13.0.1)
Google Chrome 16.0.912.15
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 3%
````````````````````End of Log``````````````````````

 

[Jay Pfoutz]

Adobe Reader Update!

Please download the newest version of Adobe Acrobat Reader from Adobe.com

Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

Once old versions are gone, please install the newest version.

Java Update!

Please download the newest version of Java from Java.com.

Before installing: it is important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
Search in the list for all previous installed versions of Java. (J2SE Runtime Environment). Please uninstall/remove each of them.

Once old versions are gone, please install the newest version.

Personal Tips on Preventing Malware

See this page for more info about malware and prevention.

Any other questions before I mark this topic solved?

 

[sapphireX]

I have update adobe acrobat reader and Java.
currently my PC is running okay,
Thank you so much for your helps