Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Help needed

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Help needed

Unread postby durden83 » October 11th, 2012, 10:32 am

Hi,
I noticed some strange programs behaviours on my Pc. Sometimes they run without me giving commands, or they stop working...
This is my DDs log:


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Daniele at 13:25:50 on 2012-10-08
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.39.1040.18.4092.2034 [GMT 2:00]
.
AV: Kaspersky Internet Security *Enabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
SP: Kaspersky Internet Security *Enabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security *Enabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
C:\Windows\SysWOW64\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Users\Daniele\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler.exe
C:\Users\Daniele\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler64.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\taskeng.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Users\Daniele\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Daniele\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Daniele\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Daniele\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Daniele\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Daniele\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Daniele\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Daniele\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtblfs.exe
C:\Users\Daniele\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Daniele\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
C:\Windows\splwow64.exe
C:\Users\Daniele\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.babylon.com/?affID=109986 ... 22688f2702
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Guida per l'accesso a Windows Live ID: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
uRun: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [Google Update] "C:\Users\Daniele\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [AdobeBridge]
uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [HPCam_Menu] "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam"
mRun: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
mRun: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
uPolicies-system: WallpaperStyle = 2
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
dPolicies-system: WallpaperStyle = 2
IE: Aggiungi ad Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm
IE: E&sporta in Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{DF091CE3-5C51-410C-8B83-001318138050} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{DF091CE3-5C51-410C-8B83-001318138050}\C696E6B6379737 : DhcpNameServer = 192.168.0.11 192.168.0.190
TCP: Interfaces\{F0614F53-470D-4844-9F16-17940AB5374E} : DhcpNameServer = 192.168.0.11 192.168.0.190
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
SEH: EasyBits ShellExecute Hook: {e54729e8-bb3d-4270-9d49-7389ea579090} - C:\Windows\SysWow64\EZUPBH~1.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
{9030D464-4C02-4ABF-8ECC-5164760863C6}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
{E33CF602-D945-461A-83F0-819F76A199F8}
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [HPCam_Menu] "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam"
mRun-x64: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun-x64: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
mRun-x64: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
mRun-x64: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun-x64: [(Predefinito)]
mRun-x64: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
SEH-X64: {E54729E8-BB3D-4270-9D49-7389EA579090}: EasyBits Security Shield Hook - prevents launching insecure programs by kids
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 kl2;kl2;C:\Windows\system32\DRIVERS\kl2.sys --> C:\Windows\system32\DRIVERS\kl2.sys [?]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys --> C:\Windows\system32\DRIVERS\klim6.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-9-30 169408]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [2009-3-2 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AVP;Servizio Kaspersky Anti-Virus;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe [2011-4-24 202296]
R2 ezSharedSvc;Easybits Shared Services for Windows;C:\Windows\system32\svchost.exe -k netsvcs [2009-7-14 20992]
R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]
R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-8-28 228408]
R3 enecir;ENE CIR Receiver;C:\Windows\system32\DRIVERS\enecir.sys --> C:\Windows\system32\DRIVERS\enecir.sys [?]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\system32\DRIVERS\klmouflt.sys --> C:\Windows\system32\DRIVERS\klmouflt.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Servizio Google Update (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-7-10 116648]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-3 160944]
S3 gupdatem;Servizio Google Update (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-7-10 116648]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Servizio Windows Activation Technologies;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
.
=============== Created Last 30 ================
.
2012-10-08 10:36:30 -------- d-----w- C:\Users\Daniele\AppData\Local\{D56D344E-B35D-4332-B4B6-C0A7B9121875}
2012-10-08 10:17:36 -------- d-----w- C:\Users\Daniele\AppData\Local\{727CC052-E444-438A-A887-ED9A8D5BC171}
2012-10-08 02:13:23 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9739F3D0-693D-4218-891D-75542C8D5C51}\offreg.dll
2012-10-07 17:55:19 -------- d-----w- C:\Users\Daniele\AppData\Local\{58DF81FF-2143-44BE-8CD5-3AB5FB51CA57}
2012-10-06 15:51:32 -------- d-----w- C:\Users\Daniele\AppData\Local\{C49D85D5-EEE4-44FE-B7AA-78E93F0212EA}
2012-10-05 23:30:22 -------- d-----w- C:\Users\Daniele\AppData\Local\{AB7B4B32-BF52-4501-9736-7073C18B096C}
2012-10-05 10:45:36 -------- d-----w- C:\Users\Daniele\AppData\Local\{D362C4B2-63F4-45B6-B0FD-8A017548C7A8}
2012-10-05 10:43:13 9308616 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9739F3D0-693D-4218-891D-75542C8D5C51}\mpengine.dll
2012-10-04 13:18:31 -------- d-----w- C:\Users\Daniele\AppData\Local\{5D26B4CA-28EA-4F54-AB88-42C23B2EE2C2}
2012-10-03 12:50:28 -------- d-----w- C:\Users\Daniele\AppData\Local\{803D7A1E-BE76-47E1-B09C-5610F8B323AF}
2012-10-02 22:17:55 -------- d-----w- C:\Users\Daniele\AppData\Local\{81880A0F-7EE7-4D46-8813-2C1EC2007EAE}
2012-10-02 12:31:52 -------- d-----w- C:\Users\Daniele\AppData\Local\{4FA4CAF4-DFC1-458B-A1FB-2FD174D80781}
2012-10-01 13:25:42 -------- d-----w- C:\Users\Daniele\AppData\Local\{117D0D45-1890-4A74-A7D9-471EEC4CF3FD}
2012-09-30 14:49:26 -------- d-----w- C:\Users\Daniele\AppData\Local\{6026E1B2-F00D-4AAF-8754-CCE6A152D3C4}
2012-09-30 02:48:56 -------- d-----w- C:\Users\Daniele\AppData\Local\{18D63E0D-294E-478B-8889-F1C973F007D1}
2012-09-29 13:38:58 -------- d-----w- C:\Users\Daniele\AppData\Local\{B65EDF60-F82E-4A6D-B966-D7C15A775867}
2012-09-28 14:06:33 -------- d-----w- C:\Users\Daniele\AppData\Local\{16D291B1-0A19-459E-A654-3EC80CD31A2F}
2012-09-28 02:06:06 -------- d-----w- C:\Users\Daniele\AppData\Local\{845E25E9-5CB4-4D2A-BFB6-4D0368CCA3D4}
2012-09-27 13:01:21 -------- d-----w- C:\Users\Daniele\AppData\Local\{F63EF44B-10D2-4C30-AFF7-0C91220C5B0C}
2012-09-26 15:06:27 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe
2012-09-25 06:45:06 -------- d-----w- C:\Users\Daniele\AppData\Local\{5713AB65-5A06-4FAA-BD97-EEE2E6341B7E}
2012-09-24 12:59:08 -------- d-----w- C:\Users\Daniele\AppData\Local\{7997DFE4-5485-428D-B013-99A0E382D738}
2012-09-24 00:58:39 -------- d-----w- C:\Users\Daniele\AppData\Local\{24F4DB28-28E1-491A-9E08-4AE3DE3D17CA}
2012-09-22 00:27:23 -------- d-----w- C:\Users\Daniele\AppData\Local\{0F3A613A-A573-4D8D-8A59-593DA875C2FF}
2012-09-21 11:56:18 -------- d-----w- C:\Users\Daniele\AppData\Local\{438A6DFC-77C7-4B74-B3D3-671D85AAF4CB}
2012-09-20 07:51:44 -------- d-----w- C:\Users\Daniele\AppData\Local\{C504D3BC-4D51-440F-9B4E-CFA4641D4E25}
2012-09-19 15:48:47 -------- d-----w- C:\Users\Daniele\AppData\Local\{A20B6B6C-9C60-4D99-A2A7-6956307CFDA6}
2012-09-19 00:13:35 -------- d-----w- C:\Users\Daniele\AppData\Local\{9DB3E3CA-E578-4AE0-BB77-039DBD7718EA}
2012-09-18 23:56:38 -------- d-----w- C:\Users\Daniele\AppData\Local\{AB42241C-0729-46CD-846D-5715142D43D6}
2012-09-18 06:58:06 -------- d-----w- C:\Users\Daniele\AppData\Local\{54F2F412-23BA-4F14-B808-2AE508C13687}
2012-09-17 11:18:41 -------- d-----w- C:\Users\Daniele\AppData\Local\{83477EE6-40AB-4F8D-8F78-9767634B24D4}
2012-09-16 15:07:20 -------- d-----w- C:\Users\Daniele\AppData\Local\{422D1CBF-CCB2-470F-88F9-9DBE032E98D0}
2012-09-16 01:52:17 -------- d-----w- C:\Users\Daniele\AppData\Local\{B73854F2-2D7A-4A71-B26E-B68172EC2BA0}
2012-09-15 13:50:09 -------- d-----w- C:\Users\Daniele\AppData\Local\{64FCC32D-802E-4A3A-A29E-E6BECE2F65DC}
2012-09-15 01:48:02 -------- d-----w- C:\Users\Daniele\AppData\Local\{141AB4F4-1903-4068-8064-61287AA8C773}
2012-09-14 13:33:03 -------- d-----w- C:\Users\Daniele\AppData\Local\{4071762A-25BE-406E-AE33-AF4CCF016ACC}
2012-09-14 01:32:31 -------- d-----w- C:\Users\Daniele\AppData\Local\{DCAD3E2F-79A4-47A5-9C59-058ABDEFA176}
2012-09-13 11:24:08 -------- d-----w- C:\Users\Daniele\AppData\Local\{66327CE4-A043-4013-94C7-CED9A749EE08}
2012-09-12 21:46:21 -------- d-----w- C:\Users\Daniele\AppData\Local\{5DA63BEC-EAA3-4DCE-9160-35D9D211DB9F}
2012-09-12 11:58:34 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
2012-09-12 11:58:33 41472 ----a-w- C:\Windows\System32\drivers\RNDISMP.sys
2012-09-12 11:58:32 574464 ----a-w- C:\Windows\System32\d3d10level9.dll
2012-09-12 11:58:32 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
2012-09-12 11:58:31 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-09-12 11:58:30 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
2012-09-12 11:58:30 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-09-12 09:45:55 -------- d-----w- C:\Users\Daniele\AppData\Local\{48F72BFE-0484-429C-829F-B12C4CB2BC02}
2012-09-11 19:21:08 -------- d-----w- C:\Users\Daniele\AppData\Local\{1AF01E2C-503B-43C0-A21D-EFF0F4008240}
2012-09-11 07:01:17 -------- d-----w- C:\Users\Daniele\AppData\Local\{388EA1DA-D5EE-4DAB-BBB3-3A6A042A5DDB}
2012-09-10 12:43:07 -------- d-----w- C:\Users\Daniele\AppData\Local\{06603441-FED8-4620-8643-BCF3E5623046}
2012-09-10 00:41:46 -------- d-----w- C:\Users\Daniele\AppData\Local\{02BFBC87-EEBF-43EB-969E-569A80AEA5BE}
2012-09-09 03:55:47 -------- d-----w- C:\Users\Daniele\AppData\Local\{7ED3ACD2-2480-4C31-A665-9BD5732762B8}
2012-09-08 15:55:17 -------- d-----w- C:\Users\Daniele\AppData\Local\{236EFA7E-1689-4664-8A73-08B64FBDD19C}
2012-09-08 15:15:45 -------- d-----w- C:\Users\Daniele\AppData\Local\{7F3E8A32-D213-404E-AEFC-F7C051359207}
.
==================== Find3M ====================
.
2012-08-28 18:24:56 477168 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2012-08-28 18:24:53 473072 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys
.
============= FINISH: 13:26:59,33 ===============
durden83
Regular Member
 
Posts: 44
Joined: October 3rd, 2011, 9:19 am
Advertisement
Register to Remove

Re: Help needed

Unread postby Cypher » October 11th, 2012, 12:40 pm

Duplicate topic
This topic is a duplicate of the original post...the original topic, will be left open.


This topic has been closed.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 44 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware