1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Some virus, can't get rid of..

Discussion in 'Virus & Other Malware Removal' started by Dar1a, Feb 23, 2013.

Thread Status:
Not open for further replies.
  1. Dar1a

    Dar1a Thread Starter

    Joined:
    Feb 23, 2013
    Messages:
    1
    Hello everyone!

    I really need an assistance, as my laptop cought this virus, and no antivirus programs could catch it yet. I've tried a lot of them! I tried to follow some advice, nothing helps, and I feel desperate.

    What behavior I've noticed is that once in awhile when I click some link (regular one: youtube video, IMs, etc.) an additional web-page pops up and suggests a game to play or some surveys. I've collected all the log files, that were asked here, really hope to get some help!

    I appreciate your assitance in advance :)

    Hijack log file

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 20:03:18, on 23.02.2013
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16464)
    Boot mode: Normal

    Running processes:
    C:\Users\1\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Program Files (x86)\Yandex\Punto Switcher\punto.exe
    C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\ProgramData\Search Protection\SearchProtection.exe
    C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
    C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
    C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe
    C:\Users\1\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\1\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\1\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\1\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\1\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\1\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\1\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\1\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\1\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\1\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\1\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\1\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\1\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\1\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\1\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\1\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\1\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\1\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\1\Downloads\HijackThis.exe
    C:\windows\SysWOW64\DllHost.exe
    C:\Users\1\AppData\Local\Google\Chrome\Application\chrome.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung.msn.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securesearch.lavasoft.com/?s...page&toolbarid=adawaretb&v=2_5&u=___userid___
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://samsung.msn.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Помощник по входу с помощью идентификатора Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
    O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
    O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SearchProtection] C:\ProgramData\Search Protection\_run.bat
    O4 - HKCU\..\Run: [Google Update] "C:\Users\1\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    O4 - Startup: Dropbox.lnk = C:\Users\1\AppData\Roaming\Dropbox\bin\Dropbox.exe
    O4 - Startup: Punto Switcher.lnk = C:\Program Files (x86)\Yandex\Punto Switcher\punto.exe
    O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
    O23 - Service: Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service (AMPPALR3) - Intel Corporation - C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Bluetooth Device Monitor - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
    O23 - Service: Bluetooth Media Service - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
    O23 - Service: Bluetooth OBEX Service - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
    O23 - Service: Служба Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service (BTHSSecurityMgr) - Intel(R) Corporation - C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
    O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\windows\SysWow64\IntelCpHeciSvc.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    O23 - Service: ExpressCache - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
    O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
    O23 - Service: Intel(R) ME Service - Unknown owner - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
    O23 - Service: Сервис iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Intel(R) Rapid Start Technology Service (irstrtsv) - Intel Corporation - C:\windows\SysWOW64\irstrtsv.exe
    O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
    O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
    O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
    O23 - Service: Norton Online Backup (NOBU) - Symantec Corporation - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
    O23 - Service: SamsungDeviceConfiguration (SamsungDeviceConfigurationWinService) - Unknown owner - C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
    O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
    O23 - Service: Intel(R) PROSet/Wireless Zero Configuration Service (ZeroConfigService) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

    --
    End of file - 11589 bytes



    -----------------------------------
    dds file


    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16464
    Run by 1 at 20:04:20 on 2013-02-23
    Microsoft Windows 7 Домашняя базовая 6.1.7601.1.1251.7.1049.18.3878.618 [GMT 1:00]
    .
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\windows\system32\lsm.exe
    C:\windows\system32\svchost.exe -k DcomLaunch
    C:\windows\system32\svchost.exe -k RPCSS
    C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\windows\system32\svchost.exe -k netsvcs
    C:\windows\system32\svchost.exe -k LocalService
    C:\windows\system32\svchost.exe -k NetworkService
    C:\windows\System32\spoolsv.exe
    C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\windows\system32\svchost.exe -k bthsvcs
    C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe
    C:\Program Files\Intel\iCLS Client\HeciServer.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
    C:\windows\SysWOW64\irstrtsv.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe
    C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    C:\windows\system32\WLANExt.exe
    C:\windows\system32\wbem\unsecapp.exe
    C:\windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
    C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\windows\system32\taskhost.exe
    C:\windows\system32\taskeng.exe
    C:\windows\system32\Dwm.exe
    C:\windows\Explorer.EXE
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Users\1\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Program Files (x86)\Yandex\Punto Switcher\punto.exe
    C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
    C:\ProgramData\Search Protection\SearchProtection.exe
    C:\Program Files (x86)\Yandex\Punto Switcher\ps64ldr.exe
    C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
    C:\windows\system32\wbem\wmiprvse.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\Samsung\Easy Software Manager\SWMAgent.exe
    C:\windows\system32\taskeng.exe
    C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
    C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe
    C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe
    C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe
    C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe
    C:\windows\system32\igfxext.exe
    C:\windows\system32\igfxsrvc.exe
    C:\Program Files\Samsung\Easy Support Center\SamoyedAgent.exe
    C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
    C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
    C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    C:\windows\System32\svchost.exe -k secsvcs
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
    C:\Users\1\AppData\Local\Temp\Temp2_gmer.zip\gmer.exe
    C:\windows\system32\wuauclt.exe
    C:\windows\system32\taskhost.exe
    C:\Program Files\Windows NT\Accessories\wordpad.exe
    C:\Users\1\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\1\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\1\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\1\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\1\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\1\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\1\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\1\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\1\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\1\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\1\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\1\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\1\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\1\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\1\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\1\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\1\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\1\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\windows\system32\SearchProtocolHost.exe
    C:\windows\system32\SearchFilterHost.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Microsoft\BingBar\BingBar.exe
    C:\Program Files (x86)\Microsoft\BingBar\BingApp.exe
    C:\windows\system32\igfxsrvc.exe
    C:\windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://securesearch.lavasoft.com/?source=f439e2c0&tbp=homepage&toolbarid=adawaretb&v=2_5&u=___userid___
    uDefault_Page_URL = hxxp://samsung.msn.com
    mStart Page = hxxp://samsung.msn.com
    mWinlogon: Userinit = userinit.exe
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Помощник по входу с помощью идентификатора Windows Live ID: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
    uRun: [Google Update] "C:\Users\1\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [SearchProtection] C:\ProgramData\Search Protection\_run.bat
    StartupFolder: C:\Users\1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\1\AppData\Roaming\Dropbox\bin\Dropbox.exe
    StartupFolder: C:\Users\1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\PUNTOS~1.LNK - C:\Program Files (x86)\Yandex\Punto Switcher\punto.exe
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    TCP: NameServer = 10.118.0.1 10.118.0.254
    TCP: Interfaces\{1F912C62-92D4-4E8E-960E-2999F1BADEC8} : DHCPNameServer = 10.118.0.1 10.118.0.254
    TCP: Interfaces\{C8B16822-A2BB-471C-8807-C50F3996061D}\84F64756C6F5B457A726163737 : DHCPNameServer = 192.168.2.100
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SSODL: WebCheck - <orphaned>
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
    x64-Run: [BLEServicesCtrl] C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
    x64-Run: [BTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
    x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
    x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
    x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
    x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-Notify: igfxcui - igfxdev.dll
    x64-SSODL: WebCheck - <orphaned>
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 excsd;ExpressCache Storage Filter Driver;C:\windows\System32\drivers\excsd.sys [2012-5-10 92976]
    R0 gfibto;gfibto;C:\windows\System32\drivers\gfibto.sys [2013-2-15 14456]
    R0 iusb3hcs;&#1044;&#1088;&#1072;&#1081;&#1074;&#1077;&#1088; &#1093;&#1086;&#1089;&#1090;-&#1082;&#1086;&#1085;&#1090;&#1088;&#1086;&#1083;&#1083;&#1077;&#1088;&#1072; &#1080; &#1082;&#1086;&#1084;&#1084;&#1091;&#1090;&#1072;&#1090;&#1086;&#1088;&#1072; Intel(R) USB 3.0;C:\windows\System32\drivers\iusb3hcs.sys [2012-2-1 16152]
    R1 excfs;ExpressCache File System Filter Driver;C:\windows\System32\drivers\excfs.sys [2012-5-10 23344]
    R1 SABI;SAMSUNG Kernel Driver For Windows 7;C:\windows\System32\drivers\SABI.sys [2012-5-10 13824]
    R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-12-5 659968]
    R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2012-2-21 1014096]
    R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2012-2-21 1104208]
    R2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-12-5 135952]
    R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
    R2 ExpressCache;ExpressCache;C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe [2012-2-11 79664]
    R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-2 628448]
    R2 Intel(R) ME Service;Intel(R) ME Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2012-5-10 128280]
    R2 irstrtsv;Intel(R) Rapid Start Technology Service;C:\Windows\SysWOW64\irstrtsv.exe [2012-5-10 193536]
    R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2012-5-10 161560]
    R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
    R2 SamsungDeviceConfigurationWinService;SamsungDeviceConfiguration;C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe [2012-5-13 31624]
    R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
    R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-5-10 363800]
    R2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2011-12-8 594704]
    R3 AMPPAL;&#1042;&#1080;&#1088;&#1090;&#1091;&#1072;&#1083;&#1100;&#1085;&#1099;&#1081; &#1072;&#1076;&#1072;&#1087;&#1090;&#1077;&#1088; Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed;C:\windows\System32\drivers\AmpPal.sys [2011-12-5 195584]
    R3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2012-2-21 1304912]
    R3 btmaux;Intel Bluetooth Auxiliary Service;C:\windows\System32\drivers\btmaux.sys [2011-11-30 94720]
    R3 btmhsf;btmhsf;C:\windows\System32\drivers\btmhsf.sys [2011-11-30 747008]
    R3 clwvd;CyberLink WebCam Virtual Driver;C:\windows\System32\drivers\clwvd.sys [2012-2-16 31216]
    R3 ETD;ELAN PS/2 Port Input Device;C:\windows\System32\drivers\ETD.sys [2012-3-30 242512]
    R3 ibtfltcoex;ibtfltcoex;C:\windows\System32\drivers\iBtFltCoex.sys [2012-2-14 60928]
    R3 IntcDAud;&#1040;&#1091;&#1076;&#1080;&#1086; Intel(R) &#1076;&#1083;&#1103; &#1076;&#1080;&#1089;&#1087;&#1083;&#1077;&#1077;&#1074;;C:\windows\System32\drivers\IntcDAud.sys [2012-3-13 331264]
    R3 irstrtdv;Intel(R) Rapid Start Technology Driver;C:\windows\System32\drivers\irstrtdv.sys [2012-2-21 26504]
    R3 iusb3hub;&#1044;&#1088;&#1072;&#1081;&#1074;&#1077;&#1088; &#1082;&#1086;&#1085;&#1094;&#1077;&#1085;&#1090;&#1088;&#1072;&#1090;&#1086;&#1088;&#1072; Intel(R) USB 3.0;C:\windows\System32\drivers\iusb3hub.sys [2012-2-1 355096]
    R3 iusb3xhc;&#1044;&#1088;&#1072;&#1081;&#1074;&#1077;&#1088; &#1088;&#1072;&#1089;&#1096;&#1080;&#1088;&#1103;&#1077;&#1084;&#1086;&#1075;&#1086; &#1093;&#1086;&#1089;&#1090;-&#1082;&#1086;&#1085;&#1090;&#1088;&#1086;&#1083;&#1083;&#1077;&#1088;&#1072; Intel(R) USB 3.0;C:\windows\System32\drivers\iusb3xhc.sys [2012-2-1 786200]
    R3 iwdbus;IWD Bus Enumerator;C:\windows\System32\drivers\iwdbus.sys [2011-12-20 25496]
    R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2012-5-10 648808]
    R3 Sftfs;Sftfs;C:\windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
    R3 Sftplay;Sftplay;C:\windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
    R3 Sftredir;Sftredir;C:\windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
    R3 Sftvol;Sftvol;C:\windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
    R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
    R3 wdkmd;Intel WiDi KMD;C:\windows\System32\drivers\WDKMD.sys [2011-12-20 42392]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
    S3 AMPPALP;&#1055;&#1088;&#1086;&#1090;&#1086;&#1082;&#1086;&#1083; Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed;C:\windows\System32\drivers\AmpPal.sys [2011-12-5 195584]
    S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-1 183560]
    S3 gfiark;gfiark;C:\windows\System32\drivers\gfiark.sys [2013-2-16 38096]
    S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\windows\System32\drivers\intelaud.sys [2011-12-20 34200]
    S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-12-8 273168]
    S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    .
    =============== Created Last 30 ================
    .
    2013-02-22 06:37:04 9162192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{747B5304-2579-4407-8C16-68F047E4C063}\mpengine.dll
    2013-02-17 21:18:00 7168 ----a-w- C:\windows\SysWow64\drivers\utexnjuw.sys
    2013-02-17 11:07:58 -------- d-----w- C:\Users\1\Doctor Web
    2013-02-16 09:40:55 -------- d-----w- C:\Users\1\AppData\Local\ElevatedDiagnostics
    2013-02-16 01:13:48 38096 ----a-w- C:\windows\System32\drivers\gfiark.sys
    2013-02-15 21:37:49 -------- d-----w- C:\ProgramData\Ad-Aware Antivirus
    2013-02-15 21:30:12 -------- d-----w- C:\ProgramData\Search Protection
    2013-02-15 21:30:09 -------- d-----w- C:\ProgramData\blekko toolbars
    2013-02-15 21:30:09 -------- d-----w- C:\ProgramData\adawaretb
    2013-02-15 21:30:08 -------- d-----w- C:\Users\1\AppData\Local\adawarebp
    2013-02-15 21:30:05 -------- d-----w- C:\ProgramData\Ad-Aware Browsing Protection
    2013-02-15 21:29:28 -------- d-----w- C:\Program Files (x86)\Toolbar Cleaner
    2013-02-15 21:29:18 -------- d-----w- C:\Program Files (x86)\adawaretb
    2013-02-15 21:28:41 -------- d-----w- C:\Program Files (x86)\Ad-Aware Antivirus
    2013-02-15 21:27:27 -------- d-----w- C:\ProgramData\Downloaded Installations
    2013-02-15 21:23:55 14456 ----a-w- C:\windows\System32\drivers\gfibto.sys
    2013-02-15 21:23:54 -------- d-----w- C:\Users\1\AppData\Roaming\LavasoftStatistics
    2013-02-15 21:23:31 -------- d-----w- C:\Users\1\AppData\Roaming\Ad-Aware Antivirus
    2013-02-15 19:56:50 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
    2013-02-15 19:56:15 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
    2013-02-15 19:55:31 -------- d-----w- C:\Users\1\AppData\Local\Programs
    2013-02-15 13:00:55 -------- d-----w- C:\windows\pss
    2013-02-15 10:14:11 -------- d-----w- C:\ProgramData\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}
    2013-02-15 10:14:06 -------- d-----w- C:\ProgramData\IObit
    2013-02-15 10:13:52 -------- d-----w- C:\Users\1\AppData\Roaming\IObit
    2013-02-15 10:13:39 -------- d-----w- C:\Program Files (x86)\IObit
    2013-02-14 08:31:33 996352 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
    2013-02-14 08:31:33 768000 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
    2013-02-14 00:05:52 -------- d-----r- C:\Backup
    2013-02-14 00:02:31 85048 ----a-w- C:\windows\System32\drivers\CSCrySec.sys
    2013-02-14 00:02:31 66104 ----a-w- C:\windows\System32\drivers\CSVirtualDiskDrv.sys
    2013-02-12 22:36:58 5553512 ----a-w- C:\windows\System32\ntoskrnl.exe
    2013-02-12 22:36:56 3967848 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
    2013-02-12 22:36:56 3913064 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
    2013-02-12 22:36:49 3153408 ----a-w- C:\windows\System32\win32k.sys
    2013-02-12 22:36:49 215040 ----a-w- C:\windows\System32\winsrv.dll
    2013-02-12 22:36:48 7680 ----a-w- C:\windows\SysWow64\instnm.exe
    2013-02-12 22:36:48 5120 ----a-w- C:\windows\SysWow64\wow32.dll
    2013-02-12 22:36:48 25600 ----a-w- C:\windows\SysWow64\setup16.exe
    2013-02-12 22:36:48 2048 ----a-w- C:\windows\SysWow64\user.exe
    2013-02-12 22:36:48 14336 ----a-w- C:\windows\SysWow64\ntvdm64.dll
    2013-02-12 22:36:47 288088 ----a-w- C:\windows\System32\drivers\FWPKCLNT.SYS
    2013-02-12 22:36:47 1913192 ----a-w- C:\windows\System32\drivers\tcpip.sys
    .
    ==================== Find3M ====================
    .
    2013-01-17 00:28:58 273840 ------w- C:\windows\System32\MpSigStub.exe
    2013-01-09 01:19:09 2312704 ----a-w- C:\windows\System32\jscript9.dll
    2013-01-09 01:12:03 1392128 ----a-w- C:\windows\System32\wininet.dll
    2013-01-09 01:11:06 1494528 ----a-w- C:\windows\System32\inetcpl.cpl
    2013-01-09 01:07:51 173056 ----a-w- C:\windows\System32\ieUnatt.exe
    2013-01-09 01:07:47 599040 ----a-w- C:\windows\System32\vbscript.dll
    2013-01-09 01:04:42 2382848 ----a-w- C:\windows\System32\mshtml.tlb
    2013-01-08 22:11:21 1800704 ----a-w- C:\windows\SysWow64\jscript9.dll
    2013-01-08 22:03:20 1129472 ----a-w- C:\windows\SysWow64\wininet.dll
    2013-01-08 22:03:12 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl
    2013-01-08 21:59:02 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe
    2013-01-08 21:58:29 420864 ----a-w- C:\windows\SysWow64\vbscript.dll
    2013-01-08 21:56:23 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
    2013-01-04 04:43:21 44032 ----a-w- C:\windows\apppatch\acwow64.dll
    2012-12-16 17:11:22 46080 ----a-w- C:\windows\System32\atmlib.dll
    2012-12-16 14:45:03 367616 ----a-w- C:\windows\System32\atmfd.dll
    2012-12-16 14:13:28 295424 ----a-w- C:\windows\SysWow64\atmfd.dll
    2012-12-16 14:13:20 34304 ----a-w- C:\windows\SysWow64\atmlib.dll
    2012-12-07 13:20:16 441856 ----a-w- C:\windows\System32\Wpc.dll
    2012-12-07 13:15:31 2746368 ----a-w- C:\windows\System32\gameux.dll
    2012-12-07 12:26:17 308736 ----a-w- C:\windows\SysWow64\Wpc.dll
    2012-12-07 12:20:43 2576384 ----a-w- C:\windows\SysWow64\gameux.dll
    2012-12-07 11:20:04 30720 ----a-w- C:\windows\System32\usk.rs
    2012-12-07 11:20:03 43520 ----a-w- C:\windows\System32\csrr.rs
    2012-12-07 11:20:03 23552 ----a-w- C:\windows\System32\oflc.rs
    2012-12-07 11:20:01 45568 ----a-w- C:\windows\System32\oflc-nz.rs
    2012-12-07 11:20:01 44544 ----a-w- C:\windows\System32\pegibbfc.rs
    2012-12-07 11:20:01 20480 ----a-w- C:\windows\System32\pegi-fi.rs
    2012-12-07 11:20:00 20480 ----a-w- C:\windows\System32\pegi-pt.rs
    2012-12-07 11:19:59 20480 ----a-w- C:\windows\System32\pegi.rs
    2012-12-07 11:19:58 46592 ----a-w- C:\windows\System32\fpb.rs
    2012-12-07 11:19:57 40960 ----a-w- C:\windows\System32\cob-au.rs
    2012-12-07 11:19:57 21504 ----a-w- C:\windows\System32\grb.rs
    2012-12-07 11:19:57 15360 ----a-w- C:\windows\System32\djctq.rs
    2012-12-07 11:19:56 55296 ----a-w- C:\windows\System32\cero.rs
    2012-12-07 11:19:55 51712 ----a-w- C:\windows\System32\esrb.rs
    2012-11-30 05:45:35 362496 ----a-w- C:\windows\System32\wow64win.dll
    2012-11-30 05:45:35 243200 ----a-w- C:\windows\System32\wow64.dll
    2012-11-30 05:45:35 13312 ----a-w- C:\windows\System32\wow64cpu.dll
    2012-11-30 05:43:12 16384 ----a-w- C:\windows\System32\ntvdm64.dll
    2012-11-30 05:41:07 424448 ----a-w- C:\windows\System32\KernelBase.dll
    2012-11-30 04:53:59 274944 ----a-w- C:\windows\SysWow64\KernelBase.dll
    2012-11-30 03:23:48 338432 ----a-w- C:\windows\System32\conhost.exe
    2012-11-30 02:38:59 6144 ---ha-w- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
    2012-11-30 02:38:59 4608 ---ha-w- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
    2012-11-30 02:38:59 3584 ---ha-w- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
    2012-11-30 02:38:59 3072 ---ha-w- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
    .
    ============= FINISH: 20:04:38,77 ===============


    --------------------------------------------------------
    attach file

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 &#1044;&#1086;&#1084;&#1072;&#1096;&#1085;&#1103;&#1103; &#1073;&#1072;&#1079;&#1086;&#1074;&#1072;&#1103;
    Boot Device: \Device\HarddiskVolume1
    Install Date: 20.08.2012 8:46:05
    System Uptime: 23.02.2013 19:27:00 (1 hours ago)
    .
    Motherboard: SAMSUNG ELECTRONICS CO., LTD. | | 530U3C/530U4C
    Processor: Intel(R) Core(TM) i5-3317U CPU @ 1.70GHz | CPU Socket - U3E1 | 799/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 445 GiB total, 328,598 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP65: 16.02.2013 14:28:04 - &#1047;&#1072;&#1087;&#1083;&#1072;&#1085;&#1080;&#1088;&#1086;&#1074;&#1072;&#1085;&#1085;&#1072;&#1103; &#1082;&#1086;&#1085;&#1090;&#1088;&#1086;&#1083;&#1100;&#1085;&#1072;&#1103; &#1090;&#1086;&#1095;&#1082;&#1072;
    RP66: 17.02.2013 23:23:26 - Removed Ad-Aware Antivirus.
    RP67: 19.02.2013 8:47:47 - &#1062;&#1077;&#1085;&#1090;&#1088; &#1086;&#1073;&#1085;&#1086;&#1074;&#1083;&#1077;&#1085;&#1080;&#1103; Windows
    RP68: 23.02.2013 15:32:55 - restore point 23.02
    .
    ==== Installed Programs ======================
    .
    ???? ??? Windows Live
    ???? Windows Live
    ?????? ??????? ?? Windows Live
    ??????? ??????????? ??? Windows Live
    &#1060;&#1086;&#1090;&#1086;&#1072;&#1083;&#1100;&#1073;&#1086;&#1084; Windows Live
    &#1060;&#1086;&#1090;&#1086;&#1075;&#1072;&#1083;&#1077;&#1088;&#1080;&#1103; &#1085;&#1072; Windows Live
    µTorrent
    &#1055;&#1054; Intel® PROSet/Wireless WiFi
    &#1055;&#1086;&#1095;&#1090;&#1072; Windows Live
    &#1055;&#1086;&#1076;&#1076;&#1077;&#1088;&#1078;&#1082;&#1072; &#1087;&#1088;&#1086;&#1075;&#1088;&#1072;&#1084;&#1084; Apple
    &#1054;&#1089;&#1085;&#1086;&#1074;&#1085;&#1099;&#1077; &#1082;&#1086;&#1084;&#1087;&#1086;&#1085;&#1077;&#1085;&#1090;&#1099; Windows Live
    &#1071;&#1079;&#1099;&#1082;&#1086;&#1074;&#1086;&#1081; &#1087;&#1072;&#1082;&#1077;&#1090; &#1082;&#1083;&#1080;&#1077;&#1085;&#1090;&#1089;&#1082;&#1086;&#1075;&#1086; &#1087;&#1088;&#1086;&#1092;&#1080;&#1083;&#1103; Microsoft.NET Framework 4 - RUS
    7-Zip 9.20
    Absolute Reminder
    Adobe Flash Player 10 ActiveX
    Adobe Reader X (10.1.5)
    Apple Mobile Device Support
    Apple Software Update
    Bing Bar
    Bonjour
    calibre 64bit
    CCleaner
    CyberLink YouCam
    D3DX10
    Dropbox
    E-POP
    Easy File Share
    Easy Settings
    Easy Software Manager
    Easy Support Center
    ETDWare PS/2-X64 10.7.13.1_WHQL
    ExpressCache
    Fast Flash Sleep Resume
    Fotogalerija Windows Live
    Galeria de Fotografias do Windows Live
    Galeria fotografica de Windows Live
    Galeria fotografii uslugi Windows Live
    Galerie de photos Windows Live
    Galerie foto Windows Live
    Google Chrome
    Intel PROSet Wireless
    Intel(R) Manageability Engine Firmware Recovery Agent
    Intel(R) Management Engine Components
    Intel(R) OpenCL CPU Runtime
    Intel(R) Processor Graphics
    Intel(R) PROSet/Wireless for Bluetooth(R) 3.0 + High Speed
    Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology
    Intel(R) Rapid Start Technology
    Intel(R) Rapid Storage Technology
    Intel(R) USB 3.0 eXtensible Host Controller Driver
    Intel(R) WiDi
    Intel(R) Wireless Display
    Intel® Trusted Connect Service Client
    iTunes
    Junk Mail filter update
    Mesh Runtime
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Client Profile RUS Language Pack
    Microsoft Application Error Reporting
    Microsoft Office 2010
    Microsoft Office Starter 2010 - &#1088;&#1091;&#1089;&#1089;&#1082;&#1080;&#1081;
    Microsoft Office &#1085;&#1072;&#1078;&#1084;&#1080; &#1080; &#1088;&#1072;&#1073;&#1086;&#1090;&#1072;&#1081; 2010
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    MSVCRT
    MSVCRT_amd64
    Multimedia POP
    Norton Online Backup
    OpenOffice.org 3.4.1
    Oracle VM VirtualBox 4.2.0
    Poczta uslugi Windows Live
    Podstawowe programy Windows Live
    Posta Windows Live
    Punto Switcher 3.2.8
    Raccolta foto di Windows Live
    Realtek Ethernet Controller Driver
    Realtek High Definition Audio Driver
    Samsung Recovery Solution 5
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
    Skype™ 5.10
    Software Launcher
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    User Guide
    WildTangent Games
    Windows Live
    Windows Live ??
    Windows Live ?? ???
    Windows Live ???
    Windows Live ????
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Foto-galerija
    Windows Live fotoattelu galerija
    Windows Live Fotogaleria
    Windows Live Fotogalerie
    Windows Live Fotogalleri
    Windows Live Fotograf Galerisi
    Windows Live Fototar
    Windows Live Galeria de Fotos
    Windows Live Galerija fotografija
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Language Selector
    Windows Live Mail
    Windows Live Mesh
    Windows Live Messenger
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live Posta
    Windows Live Remote Client
    Windows Live Remote Client Resources
    Windows Live Remote Service
    Windows Live Remote Service Resources
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live Temel Parcalar
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Windows Liven asennustyokalu
    Windows Liven sahkoposti
    Windows Liven valokuvavalikoima
    „Windows Live Essentials“
    „Windows Live Mail“
    „Windows Live Messenger“
    „Windows Live“ fotogalerija
    .
    ==== End Of File ===========================



    -----------------------------------
    gmer file


    GMER 2.1.19081 - http://www.gmer.net
    Rootkit scan 2013-02-23 20:01:51
    Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 Hitachi_ rev.GG2O 465,76GB
    Running: gmer.exe; Driver: C:\Users\1\AppData\Local\Temp\pxldqpoc.sys


    ---- Threads - GMER 2.1 ----

    Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4976:4708] 000007fefbd42a7c
    Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4976:4960] 000007fef9385124

    ---- Registry - GMER 2.1 ----

    Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\[email protected]#\4A\4B\[email protected]\4>\49\4A\4B\0042\4>\4 \0B\0l\0u\0e\0t\0o\0o\0t\0h\0 \0(\0?\[email protected]\4>\4B\4>\4:\4>\4;\4 \0R\0F\0C\0O\0M\0M\0 \0T\0D\0I\0) 1?
    Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\[email protected]#\4A\4B\[email protected]\4>\49\4A\4B\0042\0040\4 \0B\0l\0u\0e\0t\0o\0o\0t\0h\0 \0(\0;\48\4G\4=\4>\49\4 \0A\0045\4B\48\4) 1?
    Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\[email protected]\20\0044\0040\4?\4B\0045\[email protected]\4 \0M\0i\0c\0r\0o\0s\0o\0f\0t\0 \0I\0S\0A\0T\0A\0P 1?2?3?4?5?
    Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\[email protected]"\4C\4=\4=\0045\4;\4L\4=\4K\49\4 \0000\0044\0040\4?\4B\0045\[email protected]\4 \0M\0i\0c\0r\0o\0s\0o\0f\0t\0 \0T\0e\0r\0e\0d\0o 1?
    Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{93917AF0-AED1-44A9-9F2F-D334187FD326}\[email protected] isatap.{244A152A-E693-40F0-87E0-60F7E4127380}
    Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\[email protected] \Device\{E302E4E3-BB92-4008-B739-BA8E86872BDA}?\Device\{AC836A8E-6E6B-47C2-B34C-A192A289CC29}?\Device\{08D3969C-F217-4A4C-B160-B1242FBE44B9}?\Device\{24D4DACC-13AF-4468-A992-1C6FE0810215}?\Device\{93917AF0-AED1-44A9-9F2F-D334187FD326}?\Device\{D9FA9968-3C2F-42EF-BD7D-7EE9031EA056}?
    Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\[email protected] "{E302E4E3-BB92-4008-B739-BA8E86872BDA}"?"{AC836A8E-6E6B-47C2-B34C-A192A289CC29}"?"{08D3969C-F217-4A4C-B160-B1242FBE44B9}"?"{24D4DACC-13AF-4468-A992-1C6FE0810215}"?"{93917AF0-AED1-44A9-9F2F-D334187FD326}"?"{D9FA9968-3C2F-42EF-BD7D-7EE9031EA056}"?
    Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\[email protected] \Device\TCPIP6TUNNEL_{E302E4E3-BB92-4008-B739-BA8E86872BDA}?\Device\TCPIP6TUNNEL_{AC836A8E-6E6B-47C2-B34C-A192A289CC29}?\Device\TCPIP6TUNNEL_{08D3969C-F217-4A4C-B160-B1242FBE44B9}?\Device\TCPIP6TUNNEL_{24D4DACC-13AF-4468-A992-1C6FE0810215}?\Device\TCPIP6TUNNEL_{93917AF0-AED1-44A9-9F2F-D334187FD326}?\Device\TCPIP6TUNNEL_{D9FA9968-3C2F-42EF-BD7D-7EE9031EA056}?
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\44850005363c
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\c48508012fd8
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\c4850801bddb
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\c4850801e59f
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\c4850823c485
    Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{08D3969C-F217-4A4C-B160-B1242FBE44B9}@InterfaceName isatap.{5892DBED-8A45-4D0C-9150-349054445103}
    Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{08D3969C-F217-4A4C-B160-B1242FBE44B9}@ReusableType 0
    Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{93917AF0-AED1-44A9-9F2F-D334187FD326}@InterfaceName isatap.{244A152A-E693-40F0-87E0-60F7E4127380}
    Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{93917AF0-AED1-44A9-9F2F-D334187FD326}@ReusableType 0
    Reg HKLM\SYSTEM\ControlSet002\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\[email protected]#\4A\4B\[email protected]\4>\49\4A\4B\0042\4>\4 \0B\0l\0u\0e\0t\0o\0o\0t\0h\0 \0(\0?\[email protected]\4>\4B\4>\4:\4>\4;\4 \0R\0F\0C\0O\0M\0M\0 \0T\0D\0I\0) 1?
    Reg HKLM\SYSTEM\ControlSet002\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\[email protected]#\4A\4B\[email protected]\4>\49\4A\4B\0042\0040\4 \0B\0l\0u\0e\0t\0o\0o\0t\0h\0 \0(\0;\48\4G\4=\4>\49\4 \0A\0045\4B\48\4) 1?
    Reg HKLM\SYSTEM\ControlSet002\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\[email protected]\20\0044\0040\4?\4B\0045\[email protected]\4 \0M\0i\0c\0r\0o\0s\0o\0f\0t\0 \0I\0S\0A\0T\0A\0P 1?2?3?4?5?
    Reg HKLM\SYSTEM\ControlSet002\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\[email protected]"\4C\4=\4=\0045\4;\4L\4=\4K\49\4 \0000\0044\0040\4?\4B\0045\[email protected]\4 \0M\0i\0c\0r\0o\0s\0o\0f\0t\0 \0T\0e\0r\0e\0d\0o 1?
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\44850005363c (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\c48508012fd8 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\c4850801bddb (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\c4850801e59f (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\c4850823c485 (not active ControlSet)

    ---- Disk sectors - GMER 2.1 ----

    Disk \Device\Harddisk0\DR0 unknown MBR code

    ---- EOF - GMER 2.1 ----


    Best regards, Daria
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1090715

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice