View Full Version : Safety of infected hard drive after formatting
Failsafe
2012-07-29, 22:51
Hi,
Hope I found the right place for this post...
Last week my Avira antivirus detected a infection of TR/atraps GEN2 virus on my computer. After trying several different instructions from web sites and suggested removal programs which did not detect anything aside of the original infected files which kept coming back again and again after removal I decided to take backup of my photos and other important documents and format the hard drive.
I was going to upgrade my hardware anyway so I decided that now is the right time and bought a new computer and now I'm wondering about the safety of the older hard disk which I'd like to add to the new assembly.
In the old hard disk I had a dual booting Vista/xp-configuration and third partition which contained mostly games and videos. I formatted both OS partitions with the tool from win XP install cd.
Is it safe to add the old hard drive to my new computer or should I still do something to remove the threats completely? I would think that the partition which did not have boot sectors would be safe from rootkits and therefore possible infections should be found with normal virus scans.
I'm also a bit concerned about the backups I made to the external hard disk. The backups contained mostly photographs but also some word-documents etc. but no executable files. Will it be safe to plug the external hard drive to my new computer and trust it's cleanness after virus scanning.
I'm getting overly paranoid over this since the virus was so hard to detect and I certainly do not wish to get infected again.
Yours,
Failsafe
:snwelcome:
Please read Before You Post (http://forums.spybot.info/showthread.php?t=288)
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.
Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.
Running programs with Vista or Windows 7 , you need to Right Click on the program and select RUN AS ADMINISTATOR
If the hard drive was formatted and the OS reinstalled it should be ok
As far as the external drive, you can scan it with Malwarebytes, here are the download site along with instructions, after updating run the FULL scan and make sure your external drive is attached and checked
Please download Malwarebytes from Here (http://www.malwarebytes.org/mbam-download.php) or Here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)
Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform Full scan, then click Scan.
http://i24.photobucket.com/albums/c30/ken545/MBAMCapture.jpg
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report please
Failsafe
2012-08-05, 20:37
The malwarebytes scan result on the external drive:
---clip---
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org
Database version: v2012.08.05.06
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Ylin päätösvalta :: BITTIMURSKAAJA [administrator]
5.8.2012 16:39:02
mbam-log-2012-08-05 (16-39-02).txt
Scan type: Full scan (E:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 271783
Time elapsed: 7 minute(s), 15 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
---clip---
No detections.
Read before you post and provide the logs asked for please
Failsafe
2012-08-05, 21:11
I'm sorry...I thougth that the DDS/aswMBR logs would not be needed since the original system has been wiped...
Here are the logs, thank you for your patience.
DDS log:
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.0
Run by Ylin päätösvalta at 22:03:08 on 2012-08-05
Microsoft Windows 7 Professional 6.1.7601.1.1252.358.1033.18.8144.6626 [GMT 3:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Mobiililaajakaista\Mobiililaajakaista\BecHelperService.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Mestari\Desktop\putty.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.100.1
TCP: Interfaces\{FDB075D4-6D61-41E4-A069-723BEEBB842C} : DhcpNameServer = 192.168.100.1
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\system32\DRIVERS\iusb3hcs.sys --> C:\Windows\system32\DRIVERS\iusb3hcs.sys [?]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 BecHelperService;BecHelperService;C:\Program Files (x86)\Mobiililaajakaista\Mobiililaajakaista\BecHelperService.exe [2012-7-30 1837464]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-7-29 13592]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-2 628448]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2012-7-29 161560]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-7-29 1262400]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-7-29 1153368]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-5-15 382272]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-7-29 363800]
R3 ICCWDT;Intel(R) Watchdog Timer Driver (Intel(R) WDT);C:\Windows\system32\DRIVERS\ICCWDT.sys --> C:\Windows\system32\DRIVERS\ICCWDT.sys [?]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\iusb3hub.sys --> C:\Windows\system32\DRIVERS\iusb3hub.sys [?]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\system32\DRIVERS\iusb3xhc.sys --> C:\Windows\system32\DRIVERS\iusb3xhc.sys [?]
R3 MEIx64;Intel(R) Management Engine Interface ;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 nokia_cs1x_dc_enum;Nokia Internet Stick DC Enumerator;C:\Windows\system32\DRIVERS\nokia_cs1x_dc_enum.sys --> C:\Windows\system32\DRIVERS\nokia_cs1x_dc_enum.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Päivitä-palvelu (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-7-29 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-8-2 250056]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe [2009-12-15 25832]
S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]
S3 gupdatem;Google Päivitä-palvelu (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-7-29 136176]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 nokia_cs1x_cdc_acm;Nokia Internet Stick CDC-ACM driver;C:\Windows\system32\DRIVERS\nokia_cs1x_cdc_acm.sys --> C:\Windows\system32\DRIVERS\nokia_cs1x_cdc_acm.sys [?]
S3 nokia_cs1x_cpo;Nokia Internet Stick Mass Storage Device;C:\Windows\system32\DRIVERS\nokia_cs1x_cpo.sys --> C:\Windows\system32\DRIVERS\nokia_cs1x_cpo.sys [?]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-08-05 19:03:09 -------- d-----w- C:\Users\Ylin põõt÷svalta\AppData\Local\Microsoft
2012-08-05 16:25:19 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5E09AD3D-FF56-42C3-88DE-2A11E0250229}\offreg.dll
2012-08-05 13:37:08 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-08-05 13:37:08 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-08-05 13:00:26 9133488 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5E09AD3D-FF56-42C3-88DE-2A11E0250229}\mpengine.dll
2012-08-03 09:28:37 9133488 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-08-02 05:49:58 772592 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-08-02 05:47:24 -------- d-----w- C:\Users\Ylin päätösvalta\AppData\Roaming\Malwarebytes
2012-08-02 05:47:01 -------- d-----w- C:\ProgramData\Malwarebytes
2012-08-02 05:32:45 -------- d-----w- C:\Windows\System32\appmgmt
2012-08-02 05:24:08 687600 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-08-02 05:18:19 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-02 05:18:19 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-08-02 05:17:08 955888 ----a-w- C:\Windows\System32\npDeployJava1.dll
2012-08-02 05:17:08 839152 ----a-w- C:\Windows\System32\deployJava1.dll
2012-07-31 19:28:59 -------- d-----w- C:\ProgramData\BioWare
2012-07-31 18:40:11 -------- d-----w- C:\Windows\1C4551A64743409391E41477CD655043.TMP
2012-07-31 18:40:06 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2012-07-31 18:40:04 -------- d-----w- C:\ProgramData\Media Center Programs
2012-07-31 18:28:34 -------- d-----w- C:\Program Files (x86)\Dragon Age
2012-07-31 18:28:34 -------- d-----w- C:\Program Files (x86)\Common Files\BioWare
2012-07-31 16:22:09 -------- d-----w- C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
2012-07-30 20:33:37 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2012-07-30 20:33:37 366592 ----a-w- C:\Windows\System32\qdvd.dll
2012-07-30 18:14:22 -------- d-sh--w- C:\Windows\System32\%APPDATA%
2012-07-30 13:01:05 -------- d-----w- C:\ProgramData\Ironclad Games
2012-07-30 06:00:58 902656 ----a-w- C:\Windows\System32\d2d1.dll
2012-07-30 06:00:58 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2012-07-30 06:00:58 1139200 ----a-w- C:\Windows\System32\FntCache.dll
2012-07-30 05:57:09 -------- d-----w- C:\Users\Ylin päätösvalta\AppData\Roaming\Macromedia
2012-07-30 05:57:09 -------- d-----w- C:\Users\Ylin päätösvalta\AppData\Roaming\Adobe
2012-07-30 05:57:08 -------- d-----w- C:\Users\Ylin päätösvalta\AppData\Roaming\Birdstep Technology
2012-07-30 05:57:03 -------- d-----w- C:\ProgramData\Birdstep Technology
2012-07-30 05:56:54 -------- d-----w- C:\Program Files (x86)\NokiaIcera_4.3.31.8734
2012-07-30 05:56:54 -------- d-----w- C:\HWDrivers
2012-07-30 05:56:53 10240 ----a-w- C:\Windows\SysWow64\drivers\mdvrmng.sys
2012-07-30 05:56:45 -------- d-----w- C:\Program Files (x86)\Mobiililaajakaista
2012-07-30 05:55:55 -------- d-----w- C:\Users\Ylin päätösvalta\AppData\Roaming\Intel Corporation
2012-07-30 05:55:51 -------- d-----r- C:\Users\Ylin päätösvalta\Searches
2012-07-30 05:55:46 -------- d-----w- C:\Users\Ylin päätösvalta\AppData\Roaming\Identities
2012-07-30 05:55:45 -------- d-----r- C:\Users\Ylin päätösvalta\Contacts
2012-07-30 01:15:17 -------- d-----w- C:\Windows\Panther
2012-07-29 20:12:00 -------- d-----w- C:\Windows\SysWow64\Wat
2012-07-29 20:12:00 -------- d-----w- C:\Windows\System32\Wat
2012-07-29 19:54:06 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-29 19:47:10 294912 ----a-w- C:\Windows\System32\browserchoice.exe
2012-07-29 19:42:43 778752 ----a-w- C:\Windows\System32\mssvp.dll
2012-07-29 19:40:22 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-07-29 19:40:22 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-07-29 19:40:21 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-07-29 19:24:17 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-07-29 19:24:17 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-07-29 16:32:17 2621723 ----a-w- C:\Windows\System32\nvcoproc.bin
2012-07-29 16:21:42 -------- d-----w- C:\Program Files (x86)\Steam
2012-07-29 16:21:42 -------- d-----w- C:\Program Files (x86)\Common Files\Steam
2012-07-29 16:20:34 -------- d-----w- C:\NVIDIA
2012-07-29 16:16:41 -------- d-----w- C:\Program Files (x86)\My Company Name
2012-07-29 16:10:04 -------- d-----w- C:\Program Files (x86)\Common Files\Intel Corporation
2012-07-29 16:06:43 -------- d-----w- C:\Program Files (x86)\ASUS
2012-07-29 16:06:29 1359976 ----a-w- C:\Windows\System32\nvhdagenco642040.dll
2012-07-29 16:06:01 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation
2012-07-29 16:05:48 -------- d-----w- C:\ProgramData\NVIDIA Corporation
2012-07-29 16:05:40 1619048 ----a-w- C:\Windows\System32\nvdispco6420140.dll
2012-07-29 16:05:40 1404008 ----a-w- C:\Windows\System32\nvgenco642060.dll
2012-07-29 16:05:29 68928 ----a-w- C:\Windows\System32\OpenCL.dll
2012-07-29 16:05:29 61248 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2012-07-29 16:05:25 15322432 ----a-w- C:\Windows\SysWow64\nvd3dum.dll
2012-07-29 16:05:09 2741568 ----a-w- C:\Windows\System32\nvapi64.dll
2012-07-29 16:05:09 11240 ----a-w- C:\Windows\System32\drivers\nvBridge.kmd
2012-07-29 16:04:51 -------- d-----w- C:\Program Files\NVIDIA Corporation
2012-07-29 15:57:54 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{503E3FA0-5EF0-42D0-AA5C-AB7537969766}\gapaengine.dll
2012-07-29 15:56:45 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-07-29 15:56:45 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-07-29 15:53:09 16152 ----a-w- C:\Windows\System32\drivers\iusb3hcs.sys
2012-07-29 15:52:39 355096 ----a-w- C:\Windows\System32\drivers\iusb3hub.sys
2012-07-29 15:52:37 786200 ----a-w- C:\Windows\System32\drivers\iusb3xhc.sys
2012-07-29 15:51:38 568600 ----a-w- C:\Windows\System32\drivers\iaStor.sys
2012-07-29 15:51:23 1721576 ----a-w- C:\Windows\System32\wdfcoinstaller01009.dll
2012-07-29 15:51:12 15128 ----a-w- C:\Windows\System32\drivers\IntelMEFWVer.dll
2012-07-29 15:50:38 -------- d-sh--w- C:\Windows\Installer
2012-07-29 15:50:35 -------- d-----w- C:\Program Files (x86)\Common Files\postureAgent
2012-07-29 15:50:30 60184 ----a-w- C:\Windows\System32\drivers\HECIx64.sys
2012-07-29 15:50:30 -------- d-----w- C:\Intel
2012-07-29 15:49:46 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-07-29 15:49:45 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-07-29 15:49:45 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-07-29 15:49:45 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-07-29 15:47:55 14952 ----a-w- C:\Windows\System32\RtkCoLDR64.dll
2012-07-29 15:47:54 149608 ----a-w- C:\Windows\System32\RtkCfg64.dll
2012-07-29 15:47:51 1969768 ----a-w- C:\Windows\System32\RtkApi64.dll
2012-07-29 15:47:21 3744872 ----a-w- C:\Windows\System32\RtkAPO64.dll
2012-07-29 15:47:00 2615400 ----a-w- C:\Windows\System32\RtPgEx64.dll
2012-07-29 15:46:46 1247848 ----a-w- C:\Windows\System32\RTCOM64.dll
2012-07-29 15:46:31 1560168 ----a-w- C:\Windows\System32\RTSnMg64.cpl
2012-07-29 15:46:19 4718952 ----a-w- C:\Windows\System32\drivers\RTKVHD64.sys
2012-07-29 15:46:18 375128 ----a-w- C:\Windows\System32\RTEEP64A.dll
2012-07-29 15:46:17 78680 ----a-w- C:\Windows\System32\RTEEG64A.dll
2012-07-29 15:46:17 204120 ----a-w- C:\Windows\System32\RTEED64A.dll
2012-07-29 15:46:17 101208 ----a-w- C:\Windows\System32\RTEEL64A.dll
2012-07-29 15:46:14 310104 ----a-w- C:\Windows\System32\RP3DHT64.dll
2012-07-29 15:46:14 310104 ----a-w- C:\Windows\System32\RP3DAA64.dll
2012-07-29 15:46:13 100456 ----a-w- C:\Windows\System32\RCoInstII64.dll
2012-07-29 15:46:11 2684416 ----a-w- C:\Windows\System32\RCoRes64.dat
2012-07-29 15:44:56 200800 ----a-w- C:\Windows\System32\AERTAC64.dll
2012-07-29 15:08:32 -------- d-sh--w- C:\Recovery
.
==================== Find3M ====================
.
2012-07-29 15:44:47 16896 ----a-w- C:\Windows\AsTaskSched.dll
2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-05-15 09:29:47 889664 ----a-w- C:\Windows\System32\nvvsvc.exe
2012-05-15 09:29:46 63296 ----a-w- C:\Windows\System32\nvshext.dll
2012-05-15 09:29:46 118080 ----a-w- C:\Windows\System32\nvmctray.dll
2012-05-15 09:29:25 3149632 ----a-w- C:\Windows\System32\nvsvc64.dll
2012-05-15 09:28:42 6151488 ----a-w- C:\Windows\System32\nvcpl.dll
2012-05-14 23:21:50 423744 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
.
============= FINISH: 22:03:20,08 ===============
Failsafe
2012-08-05, 21:12
awsMBR log:
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-05 21:56:33
-----------------------------
21:56:33.777 OS Version: Windows x64 6.1.7601 Service Pack 1
21:56:33.777 Number of processors: 4 586 0x3A09
21:56:33.778 ComputerName: BITTIMURSKAAJA UserName:
21:56:33.917 Initialize success
21:58:12.303 AVAST engine defs: 12080501
21:58:46.310 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:58:46.314 Disk 0 Vendor: Corsair_ 5.02 Size: 114473MB BusType: 3
21:58:46.316 Disk 1 \Device\Harddisk1\DR3 -> \Device\Ide\IAAStorageDevice-2
21:58:46.319 Disk 1 Vendor: WDC_WD64 01.0 Size: 610480MB BusType: 3
21:58:46.323 Disk 0 MBR read successfully
21:58:46.326 Disk 0 MBR scan
21:58:46.373 Disk 0 Windows 7 default MBR code
21:58:46.375 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
21:58:46.391 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 114371 MB offset 206848
21:58:46.420 Disk 0 scanning C:\Windows\system32\drivers
21:58:50.621 Service scanning
21:59:01.517 Modules scanning
21:59:01.526 Disk 0 trace - called modules:
21:59:01.534 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
21:59:01.539 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006d44790]
21:59:01.545 3 CLASSPNP.SYS[fffff88001a0143f] -> nt!IofCallDriver -> [0xfffffa8006a44950]
21:59:01.550 5 ACPI.sys[fffff88000edd7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8006d43050]
21:59:01.703 AVAST engine scan C:\Windows
21:59:02.281 AVAST engine scan C:\Windows\system32
22:00:22.917 AVAST engine scan C:\Windows\system32\drivers
22:00:27.658 AVAST engine scan C:\Users\Ylin päätösvalta
22:00:31.882 AVAST engine scan C:\ProgramData
22:00:35.337 Scan finished successfully
22:02:05.628 Disk 0 MBR has been saved successfully to "C:\Users\Mestari\Desktop\MBR.dat"
22:02:05.631 The log file has been saved successfully to "C:\Users\Mestari\Desktop\aswMBR.txt"
:bigthumb:
Malwarebytes found nothing on your external drive. The reason I asked for the other logs is sometimes some people dont format and reinstall properly doing a system repair instead. Your logs look fine, any issues ?
Failsafe
2012-08-05, 21:35
The system runs fine and no issues observed.
Thank you for your help and time! =)
Great :)
How did I get infected in the first place ?
Read these links and find out how to prevent getting infected again.
Tutorial for System Restore (http://www.bleepingcomputer.com/tutorials/tutorial56.html) <-- Do this first to prevent yourself from being reinfected.
WhattheTech (http://forums.whatthetech.com/index.php?showtopic=57817)
Grinler BleepingComputer (http://www.bleepingcomputer.com/forums/topic2520.html)
GeeksTo Go (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)
Dslreports (http://www.dslreports.com/faq/10002)
Safe Surfn
Ken
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.