Results 1 to 10 of 38

Thread: I have a rootkit problem PLEASE HELP

Hybrid View

Previous Post Previous Post   Next Post Next Post
  1. #1
    Junior Member
    Join Date
    Aug 2013
    Posts
    23

    Exclamation I have a rootkit problem PLEASE HELP

    i am sory if the topic is irrelevent with there or opened somewhere before me.Yesterday i was searching my computer for rootkits and program found a invisible folder and i deleted it then i searched the computer again for rootkits and it found the folder again. I seached computer 3-4 times and deleted same folder/file everytime but it still find that folder for my every search. would please someone help me for this problem ?

    Ads?z.jpg


    Edit

    "BEFORE You POST"(Please read this Procedure Before Requesting Assistance)
    Last edited by tashi; 2014-04-06 at 17:57. Reason: Added link to FAQ

  2. #2
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    Please back up your registry!

    • Download ERUNT The Emergency Recovery Utility NT Registry Backup and Restore for Windows NT/2000/2003/XP/Vista

    NOTE: Installing ERUNT may also install the "registry optimization tool" "NTREGOPT" by default. Please do NOT run NTREGOPT.

    • Save ERUNT to your desktop. Run and install this program.
    • In the box that opens ONLY choose "System registry"
    • Click OK.
    • Click save and then go to File > Exit.

    This is so the registry can be restored to this point if we need it.

    If you cannot use ERUNT or it doesn't support your operating system please let us know in your first post which should include the
    DDS and aswMBR logs so the responder can link you to a different backup utility.

    Instruction for producing the DDS and aswMBR logs

    DDS Log


    Download to your desktop DDS from one of the links below:

    Link 1
    Link 2

    • Double click the tool to run it.
    • If a black Screen opens, just read the contents and do nothing.
    • When the tool finishes, it will open 2 reports, DDS.txt and attach.txt
    • Copy/Paste the contents of 'DDS.txt' into your post. Please do not use code wrap.
    • 'attach.txt' should be zipped using Windows native zip utility and attached to your post. Compress and uncompress files (zip files)


    aswMBR Log

    Important! Please do not perform any fix options offered in aswMBR

    Please download aswMBR to your desktop.


    • Double click the aswMBR icon to run it.
    • Click the Scan button to start scan.
    • If you are asked to update the Avast Virus database please allow it to do so.
    • When it finishes, press the Save Log button, save the logfile to your desktop and post its contents in your reply with the DDS logs.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  3. #3
    Junior Member
    Join Date
    Aug 2013
    Posts
    23

    Default

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 11.0.9600.16521
    Run by ESMEN at 17:22:41 on 2014-04-06
    Microsoft Windows 7 Ultimate 6.1.7601.1.1254.90.1033.18.4095.1545 [GMT 3:00]
    .
    AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
    SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
    FW: avast! Antivirus *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\Windows\system32\atieclxx.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
    C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
    C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
    C:\Users\ESMEN\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\viakaraokesrv.exe
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\WUDFHost.exe
    C:\Program Files\AVAST Software\Avast\afwServ.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\system32\svchost.exe -k HPService
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\AUDIODG.EXE
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = www.bing.com
    uSearch Bar = www.bing.com
    uSearch Page = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
    mWinlogon: Userinit = userinit.exe
    BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
    BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
    BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
    StartupFolder: C:\Users\ESMEN\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\ESMEN\AppData\Roaming\Dropbox\bin\Dropbox.exe
    StartupFolder: C:\Users\ESMEN\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: Bütün Bağlantıları IDM ile İndir - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
    IE: IDM ile İndir - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
    IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    .
    INFO: HKCU has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    .
    INFO: HKLM has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    TCP: NameServer = 192.168.1.1 0.0.0.0
    TCP: Interfaces\{B9241E59-CE1F-4AE9-A4C9-D798E8DE8C47} : NameServer = 213.74.0.1,213.74.1.1
    TCP: Interfaces\{B9241E59-CE1F-4AE9-A4C9-D798E8DE8C47} : DHCPNameServer = 192.168.1.1 0.0.0.0
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    Notify: SDWinLogon - SDWinLogon.dll
    SSODL: WebCheck - <orphaned>
    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    x64-BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll
    x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
    x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
    x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
    x64-Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
    x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    .
    INFO: x64-HKLM has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-SSODL: WebCheck - <orphaned>
    x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 aswNdisFlt;Avast! Firewall Driver;C:\Windows\System32\drivers\aswNdisFlt.sys [2014-4-6 445304]
    R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2014-1-28 65776]
    R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2014-1-28 208928]
    R1 aswKbd;aswKbd;C:\Windows\System32\drivers\aswKbd.sys [2014-1-28 28184]
    R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2014-1-28 1039096]
    R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2014-1-28 423240]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-4-20 203776]
    R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2014-1-28 79184]
    R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-4-6 50344]
    R2 avast! Firewall;avast! Firewall;C:\Program Files\AVAST Software\Avast\afwServ.exe [2014-4-6 109048]
    R2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-3-3 1363584]
    R2 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-3-3 1748608]
    R2 IDMWFP;IDMWFP;C:\Windows\System32\drivers\idmwfp.sys [2014-2-5 175480]
    R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2014-4-5 3921880]
    R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2014-4-5 1042272]
    R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2014-4-5 171416]
    R2 VIAKaraokeService;VIA Karaoke digital mixer Service;C:\Windows\System32\ViakaraokeSrv.exe [2013-12-8 27768]
    R3 aswStm;aswStm;C:\Windows\System32\drivers\aswStm.sys [2014-1-28 84816]
    R3 Atc002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;C:\Windows\System32\drivers\l260x64.sys [2009-6-10 34304]
    R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-7-5 96256]
    R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\drivers\viahduaa.sys [2013-12-8 2210376]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
    S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-3-12 111616]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-12-7 19456]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-2-13 56832]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
    S3 WatAdminSvc;Windows Etkinleştirme Teknolojileri Hizmeti;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-12-9 1255736]
    SUnknown tsusbhub;tsusbhub; [x]
    .
    =============== Created Last 30 ================
    .
    2014-04-06 11:03:49 43152 ----a-w- C:\Windows\avastSS.scr
    2014-04-06 11:03:38 445304 ----a-w- C:\Windows\System32\drivers\aswNdisFlt.sys
    2014-04-06 10:49:56 -------- d-----w- C:\Windows\jumpshot.com
    2014-04-05 16:40:06 21040 ----a-w- C:\Windows\System32\sdnclean64.exe
    2014-04-05 16:39:59 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
    2014-04-05 16:39:31 -------- d-----w- C:\Users\ESMEN\AppData\Local\Programs
    2014-04-04 18:47:21 -------- d-----w- C:\Program Files (x86)\Internet Download Manager
    2014-04-04 09:31:45 10521840 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F07518CE-61E8-4777-862B-43057141AABF}\mpengine.dll
    2014-03-27 16:21:50 -------- d-----w- C:\Users\ESMEN\AppData\Roaming\The Creative Assembly
    2014-03-27 16:04:40 -------- d-----w- C:\Program Files (x86)\Napoleon Total War
    2014-03-12 19:35:49 228864 ----a-w- C:\Windows\System32\wwansvc.dll
    2014-03-12 19:35:21 484864 ----a-w- C:\Windows\System32\wer.dll
    2014-03-12 19:35:21 381440 ----a-w- C:\Windows\SysWow64\wer.dll
    2014-03-12 19:32:32 624128 ----a-w- C:\Windows\System32\qedit.dll
    2014-03-12 19:32:32 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
    2014-03-12 19:32:04 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
    2014-03-12 19:32:04 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
    2014-03-09 11:08:49 -------- d-----r- C:\Users\ESMEN\Dropbox
    2014-03-09 11:07:58 -------- d-----w- C:\Users\ESMEN\AppData\Roaming\DropboxMaster
    2014-03-09 11:06:58 -------- d-----w- C:\Users\ESMEN\AppData\Roaming\Dropbox
    .
    ==================== Find3M ====================
    .
    2014-04-06 11:03:50 84816 ----a-w- C:\Windows\System32\drivers\aswStm.sys
    2014-04-06 11:03:50 79184 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
    2014-04-06 11:03:50 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
    2014-04-06 11:03:50 208928 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
    2014-04-06 11:03:50 1039096 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
    2014-04-06 11:03:49 93568 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
    2014-04-06 11:03:42 28184 ----a-w- C:\Windows\System32\drivers\aswKbd.sys
    2014-03-14 07:30:04 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2014-03-14 07:30:04 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2014-03-01 05:17:02 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
    2014-03-01 05:16:26 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
    2014-03-01 04:52:55 66048 ----a-w- C:\Windows\System32\iesetup.dll
    2014-03-01 04:51:59 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
    2014-03-01 04:33:52 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
    2014-03-01 04:33:34 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
    2014-03-01 04:32:59 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
    2014-03-01 04:23:49 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
    2014-03-01 04:11:20 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2014-03-01 03:54:33 5768704 ----a-w- C:\Windows\System32\jscript9.dll
    2014-03-01 03:52:43 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
    2014-03-01 03:51:53 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
    2014-03-01 03:38:26 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2014-03-01 03:37:35 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
    2014-03-01 03:35:11 2041856 ----a-w- C:\Windows\System32\inetcpl.cpl
    2014-03-01 03:14:15 4244480 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2014-03-01 03:10:28 2334208 ----a-w- C:\Windows\System32\wininet.dll
    2014-03-01 03:00:08 1964032 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2014-03-01 02:32:16 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
    2014-02-19 17:09:47 419840 ----a-w- C:\Windows\System32\systemcpl.dll
    2014-02-19 17:09:47 14848 ----a-w- C:\Windows\System32\slwga.dll
    2014-02-19 17:09:47 13824 ----a-w- C:\Windows\SysWow64\slwga.dll
    2014-02-07 01:23:30 3156480 ----a-w- C:\Windows\System32\win32k.sys
    2014-01-09 02:22:42 5694464 ----a-w- C:\Windows\SysWow64\mstscax.dll
    .
    ============= FINISH: 17:23:01,06 ===============
    Attached Files Attached Files

  4. #4
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    aswMBR Log?
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  5. #5
    Junior Member
    Join Date
    Aug 2013
    Posts
    23

    Default

    aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
    Run date: 2014-04-06 19:02:03
    -----------------------------
    19:02:03.848 OS Version: Windows x64 6.1.7601 Service Pack 1
    19:02:03.848 Number of processors: 4 586 0x170A
    19:02:03.849 ComputerName: ESMEN-PC UserName: ESMEN
    19:02:05.079 Initialize success
    19:02:08.291 AVAST engine defs: 14040600
    19:02:10.610 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
    19:02:10.613 Disk 0 Vendor: ST3500418AS CC37 Size: 476940MB BusType: 3
    19:02:10.680 Disk 0 MBR read successfully
    19:02:10.682 Disk 0 MBR scan
    19:02:10.686 Disk 0 Windows 7 default MBR code
    19:02:10.697 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 1024 MB offset 2048
    19:02:10.711 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 251299 MB offset 2099200
    19:02:10.733 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 224615 MB offset 516759552
    19:02:10.772 Disk 0 scanning C:\Windows\system32\drivers
    19:02:19.015 Service scanning
    19:02:33.578 Modules scanning
    19:02:33.586 Disk 0 trace - called modules:
    19:02:33.599 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS intelide.sys PCIIDEX.SYS hal.dll atapi.sys
    19:02:33.606 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004a44060]
    19:02:33.611 3 CLASSPNP.SYS[fffff8800141743f] -> nt!IofCallDriver -> [0xfffffa80047cf520]
    19:02:33.618 5 ACPI.sys[fffff88000edd7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa80047d0680]
    19:02:34.918 AVAST engine scan C:\Windows
    19:02:36.417 AVAST engine scan C:\Windows\system32
    19:05:33.396 AVAST engine scan C:\Windows\system32\drivers
    19:05:56.830 AVAST engine scan C:\Users\ESMEN
    19:10:42.535 AVAST engine scan C:\ProgramData
    19:11:05.305 Scan finished successfully
    19:11:39.490 Disk 0 MBR has been saved successfully to "C:\Users\ESMEN\Desktop\MBR.dat"
    19:11:39.496 The log file has been saved successfully to "C:\Users\ESMEN\Desktop\aswMBR.txt"

  6. #6
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)
    There are 6 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click and choose Run as Admin
    You only need to get one of them to run, not all of them.
    1. rkill.exe
    2. rkill.com
    3. rkill.scr
    4. rkill.pif
    5. WiNlOgOn.exe
    6. uSeRiNiT.exe


    ********************

    Please download Farbar Recovery Scan Tool

    (use correct version for your system.....Which system am I using?)
    and Tutorial http://www.geekstogo.com/forum/topic...ery-scan-tool/



    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
    • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will produce a log called FRST.txt in the same directory the tool is run from.
    • Please copy and paste log back here.
    • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •