Results 1 to 10 of 10

Thread: Safety of infected hard drive after formatting

  1. #1
    Junior Member
    Join Date
    Jul 2012
    Posts
    6

    Default Safety of infected hard drive after formatting

    Hi,

    Hope I found the right place for this post...

    Last week my Avira antivirus detected a infection of TR/atraps GEN2 virus on my computer. After trying several different instructions from web sites and suggested removal programs which did not detect anything aside of the original infected files which kept coming back again and again after removal I decided to take backup of my photos and other important documents and format the hard drive.

    I was going to upgrade my hardware anyway so I decided that now is the right time and bought a new computer and now I'm wondering about the safety of the older hard disk which I'd like to add to the new assembly.

    In the old hard disk I had a dual booting Vista/xp-configuration and third partition which contained mostly games and videos. I formatted both OS partitions with the tool from win XP install cd.

    Is it safe to add the old hard drive to my new computer or should I still do something to remove the threats completely? I would think that the partition which did not have boot sectors would be safe from rootkits and therefore possible infections should be found with normal virus scans.

    I'm also a bit concerned about the backups I made to the external hard disk. The backups contained mostly photographs but also some word-documents etc. but no executable files. Will it be safe to plug the external hard drive to my new computer and trust it's cleanness after virus scanning.

    I'm getting overly paranoid over this since the virus was so hard to detect and I certainly do not wish to get infected again.

    Yours,
    Failsafe

  2. #2
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default




    Please read Before You Post
    While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.

    Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.

    Running programs with Vista or Windows 7 , you need to Right Click on the program and select RUN AS ADMINISTATOR



    If the hard drive was formatted and the OS reinstalled it should be ok


    As far as the external drive, you can scan it with Malwarebytes, here are the download site along with instructions, after updating run the FULL scan and make sure your external drive is attached and checked



    Please download Malwarebytes from Here or Here

    • Double-click mbam-setup.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select Perform Full scan, then click Scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Be sure that everything is checked, and click Remove Selected .
    • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
    • Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
    Post the report please
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  3. #3
    Junior Member
    Join Date
    Jul 2012
    Posts
    6

    Default

    The malwarebytes scan result on the external drive:

    ---clip---

    Malwarebytes Anti-Malware 1.62.0.1300
    www.malwarebytes.org

    Database version: v2012.08.05.06

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Ylin päätösvalta :: BITTIMURSKAAJA [administrator]

    5.8.2012 16:39:02
    mbam-log-2012-08-05 (16-39-02).txt

    Scan type: Full scan (E:\|)
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 271783
    Time elapsed: 7 minute(s), 15 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)

    ---clip---

    No detections.

  4. #4
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Read before you post and provide the logs asked for please
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  5. #5
    Junior Member
    Join Date
    Jul 2012
    Posts
    6

    Default

    I'm sorry...I thougth that the DDS/aswMBR logs would not be needed since the original system has been wiped...

    Here are the logs, thank you for your patience.

    DDS log:

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.0
    Run by Ylin päätösvalta at 22:03:08 on 2012-08-05
    Microsoft Windows 7 Professional 6.1.7601.1.1252.358.1033.18.8144.6626 [GMT 3:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    c:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\Mobiililaajakaista\Mobiililaajakaista\BecHelperService.exe
    C:\Program Files\Intel\iCLS Client\HeciServer.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Users\Mestari\Desktop\putty.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    mWinlogon: Userinit=userinit.exe
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    TCP: DhcpNameServer = 192.168.100.1
    TCP: Interfaces\{FDB075D4-6D61-41E4-A069-723BEEBB842C} : DhcpNameServer = 192.168.100.1
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    mRun-x64: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\system32\DRIVERS\iusb3hcs.sys --> C:\Windows\system32\DRIVERS\iusb3hcs.sys [?]
    R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
    R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
    R2 BecHelperService;BecHelperService;C:\Program Files (x86)\Mobiililaajakaista\Mobiililaajakaista\BecHelperService.exe [2012-7-30 1837464]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-7-29 13592]
    R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-2 628448]
    R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2012-7-29 161560]
    R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-7-29 1262400]
    R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-7-29 1153368]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-5-15 382272]
    R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-7-29 363800]
    R3 ICCWDT;Intel(R) Watchdog Timer Driver (Intel(R) WDT);C:\Windows\system32\DRIVERS\ICCWDT.sys --> C:\Windows\system32\DRIVERS\ICCWDT.sys [?]
    R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\iusb3hub.sys --> C:\Windows\system32\DRIVERS\iusb3hub.sys [?]
    R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\system32\DRIVERS\iusb3xhc.sys --> C:\Windows\system32\DRIVERS\iusb3xhc.sys [?]
    R3 MEIx64;Intel(R) Management Engine Interface ;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
    R3 nokia_cs1x_dc_enum;Nokia Internet Stick DC Enumerator;C:\Windows\system32\DRIVERS\nokia_cs1x_dc_enum.sys --> C:\Windows\system32\DRIVERS\nokia_cs1x_dc_enum.sys [?]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate;Google Päivitä-palvelu (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-7-29 136176]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-8-2 250056]
    S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe [2009-12-15 25832]
    S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]
    S3 gupdatem;Google Päivitä-palvelu (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-7-29 136176]
    S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
    S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
    S3 nokia_cs1x_cdc_acm;Nokia Internet Stick CDC-ACM driver;C:\Windows\system32\DRIVERS\nokia_cs1x_cdc_acm.sys --> C:\Windows\system32\DRIVERS\nokia_cs1x_cdc_acm.sys [?]
    S3 nokia_cs1x_cpo;Nokia Internet Stick Mass Storage Device;C:\Windows\system32\DRIVERS\nokia_cs1x_cpo.sys --> C:\Windows\system32\DRIVERS\nokia_cs1x_cpo.sys [?]
    S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    .
    =============== Created Last 30 ================
    .
    2012-08-05 19:03:09 -------- d-----w- C:\Users\Ylin põõt÷svalta\AppData\Local\Microsoft
    2012-08-05 16:25:19 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5E09AD3D-FF56-42C3-88DE-2A11E0250229}\offreg.dll
    2012-08-05 13:37:08 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-08-05 13:37:08 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-08-05 13:00:26 9133488 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5E09AD3D-FF56-42C3-88DE-2A11E0250229}\mpengine.dll
    2012-08-03 09:28:37 9133488 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2012-08-02 05:49:58 772592 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
    2012-08-02 05:47:24 -------- d-----w- C:\Users\Ylin päätösvalta\AppData\Roaming\Malwarebytes
    2012-08-02 05:47:01 -------- d-----w- C:\ProgramData\Malwarebytes
    2012-08-02 05:32:45 -------- d-----w- C:\Windows\System32\appmgmt
    2012-08-02 05:24:08 687600 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2012-08-02 05:18:19 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-08-02 05:18:19 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-08-02 05:17:08 955888 ----a-w- C:\Windows\System32\npDeployJava1.dll
    2012-08-02 05:17:08 839152 ----a-w- C:\Windows\System32\deployJava1.dll
    2012-07-31 19:28:59 -------- d-----w- C:\ProgramData\BioWare
    2012-07-31 18:40:11 -------- d-----w- C:\Windows\1C4551A64743409391E41477CD655043.TMP
    2012-07-31 18:40:06 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
    2012-07-31 18:40:04 -------- d-----w- C:\ProgramData\Media Center Programs
    2012-07-31 18:28:34 -------- d-----w- C:\Program Files (x86)\Dragon Age
    2012-07-31 18:28:34 -------- d-----w- C:\Program Files (x86)\Common Files\BioWare
    2012-07-31 16:22:09 -------- d-----w- C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
    2012-07-30 20:33:37 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
    2012-07-30 20:33:37 366592 ----a-w- C:\Windows\System32\qdvd.dll
    2012-07-30 18:14:22 -------- d-sh--w- C:\Windows\System32\%APPDATA%
    2012-07-30 13:01:05 -------- d-----w- C:\ProgramData\Ironclad Games
    2012-07-30 06:00:58 902656 ----a-w- C:\Windows\System32\d2d1.dll
    2012-07-30 06:00:58 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
    2012-07-30 06:00:58 1139200 ----a-w- C:\Windows\System32\FntCache.dll
    2012-07-30 05:57:09 -------- d-----w- C:\Users\Ylin päätösvalta\AppData\Roaming\Macromedia
    2012-07-30 05:57:09 -------- d-----w- C:\Users\Ylin päätösvalta\AppData\Roaming\Adobe
    2012-07-30 05:57:08 -------- d-----w- C:\Users\Ylin päätösvalta\AppData\Roaming\Birdstep Technology
    2012-07-30 05:57:03 -------- d-----w- C:\ProgramData\Birdstep Technology
    2012-07-30 05:56:54 -------- d-----w- C:\Program Files (x86)\NokiaIcera_4.3.31.8734
    2012-07-30 05:56:54 -------- d-----w- C:\HWDrivers
    2012-07-30 05:56:53 10240 ----a-w- C:\Windows\SysWow64\drivers\mdvrmng.sys
    2012-07-30 05:56:45 -------- d-----w- C:\Program Files (x86)\Mobiililaajakaista
    2012-07-30 05:55:55 -------- d-----w- C:\Users\Ylin päätösvalta\AppData\Roaming\Intel Corporation
    2012-07-30 05:55:51 -------- d-----r- C:\Users\Ylin päätösvalta\Searches
    2012-07-30 05:55:46 -------- d-----w- C:\Users\Ylin päätösvalta\AppData\Roaming\Identities
    2012-07-30 05:55:45 -------- d-----r- C:\Users\Ylin päätösvalta\Contacts
    2012-07-30 01:15:17 -------- d-----w- C:\Windows\Panther
    2012-07-29 20:12:00 -------- d-----w- C:\Windows\SysWow64\Wat
    2012-07-29 20:12:00 -------- d-----w- C:\Windows\System32\Wat
    2012-07-29 19:54:06 3148800 ----a-w- C:\Windows\System32\win32k.sys
    2012-07-29 19:47:10 294912 ----a-w- C:\Windows\System32\browserchoice.exe
    2012-07-29 19:42:43 778752 ----a-w- C:\Windows\System32\mssvp.dll
    2012-07-29 19:40:22 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
    2012-07-29 19:40:22 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
    2012-07-29 19:40:21 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
    2012-07-29 19:24:17 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
    2012-07-29 19:24:17 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
    2012-07-29 16:32:17 2621723 ----a-w- C:\Windows\System32\nvcoproc.bin
    2012-07-29 16:21:42 -------- d-----w- C:\Program Files (x86)\Steam
    2012-07-29 16:21:42 -------- d-----w- C:\Program Files (x86)\Common Files\Steam
    2012-07-29 16:20:34 -------- d-----w- C:\NVIDIA
    2012-07-29 16:16:41 -------- d-----w- C:\Program Files (x86)\My Company Name
    2012-07-29 16:10:04 -------- d-----w- C:\Program Files (x86)\Common Files\Intel Corporation
    2012-07-29 16:06:43 -------- d-----w- C:\Program Files (x86)\ASUS
    2012-07-29 16:06:29 1359976 ----a-w- C:\Windows\System32\nvhdagenco642040.dll
    2012-07-29 16:06:01 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation
    2012-07-29 16:05:48 -------- d-----w- C:\ProgramData\NVIDIA Corporation
    2012-07-29 16:05:40 1619048 ----a-w- C:\Windows\System32\nvdispco6420140.dll
    2012-07-29 16:05:40 1404008 ----a-w- C:\Windows\System32\nvgenco642060.dll
    2012-07-29 16:05:29 68928 ----a-w- C:\Windows\System32\OpenCL.dll
    2012-07-29 16:05:29 61248 ----a-w- C:\Windows\SysWow64\OpenCL.dll
    2012-07-29 16:05:25 15322432 ----a-w- C:\Windows\SysWow64\nvd3dum.dll
    2012-07-29 16:05:09 2741568 ----a-w- C:\Windows\System32\nvapi64.dll
    2012-07-29 16:05:09 11240 ----a-w- C:\Windows\System32\drivers\nvBridge.kmd
    2012-07-29 16:04:51 -------- d-----w- C:\Program Files\NVIDIA Corporation
    2012-07-29 15:57:54 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{503E3FA0-5EF0-42D0-AA5C-AB7537969766}\gapaengine.dll
    2012-07-29 15:56:45 -------- d-----w- C:\Program Files\Microsoft Security Client
    2012-07-29 15:56:45 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
    2012-07-29 15:53:09 16152 ----a-w- C:\Windows\System32\drivers\iusb3hcs.sys
    2012-07-29 15:52:39 355096 ----a-w- C:\Windows\System32\drivers\iusb3hub.sys
    2012-07-29 15:52:37 786200 ----a-w- C:\Windows\System32\drivers\iusb3xhc.sys
    2012-07-29 15:51:38 568600 ----a-w- C:\Windows\System32\drivers\iaStor.sys
    2012-07-29 15:51:23 1721576 ----a-w- C:\Windows\System32\wdfcoinstaller01009.dll
    2012-07-29 15:51:12 15128 ----a-w- C:\Windows\System32\drivers\IntelMEFWVer.dll
    2012-07-29 15:50:38 -------- d-sh--w- C:\Windows\Installer
    2012-07-29 15:50:35 -------- d-----w- C:\Program Files (x86)\Common Files\postureAgent
    2012-07-29 15:50:30 60184 ----a-w- C:\Windows\System32\drivers\HECIx64.sys
    2012-07-29 15:50:30 -------- d-----w- C:\Intel
    2012-07-29 15:49:46 2622464 ----a-w- C:\Windows\System32\wucltux.dll
    2012-07-29 15:49:45 99840 ----a-w- C:\Windows\System32\wudriver.dll
    2012-07-29 15:49:45 36864 ----a-w- C:\Windows\System32\wuapp.exe
    2012-07-29 15:49:45 186752 ----a-w- C:\Windows\System32\wuwebv.dll
    2012-07-29 15:47:55 14952 ----a-w- C:\Windows\System32\RtkCoLDR64.dll
    2012-07-29 15:47:54 149608 ----a-w- C:\Windows\System32\RtkCfg64.dll
    2012-07-29 15:47:51 1969768 ----a-w- C:\Windows\System32\RtkApi64.dll
    2012-07-29 15:47:21 3744872 ----a-w- C:\Windows\System32\RtkAPO64.dll
    2012-07-29 15:47:00 2615400 ----a-w- C:\Windows\System32\RtPgEx64.dll
    2012-07-29 15:46:46 1247848 ----a-w- C:\Windows\System32\RTCOM64.dll
    2012-07-29 15:46:31 1560168 ----a-w- C:\Windows\System32\RTSnMg64.cpl
    2012-07-29 15:46:19 4718952 ----a-w- C:\Windows\System32\drivers\RTKVHD64.sys
    2012-07-29 15:46:18 375128 ----a-w- C:\Windows\System32\RTEEP64A.dll
    2012-07-29 15:46:17 78680 ----a-w- C:\Windows\System32\RTEEG64A.dll
    2012-07-29 15:46:17 204120 ----a-w- C:\Windows\System32\RTEED64A.dll
    2012-07-29 15:46:17 101208 ----a-w- C:\Windows\System32\RTEEL64A.dll
    2012-07-29 15:46:14 310104 ----a-w- C:\Windows\System32\RP3DHT64.dll
    2012-07-29 15:46:14 310104 ----a-w- C:\Windows\System32\RP3DAA64.dll
    2012-07-29 15:46:13 100456 ----a-w- C:\Windows\System32\RCoInstII64.dll
    2012-07-29 15:46:11 2684416 ----a-w- C:\Windows\System32\RCoRes64.dat
    2012-07-29 15:44:56 200800 ----a-w- C:\Windows\System32\AERTAC64.dll
    2012-07-29 15:08:32 -------- d-sh--w- C:\Recovery
    .
    ==================== Find3M ====================
    .
    2012-07-29 15:44:47 16896 ----a-w- C:\Windows\AsTaskSched.dll
    2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll
    2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
    2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
    2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
    2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
    2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
    2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
    2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
    2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
    2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
    2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
    2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
    2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
    2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
    2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
    2012-05-15 09:29:47 889664 ----a-w- C:\Windows\System32\nvvsvc.exe
    2012-05-15 09:29:46 63296 ----a-w- C:\Windows\System32\nvshext.dll
    2012-05-15 09:29:46 118080 ----a-w- C:\Windows\System32\nvmctray.dll
    2012-05-15 09:29:25 3149632 ----a-w- C:\Windows\System32\nvsvc64.dll
    2012-05-15 09:28:42 6151488 ----a-w- C:\Windows\System32\nvcpl.dll
    2012-05-14 23:21:50 423744 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
    .
    ============= FINISH: 22:03:20,08 ===============

  6. #6
    Junior Member
    Join Date
    Jul 2012
    Posts
    6

    Default

    awsMBR log:

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-08-05 21:56:33
    -----------------------------
    21:56:33.777 OS Version: Windows x64 6.1.7601 Service Pack 1
    21:56:33.777 Number of processors: 4 586 0x3A09
    21:56:33.778 ComputerName: BITTIMURSKAAJA UserName:
    21:56:33.917 Initialize success
    21:58:12.303 AVAST engine defs: 12080501
    21:58:46.310 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    21:58:46.314 Disk 0 Vendor: Corsair_ 5.02 Size: 114473MB BusType: 3
    21:58:46.316 Disk 1 \Device\Harddisk1\DR3 -> \Device\Ide\IAAStorageDevice-2
    21:58:46.319 Disk 1 Vendor: WDC_WD64 01.0 Size: 610480MB BusType: 3
    21:58:46.323 Disk 0 MBR read successfully
    21:58:46.326 Disk 0 MBR scan
    21:58:46.373 Disk 0 Windows 7 default MBR code
    21:58:46.375 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
    21:58:46.391 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 114371 MB offset 206848
    21:58:46.420 Disk 0 scanning C:\Windows\system32\drivers
    21:58:50.621 Service scanning
    21:59:01.517 Modules scanning
    21:59:01.526 Disk 0 trace - called modules:
    21:59:01.534 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
    21:59:01.539 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006d44790]
    21:59:01.545 3 CLASSPNP.SYS[fffff88001a0143f] -> nt!IofCallDriver -> [0xfffffa8006a44950]
    21:59:01.550 5 ACPI.sys[fffff88000edd7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8006d43050]
    21:59:01.703 AVAST engine scan C:\Windows
    21:59:02.281 AVAST engine scan C:\Windows\system32
    22:00:22.917 AVAST engine scan C:\Windows\system32\drivers
    22:00:27.658 AVAST engine scan C:\Users\Ylin päätösvalta
    22:00:31.882 AVAST engine scan C:\ProgramData
    22:00:35.337 Scan finished successfully
    22:02:05.628 Disk 0 MBR has been saved successfully to "C:\Users\Mestari\Desktop\MBR.dat"
    22:02:05.631 The log file has been saved successfully to "C:\Users\Mestari\Desktop\aswMBR.txt"

  7. #7
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default



    Malwarebytes found nothing on your external drive. The reason I asked for the other logs is sometimes some people dont format and reinstall properly doing a system repair instead. Your logs look fine, any issues ?
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  8. #8
    Junior Member
    Join Date
    Jul 2012
    Posts
    6

    Thumbs up

    The system runs fine and no issues observed.

    Thank you for your help and time! =)

  9. #9
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Great




    Safe Surfn
    Ken
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  10. #10
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •