Jump to content

Quantized

Members
 View Profile  See their activity

  • Posts

    5

  • Joined

  • Last visited

 Content Type 

Everything posted by Quantized

  1. Quantized
    Hey Maurice, Here is the ComboFix log, I ran it in normal windows mode. The problem still persists. ComboFix 12-07-11.02 - Sam 11/07/2012 20:41:17.3.4 - x64 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.61.1033.18.3894.2906 [GMT 9.5:30] Running from: c:\users\Sam\Desktop\Combo-Fix.exe Command switches used :: c:\users\Sam\Desktop\CFScript.txt SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Sam\AppData\Local\sqjwtlxb c:\users\Sam\AppData\Local\sqjwtlxb\bwbjhohs.exe . . ((((((((((((((((((((((((( Files Created from 2012-06-11 to 2012-07-11 ))))))))))))))))))))))))))))))) . . 2012-07-11 11:19 . 2012-07-11 11:19 -------- d-----w- c:\users\Sam\AppData\Local\sqjwtlxb 2012-07-11 11:17 . 2012-07-11 11:17 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-07-01 00:13 . 2012-07-01 00:13 -------- d-----w- c:\program files (x86)\ESET 2012-06-30 03:31 . 2012-06-30 03:31 -------- d-----w- c:\users\Sam\AppData\Roaming\Malwarebytes 2012-06-30 03:31 . 2012-06-30 03:31 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-06-30 03:31 . 2012-06-30 03:31 -------- d-----w- c:\programdata\Malwarebytes 2012-06-30 03:31 . 2012-04-04 06:26 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-06-30 01:07 . 2012-06-30 02:30 -------- d-----w- c:\program files (x86)\Diablo III 2012-06-30 01:07 . 2012-06-30 01:31 -------- d-----w- c:\programdata\Blizzard Entertainment 2012-06-30 01:07 . 2012-06-30 01:31 -------- d-----w- c:\program files (x86)\Common Files\Blizzard Entertainment 2012-06-30 01:06 . 2012-06-30 01:06 -------- d-----w- c:\programdata\Battle.net 2012-06-29 11:50 . 2012-06-29 11:50 -------- d-----w- c:\programdata\ATI 2012-06-29 11:45 . 2012-06-29 11:45 -------- d-----w- c:\programdata\AMD 2012-06-29 11:45 . 2012-06-29 11:45 -------- d-----w- c:\program files (x86)\AMD AVT 2012-06-29 11:45 . 2012-06-29 11:45 -------- d-----w- c:\program files (x86)\AMD APP 2012-06-29 11:45 . 2012-06-29 11:45 -------- d-----w- c:\program files\Common Files\ATI Technologies 2012-06-29 11:45 . 2012-06-29 11:45 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies 2012-06-29 11:23 . 2012-06-29 11:25 -------- d-----w- c:\users\Sam\AppData\Local\Ubisoft Game Launcher 2012-06-29 11:23 . 2012-06-29 13:11 -------- d-----w- c:\users\Sam\AppData\Roaming\Might & Magic Heroes VI . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-06-10 08:28 . 2012-04-06 15:16 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-06-10 08:28 . 2012-04-06 15:16 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-05-06 05:25 . 2012-04-15 11:25 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe . . ((((((((((((((((((((((((((((( SnapShot@2012-07-01_00.05.35 ))))))))))))))))))))))))))))))))))))))))) . + 2012-03-21 21:01 . 2012-07-11 11:09 25548 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10 . 2012-07-11 11:09 27700 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2012-03-20 22:27 . 2012-07-05 07:54 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2012-03-20 22:27 . 2012-06-30 23:50 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2012-03-20 22:27 . 2012-07-05 07:54 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2012-03-20 22:27 . 2012-06-30 23:50 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:54 . 2012-07-05 07:54 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-07-14 04:54 . 2012-06-30 23:50 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2012-03-21 03:00 . 2012-07-11 11:10 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2012-03-21 03:00 . 2012-06-30 06:56 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-07-14 04:46 . 2012-07-01 02:41 78432 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat + 2012-03-21 03:00 . 2012-07-11 11:10 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2012-03-21 03:00 . 2012-06-30 06:56 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2012-03-21 03:00 . 2012-07-11 11:10 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2012-03-21 03:00 . 2012-06-30 06:56 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2012-03-21 03:00 . 2012-06-30 06:57 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2012-03-21 03:00 . 2012-07-11 11:11 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2012-03-21 03:00 . 2012-07-11 11:11 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2012-03-21 03:00 . 2012-06-30 06:57 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2012-03-21 02:56 . 2012-07-11 11:09 8524 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1923409006-194560733-4056756558-1000_UserData.bin - 2012-07-01 00:05 . 2012-07-01 00:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-07-11 11:18 . 2012-07-11 11:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-07-11 11:18 . 2012-07-11 11:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2012-07-01 00:05 . 2012-07-01 00:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2009-07-14 02:36 . 2012-07-11 11:15 619642 c:\windows\system32\perfh009.dat + 2009-07-14 02:36 . 2012-07-11 11:15 107792 c:\windows\system32\perfc009.dat - 2012-06-30 04:35 . 2012-06-30 07:04 146352 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat + 2012-06-30 04:35 . 2012-07-09 16:34 146352 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat - 2009-07-14 05:01 . 2012-06-30 23:51 283212 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2009-07-14 05:01 . 2012-07-11 11:17 283212 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2009-07-14 04:45 . 2012-07-01 00:07 3837324 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat - 2009-07-14 04:45 . 2012-06-27 01:17 3837324 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat - 2012-03-21 21:18 . 2012-06-30 23:51 38127924 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1923409006-194560733-4056756558-1000-8192.dat + 2012-03-21 21:18 . 2012-07-11 11:17 38127924 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1923409006-194560733-4056756558-1000-8192.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-14 22:58 94208 ----a-w- c:\users\Sam\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-14 22:58 94208 ----a-w- c:\users\Sam\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-14 22:58 94208 ----a-w- c:\users\Sam\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Steam"="c:\program files (x86)\Steam\steam.exe" [2012-03-23 1242448] "BwbJhohs"="c:\users\Sam\AppData\Local\sqjwtlxb\bwbjhohs.exe" [2012-06-30 93708] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712] "VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-05 641664] . c:\users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ bwbjhohs.exe [2012-6-30 93708] Dropbox.lnk - c:\users\Sam\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-25 27112840] OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . R3 ALSysIO;ALSysIO;c:\users\Sam\AppData\Local\Temp\ALSysIO64.sys [x] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-06 129976] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-05 346144] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928] S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1c0e2d1db9f5b08e\AESTSr64.exe [2009-03-03 89600] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-04-06 236544] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-04-06 11174400] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-04-06 343040] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760] S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [2010-07-28 10610400] . . Contents of the 'Scheduled Tasks' folder . 2012-07-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1923409006-194560733-4056756558-1000Core.job - c:\users\Sam\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-21 22:12] . 2012-07-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1923409006-194560733-4056756558-1000UA.job - c:\users\Sam\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-21 22:12] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-14 22:58 97792 ----a-w- c:\users\Sam\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-14 22:58 97792 ----a-w- c:\users\Sam\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-14 22:58 97792 ----a-w- c:\users\Sam\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-14 22:58 97792 ----a-w- c:\users\Sam\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-01-14 487424] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-07-28 161304] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-07-28 386584] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-07-28 415256] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm TCP: DhcpNameServer = 61.9.226.33 61.9.242.33 FF - ProfilePath - c:\users\Sam\AppData\Roaming\Mozilla\Firefox\Profiles\35zqoirr.default\ . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\OpenOffice.org 3\program\soffice.exe c:\program files (x86)\OpenOffice.org 3\program\soffice.bin c:\users\Sam\AppData\Local\Temp\scvejqjcvnpkcyqe.exe c:\program files (x86)\Common Files\Steam\SteamService.exe . ************************************************************************** . Completion time: 2012-07-11 20:52:04 - machine was rebooted ComboFix-quarantined-files.txt 2012-07-11 11:22 ComboFix2.txt 2012-07-01 00:08 . Pre-Run: 270,055,886,848 bytes free Post-Run: 270,035,230,720 bytes free . - - End Of File - - 7489833DDAB1AD71DAB1A565B3C8F80C Upload was successful Thanks again!
  2. Quantized
    Hey Maurice, My apologies for running so many tools before coming here for help! Also sorry for the slow reply, I was unable to get to my computer over the weekend. Thanks again for your time! The RKreport was as follows: RogueKiller V7.6.3 [07/08/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7600 ) 64 bits version Started in : Normal mode User: Sam [Admin rights] Mode: Scan -- Date: 07/10/2012 02:01:07 ¤¤¤ Bad processes: 3 ¤¤¤ [sVCHOST] svchost.exe -- C:\Windows\SysWOW64\svchost.exe -> KILLED [TermProc] [sVCHOST] svchost.exe -- C:\Windows\SysWOW64\svchost.exe -> KILLED [TermProc] [sUSP PATH] scvejqjcvnpkcyqe.exe -- C:\Users\Sam\AppData\Local\Temp\scvejqjcvnpkcyqe.exe -> KILLED [TermProc] ¤¤¤ Registry Entries: 4 ¤¤¤ [sUSP PATH] HKCU\[...]\Run : BwbJhohs (C:\Users\Sam\AppData\Local\sqjwtlxb\bwbjhohs.exe) -> FOUND [sUSP PATH] HKUS\S-1-5-21-1923409006-194560733-4056756558-1000[...]\Run : BwbJhohs (C:\Users\Sam\AppData\Local\sqjwtlxb\bwbjhohs.exe) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver: [NOT LOADED] ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD5000BPKT-00PK4T0 ATA Device +++++ --- User --- [MBR] ecc35fa9cbb26bb9c09e65bc940129f1 [bSP] 632714b9efe8543cfb2c3e457c227cb5 : Windows 7 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 476838 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1].txt >> RKreport[1].txt
  3. Quantized
    Ugh sorry for the triple post, but ComboFix hasn't work, on restarting the UAC prompt is back. When ComboFix restarted the computer less proccess seemed to be running so perhaps that made it seemed fixed, or maybe reconnecting to the internet caused the problem, who knows. Anyway, back to square one!. Once again sorry for the triple post. Thanks! Sam
  4. Quantized
    Firstly, sorry for posting again, I am not bumping this intentionally however I don't believe I can edit my post. I just wanted to update that I ran RKill in SafeMode and then ran ComboFix and I am now posting this from normal mode, i got no pop-up for UAC and can access this website, however I'm not convinced that this means the virus is completely removed etc. What would you advise I do now? I will update if the symptoms re-occur. I suppose the real question is whether I should still reformat. The ComboFix log is below. I ran RKill twice so the log says nothing, however the only proccess cancelled was a rundll32.exe in the syswow64 folder I believe. Once again, many thanks for this! ComboFix ComboFix 12-06-30.01 - Sam 05/07/2012 22:28:07.2.4 - x64 MINIMAL Microsoft Windows 7 Home Premium 6.1.7600.0.1252.61.1033.18.3894.3177 [GMT 9.5:30] Running from: c:\users\Sam\Downloads\ComboFix.exe SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Sam\AppData\Local\cxbbfnpr.log c:\users\Sam\AppData\Local\doiobkto.log c:\users\Sam\AppData\Local\eoxhyrwi.log c:\users\Sam\AppData\Local\hhvuyefd.log c:\users\Sam\AppData\Local\oqcfydxf.log c:\users\Sam\AppData\Local\qjsclcci.log c:\users\Sam\AppData\Local\sqjwtlxb\bwbjhohs.exe c:\users\Sam\AppData\Local\uxlnfjba.log . . ((((((((((((((((((((((((( Files Created from 2012-06-05 to 2012-07-05 ))))))))))))))))))))))))))))))) . . 2012-07-05 13:03 . 2012-07-05 13:03 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-07-01 00:13 . 2012-07-01 00:13 -------- d-----w- c:\program files (x86)\ESET 2012-06-30 03:31 . 2012-06-30 03:31 -------- d-----w- c:\users\Sam\AppData\Roaming\Malwarebytes 2012-06-30 03:31 . 2012-06-30 03:31 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-06-30 03:31 . 2012-06-30 03:31 -------- d-----w- c:\programdata\Malwarebytes 2012-06-30 03:31 . 2012-04-04 06:26 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-06-30 03:13 . 2012-07-05 13:03 -------- d-----w- c:\users\Sam\AppData\Local\sqjwtlxb 2012-06-30 03:13 . 2012-06-30 03:13 93708 --s---w- c:\users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bwbjhohs.exe 2012-06-30 01:07 . 2012-06-30 02:30 -------- d-----w- c:\program files (x86)\Diablo III 2012-06-30 01:07 . 2012-06-30 01:31 -------- d-----w- c:\programdata\Blizzard Entertainment 2012-06-30 01:07 . 2012-06-30 01:31 -------- d-----w- c:\program files (x86)\Common Files\Blizzard Entertainment 2012-06-30 01:06 . 2012-06-30 01:06 -------- d-----w- c:\programdata\Battle.net 2012-06-29 11:50 . 2012-06-29 11:50 -------- d-----w- c:\programdata\ATI 2012-06-29 11:45 . 2012-06-29 11:45 -------- d-----w- c:\programdata\AMD 2012-06-29 11:45 . 2012-06-29 11:45 -------- d-----w- c:\program files (x86)\AMD AVT 2012-06-29 11:45 . 2012-06-29 11:45 -------- d-----w- c:\program files (x86)\AMD APP 2012-06-29 11:45 . 2012-06-29 11:45 -------- d-----w- c:\program files\Common Files\ATI Technologies 2012-06-29 11:45 . 2012-06-29 11:45 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies 2012-06-29 11:23 . 2012-06-29 11:25 -------- d-----w- c:\users\Sam\AppData\Local\Ubisoft Game Launcher 2012-06-29 11:23 . 2012-06-29 13:11 -------- d-----w- c:\users\Sam\AppData\Roaming\Might & Magic Heroes VI . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-06-10 08:28 . 2012-04-06 15:16 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-06-10 08:28 . 2012-04-06 15:16 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-05-06 05:25 . 2012-04-15 11:25 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe . . ((((((((((((((((((((((((((((( SnapShot@2012-07-01_00.05.35 ))))))))))))))))))))))))))))))))))))))))) . + 2012-03-21 21:01 . 2012-07-05 07:52 25374 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10 . 2012-07-05 07:52 27652 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2012-03-20 22:27 . 2012-07-05 07:54 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2012-03-20 22:27 . 2012-06-30 23:50 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2012-03-20 22:27 . 2012-07-05 07:54 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2012-03-20 22:27 . 2012-06-30 23:50 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:54 . 2012-07-05 07:54 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-07-14 04:54 . 2012-06-30 23:50 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2012-03-21 03:00 . 2012-07-05 07:53 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2012-03-21 03:00 . 2012-06-30 06:56 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-07-14 04:46 . 2012-07-01 02:41 78432 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat + 2012-03-21 03:00 . 2012-07-05 07:53 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2012-03-21 03:00 . 2012-06-30 06:56 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2012-03-21 03:00 . 2012-06-30 06:56 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2012-03-21 03:00 . 2012-07-05 07:53 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2012-03-21 03:00 . 2012-07-05 07:53 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2012-03-21 03:00 . 2012-06-30 06:57 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2012-03-21 03:00 . 2012-06-30 06:57 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2012-03-21 03:00 . 2012-07-05 07:53 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2012-03-21 02:56 . 2012-07-05 07:52 8184 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1923409006-194560733-4056756558-1000_UserData.bin + 2012-07-05 13:04 . 2012-07-05 13:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2012-07-01 00:05 . 2012-07-01 00:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2009-07-14 02:36 . 2012-07-01 00:00 619206 c:\windows\system32\perfh009.dat + 2009-07-14 02:36 . 2012-07-05 12:12 619206 c:\windows\system32\perfh009.dat + 2009-07-14 02:36 . 2012-07-05 12:12 107388 c:\windows\system32\perfc009.dat - 2009-07-14 02:36 . 2012-07-01 00:00 107388 c:\windows\system32\perfc009.dat - 2012-06-30 04:35 . 2012-06-30 07:04 146352 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat + 2012-06-30 04:35 . 2012-07-05 07:34 146352 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat - 2009-07-14 05:01 . 2012-06-30 23:51 283212 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2009-07-14 05:01 . 2012-07-05 07:55 283212 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat - 2009-07-14 04:45 . 2012-06-27 01:17 3837324 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat + 2009-07-14 04:45 . 2012-07-01 00:07 3837324 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat + 2012-03-21 21:18 . 2012-07-05 07:55 38127924 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1923409006-194560733-4056756558-1000-8192.dat - 2012-03-21 21:18 . 2012-06-30 23:51 38127924 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1923409006-194560733-4056756558-1000-8192.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-14 22:58 94208 ----a-w- c:\users\Sam\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-14 22:58 94208 ----a-w- c:\users\Sam\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-14 22:58 94208 ----a-w- c:\users\Sam\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Steam"="c:\program files (x86)\Steam\steam.exe" [2012-03-23 1242448] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712] "VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-05 641664] . c:\users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ bwbjhohs.exe [2012-6-30 93708] Dropbox.lnk - c:\users\Sam\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-25 27112840] OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . R3 ALSysIO;ALSysIO;c:\users\Sam\AppData\Local\Temp\ALSysIO64.sys [x] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-06 129976] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-05 346144] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928] S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1c0e2d1db9f5b08e\AESTSr64.exe [2009-03-03 89600] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-04-06 236544] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-04-06 11174400] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-04-06 343040] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760] S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [2010-07-28 10610400] . . Contents of the 'Scheduled Tasks' folder . 2012-07-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1923409006-194560733-4056756558-1000Core.job - c:\users\Sam\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-21 22:12] . 2012-07-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1923409006-194560733-4056756558-1000UA.job - c:\users\Sam\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-21 22:12] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-14 22:58 97792 ----a-w- c:\users\Sam\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-14 22:58 97792 ----a-w- c:\users\Sam\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-14 22:58 97792 ----a-w- c:\users\Sam\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-14 22:58 97792 ----a-w- c:\users\Sam\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-01-14 487424] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-07-28 161304] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-07-28 386584] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-07-28 415256] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm TCP: DhcpNameServer = 192.168.20.1 FF - ProfilePath - c:\users\Sam\AppData\Roaming\Mozilla\Firefox\Profiles\35zqoirr.default\ . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKCU-Run-BwbJhohs - c:\users\Sam\AppData\Local\sqjwtlxb\bwbjhohs.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\OpenOffice.org 3\program\soffice.exe c:\program files (x86)\OpenOffice.org 3\program\soffice.bin . ************************************************************************** . Completion time: 2012-07-05 22:37:11 - machine was rebooted ComboFix-quarantined-files.txt 2012-07-05 13:07 ComboFix2.txt 2012-07-01 00:08 . Pre-Run: 267,319,709,696 bytes free Post-Run: 267,286,204,416 bytes free . - - End Of File - - 152DDA10094BD38173F3B7B1B753B074
  5. Quantized
    Hello there! My laptop has recently been infected by what as far as I can tell is referred to as the "Windows Command Process Virus'. The symptoms are: - As soon as I log in a UAC pop up asks to change the UAC settings down to their lowest setting. - I cant visit any anti-virus related websites such as this one, or even microsoft.com etc. - I can't run Chrome (Firefox/IE still work), I also can't run MBAM etc. Since noticing the virus I have tried a few things to remove it without success, namely: Run MBAM in safe mode (as I can't run it in non-safe mode) both a full scan and quick scan. Run MBAM directly after running RKill in safe mode. Run ComboFix in safe mode. Run ESETscan in non-safe mode. I will post the logs of the above scans below as well as the logs from a DDS scan (run in normal windows mode more recently than any attempted fix). I cannot find the ComboFix log.txt file at the moment. The above scans have obviously been unsuccessful despite in some cases detecting the virus (ESET shows the presence of Ramnit.A, the other scans did not specifically but all of them located the .exe in my temp folder). I've read in some places that with the Ramnit virus the only safe option is to reformat, although this is obviously not my first preference I am happy to do it if neccesary but it would be good to know if I do need to, and in the case that I do need to which files I can safely backup without worrying about the virus spreading. For instance I have a dropbox attatched to the laptop with .doc/.pdf/image files, would they be infected and if so then it is likely the other users connected to the dropbox would also have issues. Thank you very much for your time! Sam DDS Scan: . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22 Run by Sam at 17:24:28 on 2012-07-05 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.61.1033.18.3894.2734 [GMT 9.5:30] . SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1c0e2d1db9f5b08e\STacSV64.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\atieclxx.exe C:\Windows\system32\WLANExt.exe C:\Windows\system32\conhost.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1c0e2d1db9f5b08e\AESTSr64.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\IDT\WDM\sttray64.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\System32\igfxpers.exe C:\Users\Sam\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe C:\Users\Sam\AppData\Local\Temp\scvejqjcvnpkcyqe.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\UserAccountControlSettings.exe C:\Windows\system32\consent.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\vssvc.exe C:\Windows\System32\svchost.exe -k swprv C:\Windows\system32\sppsvc.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe . ============== Pseudo HJT Report =============== . BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll uRun: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent uRun: [bwbJhohs] C:\Users\Sam\AppData\Local\sqjwtlxb\bwbjhohs.exe mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml StartupFolder: C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bwbjhohs.exe StartupFolder: C:\Users\Sam\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Sam\AppData\Roaming\Dropbox\bin\Dropbox.exe StartupFolder: C:\Users\Sam\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab TCP: DhcpNameServer = 192.168.20.1 TCP: Interfaces\{43BEB823-1498-400F-8A77-5FF66ADFA1D9} : DhcpNameServer = 192.168.20.1 TCP: Interfaces\{43BEB823-1498-400F-8A77-5FF66ADFA1D9}\24967605F6E64603134463 : DhcpNameServer = 61.9.226.33 61.9.242.33 TCP: Interfaces\{43BEB823-1498-400F-8A77-5FF66ADFA1D9}\7405E65647 : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{75B9AB0C-B310-4F83-A9EE-FC47FBA3989F} : DhcpNameServer = 192.168.42.129 BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun-x64: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Sam\AppData\Roaming\Mozilla\Firefox\Profiles\35zqoirr.default\ FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll FF - plugin: C:\Users\Sam\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll . ============= SERVICES / DRIVERS =============== . R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-4 63928] R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1c0e2d1db9f5b08e\AESTSr64.exe [2012-3-22 89600] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?] R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?] R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?] R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?] R3 intelkmd;intelkmd;C:\Windows\system32\DRIVERS\igdpmd64.sys --> C:\Windows\system32\DRIVERS\igdpmd64.sys [?] S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-7 129976] S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?] . =============== Created Last 30 ================ . 2012-07-01 00:13:56 -------- d-----w- C:\Program Files (x86)\ESET 2012-07-01 00:05:36 -------- d-sh--w- C:\$RECYCLE.BIN 2012-06-30 23:56:47 98816 ----a-w- C:\Windows\sed.exe 2012-06-30 23:56:47 518144 ----a-w- C:\Windows\SWREG.exe 2012-06-30 23:56:47 256000 ----a-w- C:\Windows\PEV.exe 2012-06-30 23:56:47 208896 ----a-w- C:\Windows\MBR.exe 2012-06-30 03:31:06 -------- d-----w- C:\Users\Sam\AppData\Roaming\Malwarebytes 2012-06-30 03:31:02 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-06-30 03:31:02 -------- d-----w- C:\ProgramData\Malwarebytes 2012-06-30 03:31:02 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-06-30 03:13:22 -------- d-----w- C:\Users\Sam\AppData\Local\sqjwtlxb 2012-06-30 01:07:21 -------- d-----w- C:\ProgramData\Blizzard Entertainment 2012-06-30 01:07:21 -------- d-----w- C:\Program Files (x86)\Diablo III 2012-06-30 01:07:21 -------- d-----w- C:\Program Files (x86)\Common Files\Blizzard Entertainment 2012-06-30 01:06:16 -------- d-----w- C:\ProgramData\Battle.net 2012-06-29 11:45:39 -------- d-----w- C:\ProgramData\AMD 2012-06-29 11:45:39 -------- d-----w- C:\Program Files (x86)\AMD AVT 2012-06-29 11:45:37 -------- d-----w- C:\Program Files (x86)\AMD APP 2012-06-29 11:45:33 -------- d-----w- C:\Program Files\Common Files\ATI Technologies 2012-06-29 11:45:33 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies 2012-06-29 11:23:29 -------- d-----w- C:\Users\Sam\AppData\Local\Ubisoft Game Launcher 2012-06-29 11:23:28 -------- d-----w- C:\Users\Sam\AppData\Roaming\Might & Magic Heroes VI . ==================== Find3M ==================== . 2012-06-10 08:28:00 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-06-10 08:28:00 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-05-06 05:25:16 8744608 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe . ============= FINISH: 17:24:39.75 =============== DDS Attach.txt ------------------------------------------------------------------------------------------ . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 21/03/2012 9:22:48 AM System Uptime: 5/07/2012 5:20:33 PM (0 hours ago) . Motherboard: Hewlett-Packard | | 1436 Processor: Intel® Core™ i5 CPU M 520 @ 2.40GHz | CPU | 2400/1066mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 466 GiB total, 248.993 GiB free. D: is CDROM () E: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: Description: PCI Simple Communications Controller Device ID: PCI\VEN_8086&DEV_3B64&SUBSYS_1436103C&REV_06\3&11583659&0&B0 Manufacturer: Name: PCI Simple Communications Controller PNP Device ID: PCI\VEN_8086&DEV_3B64&SUBSYS_1436103C&REV_06\3&11583659&0&B0 Service: . Class GUID: Description: Device ID: ACPI\HPQ0004\3&11583659&0 Manufacturer: Name: PNP Device ID: ACPI\HPQ0004\3&11583659&0 Service: . ==== System Restore Points =================== . RP21: 11/06/2012 5:37:17 PM - Scheduled Checkpoint RP22: 20/06/2012 12:34:28 PM - Scheduled Checkpoint RP23: 24/06/2012 9:33:35 PM - Windows Modules Installer RP24: 29/06/2012 8:51:29 PM - Installed DirectX RP25: 29/06/2012 8:52:43 PM - Installed Ubisoft Game Launcher RP26: 30/06/2012 2:09:14 PM - Removed Skype™ 5.9 . ==== Installed Programs ====================== . Adobe Flash Player 11 ActiveX Adobe Reader X (10.1.3) Age of Empires® III: Complete Collection µTorrent Borderlands Catalyst Control Center Catalyst Control Center - Branding Catalyst Control Center Graphics Previews Common Catalyst Control Center InstallProxy Catalyst Control Center Localization All CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish Compatibility Pack for the 2007 Office system COMSOL 3.5a Datcom and associated programs Diablo III Dota 2 Dropbox ESET Online Scanner v3 Google Chrome IDT Audio Java Auto Updater Java™ 6 Update 22 League of Legends Malwarebytes Anti-Malware version 1.61.0.1400 Microsoft Office Word Viewer 2003 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Might & Magic ® Heroes ® VI MiKTeX 2.9 Mozilla Firefox 12.0 (x86 en-GB) Mozilla Maintenance Service Notepad++ NVIDIA PhysX v8.10.29 OpenOffice.org 3.3 Pando Media Booster pdfsam PX Profile Update Realtek Ethernet Controller Driver For Windows 7 Steam TexMakerX 2.1 TeXnicCenter Version 1.0 Stable RC1 Ubisoft Game Launcher VirtualCloneDrive VLC media player 2.0.1 . ==== Event Viewer Messages From Past Week ======== . 5/07/2012 5:15:46 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. 5/07/2012 5:06:20 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start. 5/07/2012 5:06:05 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 5/07/2012 5:06:05 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 5/07/2012 5:06:04 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 5/07/2012 5:05:58 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 5/07/2012 5:05:50 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\bcmihvsrv64.dll Error Code: 21 5/07/2012 5:05:33 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache ElbyCDIO spldr Wanarpv6 30/06/2012 5:47:25 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B68-F52A-11D8-B9A5-505054503030} 30/06/2012 4:23:53 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start. 30/06/2012 4:23:52 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89} 30/06/2012 4:23:52 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E} 30/06/2012 4:23:37 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache ElbyCDIO NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf 30/06/2012 4:23:36 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 30/06/2012 4:23:36 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 30/06/2012 4:23:36 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning. 30/06/2012 4:23:36 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 30/06/2012 4:23:36 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 30/06/2012 4:23:36 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning. 30/06/2012 4:23:36 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 30/06/2012 4:23:36 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 30/06/2012 4:23:36 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning. 30/06/2012 4:23:36 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 30/06/2012 3:04:56 PM, Error: Application Popup [1060] - \??\C:\Users\Sam\AppData\Local\Temp\ilyqhldf.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. 30/06/2012 10:31:37 AM, Error: srv [2017] - The server was unable to allocate from the system nonpaged pool because the server reached the configured limit for nonpaged pool allocations. 1/07/2012 9:35:13 AM, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: The specified module could not be found. 1/07/2012 9:34:01 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. 1/07/2012 9:33:38 AM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. 1/07/2012 9:26:48 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623} 1/07/2012 9:19:18 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service VSS with arguments "" in order to run the server: {0B5A2C52-3EB9-470A-96E2-6C6D4570E40F} 1/07/2012 9:17:26 AM, Error: Microsoft-Windows-Directory-Services-SAM [12291] - SAM failed to start the TCP/IP or SPX/IPX listening thread . ==== End Of File =========================== MBAM Full Scan: ---------------------------------------------------------------------------------- Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Database version: v2012.06.30.01 Windows 7 x64 NTFS (Safe Mode) Internet Explorer 8.0.7600.16385 Sam :: AWESOME [administrator] 30/06/2012 3:22:23 PM mbam-log-2012-06-30 (15-22-23).txt Scan type: Full scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 628874 Time elapsed: 39 minute(s), 23 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) ---------------------------------------------------------------------------------------------------------------------- ESETscan: C:\Qoobox\Quarantine\C\Users\Sam\AppData\Local\sqjwtlxb\bwbjhohs.exe.vir Win32/Ramnit.A virus cleaned by deleting - quarantined C:\Users\Sam\AppData\Local\Mozilla\Firefox\Profiles\35zqoirr.default\Cache\1\AA\69E4Ed01 HTML/ScrInject.B.Gen virus deleted - quarantined C:\Users\Sam\AppData\Local\Temp\scvejqjcvnpkcyqe.exe Win32/Ramnit.A virus cleaned by deleting - quarantined C:\Users\Sam\Datcom\bin\AC3DVIEW.exe a variant of Win32/Packed.MoleboxSVS.A application cleaned by deleting - quarantined C:\Users\Sam\Datcom\bin\DATCOM.exe a variant of Win32/Packed.MoleboxSVS.A application cleaned by deleting - quarantined C:\Users\Sam\Datcom\bin\WGNUPLOT.exe a variant of Win32/Packed.MoleboxSVS.A application cleaned by deleting - quarantined C:\Users\Sam\Downloads\ADA.EASE.4.1.0.7.DEVELOPER.VERSION.EMT36.ISO a variant of Win32/HackTool.Patcher.A application deleted - quarantined C:\Users\Sam\Downloads\Datcom+_Pro_3.1.1.e.exe a variant of Win32/Packed.MoleboxSVS.A application cleaned by deleting - quarantined Operating memory probably a variant of Win32/Ramnit.L virus
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.