Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

SASA and Obrona Virus (Windows 7)

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

SASA and Obrona Virus (Windows 7)

Unread postby Lytn » February 11th, 2015, 11:34 pm

Hi! My computer has been infected for several months and im in need of help! :(

ADDITIONAL INFO:
I have a bootcamped mac. So, I am running windows 7 OS on a Mac; but, I have a separate hard drive on my different OS's

LOGS:

dds.txt:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17631
Run by Layton at 19:21:15 on 2015-02-11
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8131.4532 [GMT -8:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus *Enabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\AVAST Software\Avast\afwServ.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\AppleOSSMgr.exe
C:\Windows\system32\AppleTimeSrv.exe
C:\Program Files (x86)\MyPC Backup\BackupStack.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Layton\AppData\Local\Temp\nsmB146.tmp\PEV.DAT
C:\Windows\system32\taskmgr.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = http://www.google.com
uProxyServer = hxxp=127.0.0.1:9880;https=127.0.0.1:9880
uProxyOverride = <local>
mWinlogon: Userinit = userinit.exe,
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
uRun: [GoogleChromeAutoLaunch_EE792AE7BDAB1C7CE592FEF3B4C9ADC5] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [BrowserSafeguard] "C:\Program Files (x86)\Browsersafeguard\BrowserSafeguard.exe"
mRun: [Adobe Creative Cloud] "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
dRunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
StartupFolder: C:\Users\Layton\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MYPCBA~1.LNK - C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: NameServer = 192.168.0.1 205.171.2.25
TCP: Interfaces\{1871E57E-CF79-47E6-97E3-33EF09FBE47C} : DHCPNameServer = 192.168.0.1 205.171.2.25
TCP: Interfaces\{1871E57E-CF79-47E6-97E3-33EF09FBE47C}\3456E647572797C496E6B603738393 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{1871E57E-CF79-47E6-97E3-33EF09FBE47C}\3456E647572797C496E6B613333313 : DHCPNameServer = 192.168.0.1 205.171.2.25
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Run: [Apple_KbdMgr] C:\Program Files\Boot Camp\Bootcamp.exe
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 AppleHFS;AppleHFS;C:\Windows\System32\drivers\AppleHFS.sys [2013-1-16 73016]
R0 AppleMNT;AppleMNT;C:\Windows\System32\drivers\AppleMNT.sys [2013-1-16 16696]
R0 aswNdisFlt;Avast! Firewall Driver;C:\Windows\System32\drivers\aswNdisFlt.sys [2015-1-14 449936]
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2015-1-14 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2015-1-14 267632]
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2014-1-17 20024]
R1 aswKbd;aswKbd;C:\Windows\System32\drivers\aswKbd.sys [2015-1-14 28184]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswsnx.sys [2015-1-14 1050432]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2015-1-14 436624]
R2 AppleOSSMgr;Apple OS Switch Manager;C:\Windows\System32\AppleOSSMgr.exe [2013-1-16 226144]
R2 AppleTimeSrv;Apple Time Service;C:\Windows\System32\AppleTimeSrv.exe [2013-1-16 94560]
R2 aswHwid;avast! HardwareID;C:\Windows\System32\drivers\aswHwid.sys [2015-1-14 29208]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswmonflt.sys [2015-1-14 87912]
R2 aswStm;aswStm;C:\Windows\System32\drivers\aswStm.sys [2015-1-14 116728]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2015-1-14 50344]
R2 avast! Firewall;avast! Firewall;C:\Program Files\AVAST Software\Avast\afwServ.exe [2015-1-14 104416]
R2 BackupStack;Computer Backup (MyPC Backup);C:\Program Files (x86)\MyPC Backup\BackupStack.exe [2015-2-11 53832]
R2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-7-14 1390176]
R2 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-7-14 1767520]
R2 GfExperienceService;NVIDIA GeForce Experience Service;C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2014-12-23 1148744]
R2 KeyAgent;KeyAgent;C:\Windows\System32\drivers\KeyAgent.sys [2013-1-16 18232]
R2 MacHALDriver;Mac HAL;C:\Windows\System32\drivers\MacHALDriver.sys [2013-1-16 23352]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-12-23 1706312]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-12-23 21833544]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-12-23 410768]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2014-1-17 363800]
R3 acpials;ALS Sensor Filter;C:\Windows\System32\drivers\acpials.sys [2009-7-13 9728]
R3 AppleBtBc;Apple Broadcom Built-in Bluetooth;C:\Windows\System32\drivers\AppleBtBc.sys [2014-1-16 20480]
R3 applewtp;Apple Wireless Trackpad;C:\Windows\System32\drivers\applewtp.sys [2014-1-17 53760]
R3 AvastVBoxSvc;AvastVBox COM Service;C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [2015-1-14 4012248]
R3 bScsiSDa;bScsiSDa;C:\Windows\System32\drivers\bScsiSDa.sys [2014-1-17 70744]
R3 CirrusFilter;CS420xLowerFilter;C:\Windows\System32\drivers\CS420x64.sys [2014-1-17 18432]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2014-1-17 358456]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2014-1-17 791608]
R3 KeyMagic;USB Keyboard HID Filter;C:\Windows\System32\drivers\KeyMagic.sys [2014-1-17 29696]
R3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-12-23 19784]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-12-23 38032]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 LaireledAurus;LaireledAurus;C:\Program Files (x86)\LaireledAurus\LaireledAurus.exe [2014-10-21 4383192]
S3 BEService;BattlEye Service;C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [2015-1-19 813440]
S3 EasyAntiCheat;EasyAntiCheat;C:\Windows\System32\EasyAntiCheat.exe --> C:\Windows\System32\EasyAntiCheat.exe [?]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2015-2-10 114688]
S3 Origin Client Service;Origin Client Service;C:\Program Files (x86)\Origin\OriginClientService.exe [2014-9-26 1903472]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-1-17 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-1-19 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2014-8-15 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-1-19 1255736]
.
=============== Created Last 30 ================
.
2015-02-12 03:19:16 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2CC3EFBA-B197-4763-BE42-8470E5A18384}\offreg.dll
2015-02-12 03:12:52 -------- d-sh--w- C:\$RECYCLE.BIN
2015-02-11 23:22:28 -------- d-----w- C:\Program Files\LSoft Technologies
2015-02-11 22:51:06 -------- d-----w- C:\Program Files (x86)\MyPC Backup
2015-02-11 04:34:03 894976 ----a-w- C:\Windows\System32\appraiser.dll
2015-02-11 04:34:03 762368 ----a-w- C:\Windows\System32\invagent.dll
2015-02-11 04:34:03 609280 ----a-w- C:\Windows\System32\generaltel.dll
2015-02-11 04:34:03 414720 ----a-w- C:\Windows\System32\devinv.dll
2015-02-11 04:34:03 1239720 ----a-w- C:\Windows\System32\aitstatic.exe
2015-02-11 04:34:03 1098752 ----a-w- C:\Windows\System32\aeinv.dll
2015-02-11 04:34:02 227328 ----a-w- C:\Windows\System32\aepdu.dll
2015-02-11 04:34:02 192000 ----a-w- C:\Windows\System32\aepic.dll
2015-02-11 04:30:09 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2015-02-11 04:30:09 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2015-02-11 04:28:52 406528 ----a-w- C:\Windows\System32\scesrv.dll
2015-02-11 04:28:52 308224 ----a-w- C:\Windows\SysWow64\scesrv.dll
2015-02-11 04:28:27 5554112 ----a-w- C:\Windows\System32\ntoskrnl.exe
2015-02-11 04:28:25 3972544 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2015-02-11 04:28:24 3917760 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2015-02-11 04:28:22 503808 ----a-w- C:\Windows\System32\srcore.dll
2015-02-11 04:28:22 50176 ----a-w- C:\Windows\System32\srclient.dll
2015-02-11 04:28:22 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2015-02-11 04:28:22 296960 ----a-w- C:\Windows\System32\rstrui.exe
2015-02-11 04:27:23 3201536 ----a-w- C:\Windows\System32\win32k.sys
2015-02-11 04:26:47 11870360 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2CC3EFBA-B197-4763-BE42-8470E5A18384}\mpengine.dll
2015-02-07 23:33:03 3130440 ----a-w- C:\Windows\SysWow64\pbsvc_blr.exe
2015-01-19 22:03:44 -------- d-----w- C:\Program Files (x86)\Common Files\BattlEye
2015-01-17 17:22:51 -------- d-----w- C:\Crash
2015-01-15 11:05:35 52736 ----a-w- C:\Windows\System32\TSWbPrxy.exe
2015-01-15 11:05:34 303616 ----a-w- C:\Windows\System32\nlasvc.dll
2015-01-15 11:05:34 210432 ----a-w- C:\Windows\System32\profsvc.dll
2015-01-15 11:05:33 52224 ----a-w- C:\Windows\SysWow64\nlaapi.dll
2015-01-15 11:05:33 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll
2015-01-15 11:05:33 141312 ----a-w- C:\Windows\System32\drivers\mrxdav.sys
2015-01-15 03:11:51 -------- d-----w- C:\Users\Layton\AppData\Roaming\AVAST Software
2015-01-15 03:07:58 -------- d-----w- C:\Windows\SysWow64\vbox
2015-01-15 03:07:58 -------- d-----w- C:\Windows\System32\vbox
2015-01-15 03:05:37 267632 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2015-01-15 03:05:37 116728 ----a-w- C:\Windows\System32\drivers\aswStm.sys
2015-01-15 03:05:35 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2015-01-15 03:05:32 87912 ----a-w- C:\Windows\System32\drivers\aswmonflt.sys
2015-01-15 03:05:29 29208 ----a-w- C:\Windows\System32\drivers\aswHwid.sys
2015-01-15 03:05:28 93568 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2015-01-15 03:05:22 1050432 ----a-w- C:\Windows\System32\drivers\aswsnx.sys
2015-01-15 03:05:21 28184 ----a-w- C:\Windows\System32\drivers\aswKbd.sys
2015-01-15 03:04:58 43152 ----a-w- C:\Windows\avastSS.scr
2015-01-15 03:04:45 449936 ----a-w- C:\Windows\System32\drivers\aswNdisFlt.sys
2015-01-15 02:59:23 -------- d-----w- C:\Program Files\AVAST Software
2015-01-15 02:57:57 -------- d-----w- C:\ProgramData\AVAST Software
2015-01-15 02:24:04 -------- d-----w- C:\Windows\pss
.
==================== Find3M ====================
.
2015-02-07 23:33:33 189248 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2015-02-07 23:33:05 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2015-01-16 06:41:34 1316184 ----a-w- C:\Windows\SysWow64\nvspbridge.dll
2015-01-16 06:41:34 1278920 ----a-w- C:\Windows\SysWow64\nvspcap.dll
2015-01-16 06:41:18 1756424 ----a-w- C:\Windows\System32\nvspbridge64.dll
2015-01-16 06:41:18 1514528 ----a-w- C:\Windows\System32\nvspcap64.dll
2015-01-15 08:14:17 155072 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2015-01-15 08:14:16 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2015-01-15 08:09:58 29184 ----a-w- C:\Windows\System32\sspisrv.dll
2015-01-15 08:09:58 136192 ----a-w- C:\Windows\System32\sspicli.dll
2015-01-15 08:09:57 28160 ----a-w- C:\Windows\System32\secur32.dll
2015-01-15 08:09:51 1461760 ----a-w- C:\Windows\System32\lsasrv.dll
2015-01-15 08:09:15 31232 ----a-w- C:\Windows\System32\lsass.exe
2015-01-15 08:08:59 64000 ----a-w- C:\Windows\System32\auditpol.exe
2015-01-15 08:06:22 60416 ----a-w- C:\Windows\System32\msobjs.dll
2015-01-15 08:06:11 146432 ----a-w- C:\Windows\System32\msaudite.dll
2015-01-15 08:04:23 686080 ----a-w- C:\Windows\System32\adtschema.dll
2015-01-15 07:42:59 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2015-01-15 07:42:05 50176 ----a-w- C:\Windows\SysWow64\auditpol.exe
2015-01-15 07:41:53 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2015-01-15 07:39:53 60416 ----a-w- C:\Windows\SysWow64\msobjs.dll
2015-01-15 07:39:36 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
2015-01-15 07:37:55 686080 ----a-w- C:\Windows\SysWow64\adtschema.dll
2015-01-15 04:22:18 458824 ----a-w- C:\Windows\System32\drivers\cng.sys
2015-01-12 03:05:32 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2015-01-12 03:05:19 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2015-01-12 02:49:42 66560 ----a-w- C:\Windows\System32\iesetup.dll
2015-01-12 02:48:57 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2015-01-12 02:48:52 584192 ----a-w- C:\Windows\System32\vbscript.dll
2015-01-12 02:47:25 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2015-01-12 02:34:42 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2015-01-12 02:34:30 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2015-01-12 02:33:52 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2015-01-12 02:32:57 6041088 ----a-w- C:\Windows\System32\jscript9.dll
2015-01-12 02:25:28 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2015-01-12 02:21:19 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2015-01-12 02:13:27 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2015-01-12 02:08:09 503296 ----a-w- C:\Windows\SysWow64\vbscript.dll
2015-01-12 02:07:51 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2015-01-12 02:07:06 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2015-01-12 02:05:36 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2015-01-12 01:55:47 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2015-01-12 01:55:00 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2015-01-12 01:46:29 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2015-01-12 01:46:00 2125824 ----a-w- C:\Windows\System32\inetcpl.cpl
2015-01-12 01:40:43 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2015-01-12 01:29:46 4300800 ----a-w- C:\Windows\SysWow64\jscript9.dll
2015-01-12 01:27:32 2358272 ----a-w- C:\Windows\System32\wininet.dll
2015-01-12 01:23:09 2052608 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2015-01-12 01:22:17 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2015-01-12 01:00:17 1888256 ----a-w- C:\Windows\SysWow64\wininet.dll
2015-01-10 06:48:22 210944 ----a-w- C:\Windows\System32\wdigest.dll
2015-01-10 06:48:19 86528 ----a-w- C:\Windows\System32\TSpkg.dll
2015-01-10 06:48:17 341504 ----a-w- C:\Windows\System32\schannel.dll
2015-01-10 06:48:13 309760 ----a-w- C:\Windows\System32\ncrypt.dll
2015-01-10 06:48:12 314880 ----a-w- C:\Windows\System32\msv1_0.dll
2015-01-10 06:48:10 728064 ----a-w- C:\Windows\System32\kerberos.dll
2015-01-10 06:48:05 22016 ----a-w- C:\Windows\System32\credssp.dll
2015-01-10 06:27:54 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
2015-01-10 06:27:51 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
2015-01-10 06:27:47 248832 ----a-w- C:\Windows\SysWow64\schannel.dll
2015-01-10 06:27:44 221184 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2015-01-10 06:27:43 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2015-01-10 06:27:39 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2015-01-10 06:27:32 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
2015-01-08 17:55:52 298120 ------w- C:\Windows\System32\MpSigStub.exe
2014-12-13 08:03:15 6859408 ----a-w- C:\Windows\System32\nvcpl.dll
2014-12-13 08:03:15 3513488 ----a-w- C:\Windows\System32\nvsvc64.dll
2014-12-13 08:03:13 935240 ----a-w- C:\Windows\System32\nvvsvc.exe
2014-12-13 08:03:13 62608 ----a-w- C:\Windows\System32\nvshext.dll
2014-12-13 08:03:13 386368 ----a-w- C:\Windows\System32\nvmctray.dll
2014-12-13 08:03:13 2558608 ----a-w- C:\Windows\System32\nvsvcr.dll
2014-12-13 00:47:38 620176 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2014-12-12 23:11:01 4151176 ----a-w- C:\Windows\System32\nvcoproc.bin
2014-12-12 05:31:39 1480192 ----a-w- C:\Windows\System32\crypt32.dll
2014-12-12 05:07:26 1174528 ----a-w- C:\Windows\SysWow64\crypt32.dll
2014-11-26 03:53:59 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2014-11-26 03:32:05 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2014-11-22 10:46:30 38032 ----a-w- C:\Windows\System32\drivers\nvvad64v.sys
2014-11-22 10:46:30 35472 ----a-w- C:\Windows\System32\nvaudcap64v.dll
2014-11-22 10:46:30 32400 ----a-w- C:\Windows\SysWow64\nvaudcap32v.dll
.
============= FINISH: 19:21:33.59 ===============

attach.txt:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume4
Install Date: 1/17/2014 7:33:28 PM
System Uptime: 2/11/2015 7:11:23 PM (0 hours ago)
.
Motherboard: Apple Inc. | | Mac-00BE6ED71E35EB86
Processor: Intel(R) Core(TM) i5-3330S CPU @ 2.70GHz | U2E1 | 2701/25mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 466 GiB total, 123.942 GiB free.
D: is FIXED (HFS) - 465 GiB total, 313.008 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Teredo Tunneling Adapter
Device ID: ROOT\*TEREDO\0000
Manufacturer: Microsoft
Name: Teredo Tunneling Pseudo-Interface
PNP Device ID: ROOT\*TEREDO\0000
Service: tunnel
.
==== System Restore Points ===================
.
RP148: 1/5/2015 4:07:43 PM - Scheduled Checkpoint
RP149: 1/6/2015 5:15:59 AM - Windows Update
RP150: 1/14/2015 3:00:55 PM - Windows Update
RP151: 1/14/2015 6:58:54 PM - avast! antivirus system restore point
RP152: 1/14/2015 7:06:50 PM - Device Driver Package Install: Avast Network Service
RP153: 1/15/2015 3:00:13 AM - Windows Update
RP154: 1/16/2015 3:00:12 AM - Windows Update
RP155: 1/21/2015 3:30:43 PM - Windows Update
RP156: 1/21/2015 3:44:54 PM - Windows Backup
RP157: 1/25/2015 7:00:12 PM - Windows Backup
RP158: 1/28/2015 9:32:29 PM - Windows Update
RP159: 2/1/2015 7:00:07 PM - Windows Backup
RP160: 2/3/2015 7:54:09 AM - Windows Backup
RP161: 2/3/2015 7:55:11 AM - Windows Update
RP162: 2/5/2015 10:04:55 AM - Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
RP163: 2/5/2015 10:06:30 AM - Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
RP164: 2/5/2015 10:07:45 AM - Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005
RP165: 2/5/2015 10:08:30 AM - Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005
RP166: 2/7/2015 3:29:41 PM - Installed DirectX
RP167: 2/7/2015 3:32:39 PM - Installed NVIDIA PhysX
RP168: 2/7/2015 3:34:25 PM - Installed NVIDIA PhysX
RP169: 2/8/2015 7:00:11 PM - Windows Backup
RP170: 2/10/2015 8:10:33 PM - Removed Java 8 Update 31
RP171: 2/10/2015 8:13:55 PM - Removed Java 8 Update 31
RP172: 2/10/2015 8:26:12 PM - Windows Update
RP173: 2/11/2015 3:00:16 AM - Windows Update
.
==== Installed Programs ======================
.
Active@ KillDisk 9.1
Adobe Creative Cloud
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Assassin’s Creed Unity
Avast Premier
BattlEye Uninstall
Bonjour
Boot Camp Services
Counter-Strike: Global Offensive
DayZ
Dishonored
Fistful of Frags
Garry's Mod
Google Chrome
Google Update Helper
H1Z1
Insurgency
Intel(R) Management Engine Components
Intel(R) USB 3.0 eXtensible Host Controller Driver
iTunes
Microsoft .NET Framework 4.5.1
Microsoft ASP.NET MVC 4 Runtime
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
MyPC Backup
NVIDIA 3D Vision Controller Driver 347.09
NVIDIA 3D Vision Driver 347.09
NVIDIA Control Panel 347.09
NVIDIA GeForce Experience 2.2.2
NVIDIA GeForce Experience Service
NVIDIA Graphics Driver 347.09
NVIDIA HD Audio Driver 1.3.33.0
NVIDIA Install Application
NVIDIA LED Visualizer 1.0
NVIDIA Network Service
NVIDIA PhysX
NVIDIA PhysX System Software 9.14.0702
NVIDIA ShadowPlay 17.12.8
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 17.12.8
NVIDIA Update Core
NVIDIA Virtual Audio 1.2.27
Origin
Overwolf.Setup.VC100CRTx64.Dist
PAYDAY 2
PlanetSide 2
PunkBuster Services
Robocraft
Rust
Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972107)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)
Security Update for Microsoft .NET Framework 4.5.1 (KB2978128)
Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2)
SHIELD Streaming
SHIELD Wireless Controller Driver
SimCity™
Sir, You Are Being Hunted
Skype Click to Call
Skype™ 6.21
SlimCleaner
Steam
Team Fortress 2
TeamSpeak 3 Client
Tom Clancy's Ghost Recon Phantoms - NA
Tomb Raider
Unity Web Player
Unturned
Uplay
Windows Driver Package - Apple Inc. (AppleUSBEthernet) Net (02/01/2008 3.10.3.10)
Windows Driver Package - Apple Inc. Apple Bluetooth (03/01/2010 3.0.0.5)
Windows Driver Package - Apple Inc. Apple Display (01/23/2009 3.0.0.0)
Windows Driver Package - Apple Inc. Apple IR Receiver (02/21/2008 2.0.4.0)
Windows Driver Package - Apple Inc. Apple Keyboard (10/29/2012 5.0.3.0)
Windows Driver Package - Apple Inc. Apple Multitouch (09/11/2012 4.0.3.0)
Windows Driver Package - Apple Inc. Apple Multitouch Mouse (09/11/2012 4.0.3.0)
Windows Driver Package - Apple Inc. Apple ODD (05/17/2010 3.1.0.0)
Windows Driver Package - Apple Inc. Apple System Device (08/28/2012 5.0.0.0)
Windows Driver Package - Apple Inc. Apple Wireless Mouse (06/01/2011 4.0.0.1)
Windows Driver Package - Apple Inc. Apple Wireless Trackpad (10/29/2011 5.0.0.0)
Windows Driver Package - Atheros Communications Inc. (athr) Net (11/13/2010 9.2.0.113)
Windows Driver Package - Broadcom (b57nd60a) Net (09/04/2012 15.4.0.17)
Windows Driver Package - Broadcom (B57ports) Net (06/16/2009 1.0.0.1)
Windows Driver Package - Broadcom (BCM43XX) Net (11/13/2012 5.106.199.1)
Windows Driver Package - Broadcom Corporation (bScsiSDa) SDHost (08/14/2012 1.0.0.243)
Windows Driver Package - Cirrus Logic, Inc. (CirrusFilter) MEDIA (11/09/2012 6.6001.1.38)
Windows Driver Package - Intel (e1express) Net (03/26/2010 9.13.41.0)
Windows Driver Package - Intel (e1kexpress) Net (04/12/2010 11.6.92.0)
Windows Driver Package - Intel (e1qexpress) Net (12/04/2009 11.4.7.0)
Windows Driver Package - Intel (e1rexpress) Net (01/07/2010 11.4.16.0)
Windows Driver Package - Intel (e1yexpress) Net (04/07/2010 10.1.9.0)
Windows Driver Package - Intel System (07/20/2007 1.2.76.0)
Windows Driver Package - Marvell (yukonx64) Net (12/06/2007 10.51.1.3)
Windows Driver Package - NVIDIA Corporation (NVHDA) MEDIA (07/03/2012 1.3.18.0)
.
==== Event Viewer Messages From Past Week ========
.
2/11/2015 7:14:06 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the AvastVBox COM Service service to connect.
2/11/2015 7:14:06 PM, Error: Service Control Manager [7000] - The AvastVBox COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/11/2015 7:14:06 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service AvastVBoxSvc with arguments "" in order to run the server: {F319F1B8-7587-4146-AF9C-0D6D77819BF1}
2/11/2015 7:13:28 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom
2/11/2015 7:13:15 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
2/11/2015 7:12:59 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the LaireledAurus service to connect.
2/11/2015 7:12:59 PM, Error: Service Control Manager [7000] - The LaireledAurus service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/11/2015 3:06:52 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR2.
2/11/2015 3:05:37 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
.
==== End Of File ===========================
Lytn
Active Member
 
Posts: 1
Joined: February 11th, 2015, 10:18 pm
Advertisement
Register to Remove

Re: SASA and Obrona Virus (Windows 7)

Unread postby Gary R » February 13th, 2015, 2:17 am

I'm sorry, but we do not support Macs here at MWR, we only work on Windows machines.

If you're having problems with a Mac, then the following sites offer Mac support ....

http://www.bleepingcomputer.com/forums/f/172/mac-os/
http://www.geekstogo.com/forum/forum/176-apple-osx/
http://www.geekstogo.com/forum/forum/169-apple-ios/
http://www.techsupportforum.com/forums/f65/

This topic is now closed.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 301 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware