doran66

Members

View Profile See their activity

Posts
8
Joined
November 24, 2012
Last visited
November 25, 2012

Reputation

0 Neutral

doran66

MrCharlie
MrCharlie was fantastic, very fast response and clear instructions. Thank you for cleaning my computer.
- November 25, 2012
Cannot fully remove Trojan

doran66 replied to doran66's topic in Resolved Malware Removal Logs

As I mentioned in my first post, MSE would remove Trojans, I would get a clean scan, then they would come back. One forum I found mentioned that uninstalling Java first would allow MSE to find the problem. I tried this, scanned, and picked up problem files it hadn't before. Anyways, here is the checkup.txt: Results of screen317's Security Check version 0.99.56 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Microsoft Security Essentials Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.65.1.1000 Adobe Flash Player 11.4.402.287 Flash Player out of Date! Adobe Reader 9 Adobe Reader out of Date! Mozilla Firefox (9.0.1) Google Chrome 22.0.1229.95 Google Chrome 23.0.1271.64 ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 20% Defragment your hard drive soon! (Do NOT defrag if SSD!) ````````````````````End of Log``````````````````````
- November 25, 2012
- 16 replies
Cannot fully remove Trojan

doran66 replied to doran66's topic in Resolved Malware Removal Logs

Everything is good right now, it took a bit today for problems to start up again after I uninstalled java last night. Is there anything else we need to try at this time? Again, thank you very much for your assistance.
- November 25, 2012
- 16 replies
Cannot fully remove Trojan

doran66 replied to doran66's topic in Resolved Malware Removal Logs

Results from AdwCleaner: # AdwCleaner v2.009 - Logfile created 11/24/2012 at 15:35:37 # Updated 24/11/2012 by Xplode # Operating system : Windows 7 Professional Service Pack 1 (64 bits) # User : DCHAM - DCHAM102086 # Boot Mode : Normal # Running from : C:\Users\DCHAM\Downloads\adwcleaner.exe # Option [search] ***** [services] ***** ***** [Files / Folders] ***** ***** [Registry] ***** ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16421 [OK] Registry is clean. -\\ Mozilla Firefox v9.0.1 (en-US) Profile name : default File : C:\Users\DCHAM\AppData\Roaming\Mozilla\Firefox\Profiles\xxrtogqb.default\prefs.js [OK] File is clean. -\\ Google Chrome v [unable to get version] File : C:\Users\DCHAM\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [899 octets] - [24/11/2012 15:35:37] ########## EOF - C:\AdwCleaner[R1].txt - [958 octets] ##########
- November 24, 2012
- 16 replies
Cannot fully remove Trojan

doran66 replied to doran66's topic in Resolved Malware Removal Logs

Here is the latest ComboFix.txt Thanks ComboFix 12-11-24.02 - DCHAM 11/24/2012 14:24:42.3.8 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.12279.9685 [GMT -8:00] Running from: c:\users\DCHAM\Desktop\ComboFix.exe Command switches used :: c:\users\DCHAM\Desktop\CFScript.txt AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C} SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\DCHAM\AppData\Roaming\Microsoft\Xyqzwni c:\users\DCHAM\AppData\Roaming\Microsoft\Xyqzwni\dymwbvu.ain c:\users\DCHAM\AppData\Roaming\Microsoft\Xyqzwni\xyqzwn.dll c:\users\DCHAM\AppData\Roaming\Microsoft\Xyqzwni\xyqzwni32.dll . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_cuyyjphks . . ((((((((((((((((((((((((( Files Created from 2012-10-24 to 2012-11-24 ))))))))))))))))))))))))))))))) . . 2012-11-24 22:28 . 2012-11-24 22:28 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp 2012-11-24 22:28 . 2012-11-24 22:28 -------- d-----w- c:\users\Mcx2-DCHAM102086\AppData\Local\temp 2012-11-24 22:28 . 2012-11-24 22:28 -------- d-----w- c:\users\Mcx1-DCHAM102086\AppData\Local\temp 2012-11-24 22:28 . 2012-11-24 22:28 -------- d-----w- c:\users\Guest\AppData\Local\temp 2012-11-24 22:28 . 2012-11-24 22:28 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-11-24 21:12 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3EBD00C5-97C4-4A77-A4BF-552F2DD63B10}\mpengine.dll 2012-11-24 18:42 . 2012-11-24 18:42 -------- d-----w- C:\MBAR 2012-11-24 16:33 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-11-24 05:28 . 2012-11-24 05:32 -------- d-----w- c:\program files\HitmanPro 2012-11-24 05:28 . 2012-11-24 05:31 -------- d-----w- c:\programdata\HitmanPro 2012-11-19 06:16 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys 2012-11-19 06:16 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys 2012-11-19 06:16 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui 2012-11-19 06:16 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll 2012-11-19 06:11 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll 2012-11-19 06:11 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll 2012-11-19 06:11 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys 2012-11-19 06:11 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys 2012-11-19 06:11 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe 2012-11-19 06:11 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll 2012-11-19 06:11 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll 2012-11-19 01:13 . 2012-11-19 01:13 -------- d-----w- C:\Brother 2012-11-19 01:13 . 2005-01-17 07:10 45056 ----a-w- c:\windows\SysWow64\BRTCPCON.DLL 2012-11-19 01:13 . 2010-05-10 08:45 103736 ----a-w- c:\windows\SysWow64\BRRBTOOL.EXE 2012-11-19 01:13 . 2010-04-02 05:33 25299 ----a-w- c:\windows\SysWow64\BRLM03A.DLL 2012-11-19 01:13 . 2004-08-09 06:42 77824 ----a-w- c:\windows\SysWow64\BRLMW03A.DLL 2012-11-19 01:13 . 2010-08-03 04:57 217088 ----a-w- c:\windows\SysWow64\NSSearch.dll 2012-11-19 01:13 . 2010-03-16 03:56 2560 ----a-w- c:\windows\SysWow64\BrDctF2S.dll 2012-11-19 01:13 . 2010-03-16 03:45 73728 ----a-w- c:\windows\SysWow64\BrDctF2.dll 2012-11-19 01:13 . 2007-12-14 06:16 5120 ----a-w- c:\windows\SysWow64\BrDctF2L.dll 2012-11-19 01:13 . 2012-11-19 01:13 -------- d-----w- c:\program files (x86)\Brother 2012-11-19 01:12 . 2010-02-05 19:42 180224 ----a-w- c:\windows\SysWow64\BroSNMP.dll 2012-11-19 01:12 . 2012-11-19 01:13 -------- d-----w- c:\programdata\Brother 2012-11-11 14:02 . 2012-11-11 14:02 -------- d-----w- c:\program files (x86)\CodeFromThe70s.org 2012-11-03 02:59 . 2012-11-03 02:59 -------- d-----w- c:\programdata\ATI 2012-11-03 02:59 . 2012-11-03 02:59 -------- d-----w- c:\program files (x86)\AMD AVT 2012-11-03 02:55 . 2012-09-14 19:19 2048 ----a-w- c:\windows\system32\tzres.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-11-19 06:11 . 2009-11-25 22:16 66395536 ----a-w- c:\windows\system32\MRT.exe 2012-11-11 13:20 . 2012-08-11 05:34 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-11-11 13:20 . 2011-06-13 04:40 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-09-30 03:54 . 2009-12-18 03:13 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-09-28 22:37 . 2012-09-28 22:37 221696 ----a-w- c:\windows\system32\clinfo.exe 2012-09-28 22:36 . 2012-09-28 22:36 75776 ----a-w- c:\windows\system32\OpenVideo64.dll 2012-09-28 22:36 . 2012-09-28 22:36 65536 ----a-w- c:\windows\SysWow64\OpenVideo.dll 2012-09-28 22:36 . 2012-09-28 22:36 63488 ----a-w- c:\windows\system32\OVDecode64.dll 2012-09-28 22:36 . 2012-09-28 22:36 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll 2012-09-28 22:36 . 2012-09-28 22:36 32635904 ----a-w- c:\windows\system32\amdocl64.dll 2012-09-28 22:32 . 2012-09-28 22:32 27341824 ----a-w- c:\windows\SysWow64\amdocl.dll 2012-09-28 15:59 . 2012-10-21 00:57 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{19A2954B-16CD-43F8-8340-5ECEF9BDE0B1}\gapaengine.dll 2012-09-28 15:59 . 2011-03-26 03:35 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll 2012-09-28 02:23 . 2012-09-28 02:23 5557928 ----a-w- c:\windows\SysWow64\atiumdag.dll 2012-09-28 02:21 . 2012-09-28 02:21 10697216 ----a-w- c:\windows\system32\drivers\atikmdag.sys 2012-09-28 02:05 . 2012-09-28 02:05 70144 ----a-w- c:\windows\system32\coinst_9.002.dll 2012-09-28 02:03 . 2012-09-28 02:03 163840 ----a-w- c:\windows\system32\atiapfxx.exe 2012-09-28 02:02 . 2012-09-28 02:02 51200 ----a-w- c:\windows\system32\aticalrt64.dll 2012-09-28 02:02 . 2012-09-28 02:02 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll 2012-09-28 02:02 . 2012-09-28 02:02 44544 ----a-w- c:\windows\system32\aticalcl64.dll 2012-09-28 02:02 . 2012-09-28 02:02 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll 2012-09-28 02:02 . 2012-09-28 02:02 16082432 ----a-w- c:\windows\system32\aticaldd64.dll 2012-09-28 01:59 . 2012-09-28 01:59 23825920 ----a-w- c:\windows\system32\atio6axx.dll 2012-09-28 01:57 . 2012-09-28 01:57 13703168 ----a-w- c:\windows\SysWow64\aticaldd.dll 2012-09-28 01:43 . 2011-11-10 03:16 935424 ----a-w- c:\windows\SysWow64\aticfx32.dll 2012-09-28 01:41 . 2010-05-05 02:18 1120768 ----a-w- c:\windows\system32\aticfx64.dll 2012-09-28 01:41 . 2012-09-28 01:41 19624960 ----a-w- c:\windows\SysWow64\atioglxx.dll 2012-09-28 01:39 . 2012-06-11 17:16 6536192 ----a-w- c:\windows\SysWow64\atidxx32.dll 2012-09-28 01:39 . 2012-09-28 01:39 442368 ----a-w- c:\windows\system32\atidemgy.dll 2012-09-28 01:39 . 2012-09-28 01:39 538112 ----a-w- c:\windows\system32\atieclxx.exe 2012-09-28 01:38 . 2012-09-28 01:38 239616 ----a-w- c:\windows\system32\atiesrxx.exe 2012-09-28 01:36 . 2012-09-28 01:36 120320 ----a-w- c:\windows\system32\atitmm64.dll 2012-09-28 01:36 . 2012-09-28 01:36 21504 ----a-w- c:\windows\system32\atimuixx.dll 2012-09-28 01:36 . 2012-09-28 01:36 59392 ----a-w- c:\windows\system32\atiedu64.dll 2012-09-28 01:36 . 2012-09-28 01:36 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll 2012-09-28 01:31 . 2011-05-25 03:18 3127296 ----a-w- c:\windows\system32\atiumd6a.dll 2012-09-28 01:25 . 2011-05-25 03:33 6704640 ----a-w- c:\windows\system32\atiumd64.dll 2012-09-28 01:22 . 2009-11-04 15:31 7167488 ----a-w- c:\windows\system32\atidxx64.dll 2012-09-28 01:22 . 2012-09-28 01:22 2691584 ----a-w- c:\windows\SysWow64\atiumdva.dll 2012-09-28 01:13 . 2012-09-28 01:13 595456 ----a-w- c:\windows\system32\atiadlxx.dll 2012-09-28 01:13 . 2012-09-28 01:13 405504 ----a-w- c:\windows\SysWow64\atiadlxy.dll 2012-09-28 01:13 . 2012-09-28 01:13 17920 ----a-w- c:\windows\system32\atig6pxx.dll 2012-09-28 01:13 . 2012-09-28 01:13 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll 2012-09-28 01:13 . 2012-09-28 01:13 14848 ----a-w- c:\windows\system32\atiglpxx.dll 2012-09-28 01:13 . 2012-09-28 01:13 41984 ----a-w- c:\windows\system32\atig6txx.dll 2012-09-28 01:13 . 2012-09-28 01:13 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll 2012-09-28 01:12 . 2012-09-28 01:12 56320 ----a-w- c:\windows\system32\atimpc64.dll 2012-09-28 01:12 . 2012-09-28 01:12 56320 ----a-w- c:\windows\system32\amdpcom64.dll 2012-09-28 01:12 . 2012-09-28 01:12 460288 ----a-w- c:\windows\system32\drivers\atikmpag.sys 2012-09-28 01:12 . 2012-09-28 01:12 56832 ----a-w- c:\windows\SysWow64\atimpc32.dll 2012-09-28 01:12 . 2012-09-28 01:12 56832 ----a-w- c:\windows\SysWow64\amdpcom32.dll 2012-09-28 01:11 . 2011-05-25 03:24 129536 ----a-w- c:\windows\system32\atiuxp64.dll 2012-09-28 01:11 . 2011-05-25 03:24 109568 ----a-w- c:\windows\SysWow64\atiuxpag.dll 2012-09-28 01:11 . 2011-05-25 03:24 103424 ----a-w- c:\windows\system32\atiu9p64.dll 2012-09-28 01:10 . 2011-05-25 03:24 82944 ----a-w- c:\windows\SysWow64\atiu9pag.dll 2012-09-28 01:09 . 2012-09-28 01:09 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll 2012-09-02 19:31 . 2012-09-02 19:31 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2012-09-02 19:31 . 2012-09-02 19:31 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-08-31 05:03 . 2012-08-31 05:03 228768 ----a-w- c:\windows\system32\drivers\MpFilter.sys 2012-08-31 05:03 . 2010-10-25 05:25 128456 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files (x86)\Yahoo!\Companion\Installs\cpn2\YTNavAssist.dll" [2011-03-16 214840] . [HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}] [HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin.1] [HKEY_CLASSES_ROOT\TypeLib\{A31F34A1-EBD2-45A2-BF6D-231C1B987CC8}] [HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Messenger (Yahoo!)"="c:\progra~2\Yahoo!\MESSEN~1\YahooMessenger.exe" [2011-06-16 6276408] "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-12-28 39408] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584] "Steam"="d:\games\Steam.exe" [2012-08-11 1353080] "DDAssist"="c:\program files (x86)\Drobo\Drobo Dashboard\DDAssist.exe" [2011-07-14 323456] "Akamai NetSession Interface"="c:\users\DCHAM\AppData\Local\Akamai\netsession_win.exe" [2012-10-09 4441920] "HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2011-05-25 393216] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408] "UpdatePSTShortCut"="c:\program files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2009-05-08 210216] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2009-11-11 417792] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-02-16 141608] "LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-03-13 119152] "ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296] "CTxfiHlp"="CTXFIHLP.EXE" [2010-07-07 24576] "googletalk"="c:\program files (x86)\Google\Google Talk\googletalk.exe" [2007-01-01 3739648] "RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2010-02-03 87336] "BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2010-11-18 75048] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-09-28 642728] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CtxfiReg"="CTXFIREG.exe" [2010-07-07 47104] "LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-01-28 2387968] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS [2009-08-25 35840] R3 cpuz130;cpuz130;c:\users\DORANC~1\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x] R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-08-04 79360] R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-11-25 79360] R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [2010-07-07 230488] R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [2010-07-07 1445976] R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [2010-07-07 95320] R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-12-15 25832] R3 dc3d;MS Hardware Device Detection Driver (HID);c:\windows\system32\DRIVERS\dc3d.sys [2010-04-17 27536] R3 ENTECH64;ENTECH64;c:\windows\system32\DRIVERS\ENTECH64.sys [2007-08-20 12744] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456] R3 RemoteControl-USBLAN;RemoteControl-USBLAN;c:\windows\system32\DRIVERS\rcblan.sys [2007-01-24 46616] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-15 1255736] R3 WLRAWMp50x64;WLRAWMp50x64 NDIS Protocol Driver;c:\windows\system32\Drivers\WLRAWMp50x64.sys [2012-06-12 35352] R3 WLRAWSp50x64;WLRAWSp50x64 NDIS Protocol Driver;c:\windows\system32\Drivers\WLRAWSp50x64.sys [2012-06-12 34328] S2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2011/01/16 17:55];c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl [2010-11-18 05:29 146928] S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-09-28 239616] S2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\HitmanPro\hmpsched.exe [2012-11-24 108904] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-30 399432] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-30 676936] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-05-14 96896] S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [2010-07-07 230488] S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [2010-07-07 1445976] S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [2010-07-07 95320] S3 ha20x22k;Creative 20X2 HAL Driver;c:\windows\system32\drivers\ha20x22k.sys [2010-07-07 1612888] S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-07-14 22408] S3 LGPBTDD;LGPBTDD.sys Display Driver;c:\windows\system32\Drivers\LGPBTDD.sys [2009-07-01 30728] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-30 25928] S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2010-09-30 82816] S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-09-28 395264] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] Akamai REG_MULTI_SZ Akamai . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2009-01-28 06:28 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe . Contents of the 'Scheduled Tasks' folder . 2012-11-24 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-11 13:20] . 2012-11-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-11 13:20] . 2012-11-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-11 13:20] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2009-08-14 415752] "Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2009-08-14 2093064] "Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2009-08-14 4195848] "VX3000"="c:\windows\vVX3000.exe" [2010-03-13 762736] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.com/ mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local> IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html IE: Open Client to monitor &1 - c:\windows\web\AOpenClient.htm IE: Open Client to monitor &2 - c:\windows\web\AOpenClient.htm Trusted Zone: clonewarsadventures.com Trusted Zone: freerealms.com Trusted Zone: soe.com Trusted Zone: sony.com TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\DCHAM\AppData\Roaming\Mozilla\Firefox\Profiles\xxrtogqb.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: network.proxy.type - 0 FF - ExtSQL: !HIDDEN! 2012-11-23 16:29; {4a068a1c-9604-493b-b11b-c2add4964c37}; c:\users\DCHAM\AppData\Roaming\Mozilla\Firefox\Profiles\xxrtogqb.default\extensions\{4a068a1c-9604-493b-b11b-c2add4964c37}.xpi FF - user.js: yahoo.ytff.general.dontshowhpoffer - true . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai] "ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}] "ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-664601792-439284596-4029592348-1000\Software\SecuROM\License information*] @Allowed: (Read) (RestrictedCode) "datasecu"=hex:a9,01,e2,f6,59,8d,09,e2,e2,a4,34,ca,4a,fc,48,f3,71,4a,a9,4c,e9, 86,2e,a0,a3,a9,9e,31,d0,81,56,77,cb,0f,88,f5,03,08,9b,65,10,91,ce,75,c3,62,\ "rkeysecu"=hex:64,b6,bd,e1,3e,80,9e,c4,40,b4,90,83,87,8e,33,49 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe c:\program files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files (x86)\Bonjour\mDNSResponder.exe c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe . ************************************************************************** . Completion time: 2012-11-24 14:31:37 - machine was rebooted ComboFix-quarantined-files.txt 2012-11-24 22:31 ComboFix2.txt 2012-11-24 03:20 . Pre-Run: 44,358,234,112 bytes free Post-Run: 44,172,234,752 bytes free . - - End Of File - - D7FAE40EC8336E813304D875A0FDCB16
- November 24, 2012
- 16 replies
Cannot fully remove Trojan

doran66 replied to doran66's topic in Resolved Malware Removal Logs

Here is the ComboFix.txt: ComboFix 12-11-24.02 - DCHAM 11/24/2012 12:50:46.2.8 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.12279.9606 [GMT -8:00] Running from: c:\users\DCHAM\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C} SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2012-10-24 to 2012-11-24 ))))))))))))))))))))))))))))))) . . 2012-11-24 20:54 . 2012-11-24 20:54 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp 2012-11-24 20:54 . 2012-11-24 20:54 -------- d-----w- c:\users\Mcx2-DCHAM102086\AppData\Local\temp 2012-11-24 20:54 . 2012-11-24 20:54 -------- d-----w- c:\users\Mcx1-DCHAM102086\AppData\Local\temp 2012-11-24 20:54 . 2012-11-24 20:54 -------- d-----w- c:\users\Guest\AppData\Local\temp 2012-11-24 20:54 . 2012-11-24 20:54 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-11-24 18:42 . 2012-11-24 18:42 -------- d-----w- C:\MBAR 2012-11-24 16:33 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{52F9C032-1C8B-4A17-9386-07CB045E63D6}\mpengine.dll 2012-11-24 05:28 . 2012-11-24 05:32 -------- d-----w- c:\program files\HitmanPro 2012-11-24 05:28 . 2012-11-24 05:31 -------- d-----w- c:\programdata\HitmanPro 2012-11-24 04:49 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-11-19 06:16 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys 2012-11-19 06:16 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys 2012-11-19 06:16 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui 2012-11-19 06:16 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll 2012-11-19 06:11 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll 2012-11-19 06:11 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll 2012-11-19 06:11 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys 2012-11-19 06:11 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys 2012-11-19 06:11 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe 2012-11-19 06:11 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll 2012-11-19 06:11 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll 2012-11-19 01:13 . 2012-11-19 01:13 -------- d-----w- C:\Brother 2012-11-19 01:13 . 2005-01-17 07:10 45056 ----a-w- c:\windows\SysWow64\BRTCPCON.DLL 2012-11-19 01:13 . 2010-05-10 08:45 103736 ----a-w- c:\windows\SysWow64\BRRBTOOL.EXE 2012-11-19 01:13 . 2010-04-02 05:33 25299 ----a-w- c:\windows\SysWow64\BRLM03A.DLL 2012-11-19 01:13 . 2004-08-09 06:42 77824 ----a-w- c:\windows\SysWow64\BRLMW03A.DLL 2012-11-19 01:13 . 2010-08-03 04:57 217088 ----a-w- c:\windows\SysWow64\NSSearch.dll 2012-11-19 01:13 . 2010-03-16 03:56 2560 ----a-w- c:\windows\SysWow64\BrDctF2S.dll 2012-11-19 01:13 . 2010-03-16 03:45 73728 ----a-w- c:\windows\SysWow64\BrDctF2.dll 2012-11-19 01:13 . 2007-12-14 06:16 5120 ----a-w- c:\windows\SysWow64\BrDctF2L.dll 2012-11-19 01:13 . 2012-11-19 01:13 -------- d-----w- c:\program files (x86)\Brother 2012-11-19 01:12 . 2010-02-05 19:42 180224 ----a-w- c:\windows\SysWow64\BroSNMP.dll 2012-11-19 01:12 . 2012-11-19 01:13 -------- d-----w- c:\programdata\Brother 2012-11-11 14:02 . 2012-11-11 14:02 -------- d-----w- c:\program files (x86)\CodeFromThe70s.org 2012-11-03 02:59 . 2012-11-03 02:59 -------- d-----w- c:\programdata\ATI 2012-11-03 02:59 . 2012-11-03 02:59 -------- d-----w- c:\program files (x86)\AMD AVT 2012-11-03 02:55 . 2012-09-14 19:19 2048 ----a-w- c:\windows\system32\tzres.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-11-19 06:11 . 2009-11-25 22:16 66395536 ----a-w- c:\windows\system32\MRT.exe 2012-11-11 13:20 . 2012-08-11 05:34 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-11-11 13:20 . 2011-06-13 04:40 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-09-30 03:54 . 2009-12-18 03:13 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-09-28 22:37 . 2012-09-28 22:37 221696 ----a-w- c:\windows\system32\clinfo.exe 2012-09-28 22:36 . 2012-09-28 22:36 75776 ----a-w- c:\windows\system32\OpenVideo64.dll 2012-09-28 22:36 . 2012-09-28 22:36 65536 ----a-w- c:\windows\SysWow64\OpenVideo.dll 2012-09-28 22:36 . 2012-09-28 22:36 63488 ----a-w- c:\windows\system32\OVDecode64.dll 2012-09-28 22:36 . 2012-09-28 22:36 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll 2012-09-28 22:36 . 2012-09-28 22:36 32635904 ----a-w- c:\windows\system32\amdocl64.dll 2012-09-28 22:32 . 2012-09-28 22:32 27341824 ----a-w- c:\windows\SysWow64\amdocl.dll 2012-09-28 15:59 . 2012-10-21 00:57 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{19A2954B-16CD-43F8-8340-5ECEF9BDE0B1}\gapaengine.dll 2012-09-28 15:59 . 2011-03-26 03:35 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll 2012-09-28 02:23 . 2012-09-28 02:23 5557928 ----a-w- c:\windows\SysWow64\atiumdag.dll 2012-09-28 02:21 . 2012-09-28 02:21 10697216 ----a-w- c:\windows\system32\drivers\atikmdag.sys 2012-09-28 02:05 . 2012-09-28 02:05 70144 ----a-w- c:\windows\system32\coinst_9.002.dll 2012-09-28 02:03 . 2012-09-28 02:03 163840 ----a-w- c:\windows\system32\atiapfxx.exe 2012-09-28 02:02 . 2012-09-28 02:02 51200 ----a-w- c:\windows\system32\aticalrt64.dll 2012-09-28 02:02 . 2012-09-28 02:02 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll 2012-09-28 02:02 . 2012-09-28 02:02 44544 ----a-w- c:\windows\system32\aticalcl64.dll 2012-09-28 02:02 . 2012-09-28 02:02 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll 2012-09-28 02:02 . 2012-09-28 02:02 16082432 ----a-w- c:\windows\system32\aticaldd64.dll 2012-09-28 01:59 . 2012-09-28 01:59 23825920 ----a-w- c:\windows\system32\atio6axx.dll 2012-09-28 01:57 . 2012-09-28 01:57 13703168 ----a-w- c:\windows\SysWow64\aticaldd.dll 2012-09-28 01:43 . 2011-11-10 03:16 935424 ----a-w- c:\windows\SysWow64\aticfx32.dll 2012-09-28 01:41 . 2010-05-05 02:18 1120768 ----a-w- c:\windows\system32\aticfx64.dll 2012-09-28 01:41 . 2012-09-28 01:41 19624960 ----a-w- c:\windows\SysWow64\atioglxx.dll 2012-09-28 01:39 . 2012-06-11 17:16 6536192 ----a-w- c:\windows\SysWow64\atidxx32.dll 2012-09-28 01:39 . 2012-09-28 01:39 442368 ----a-w- c:\windows\system32\atidemgy.dll 2012-09-28 01:39 . 2012-09-28 01:39 538112 ----a-w- c:\windows\system32\atieclxx.exe 2012-09-28 01:38 . 2012-09-28 01:38 239616 ----a-w- c:\windows\system32\atiesrxx.exe 2012-09-28 01:36 . 2012-09-28 01:36 120320 ----a-w- c:\windows\system32\atitmm64.dll 2012-09-28 01:36 . 2012-09-28 01:36 21504 ----a-w- c:\windows\system32\atimuixx.dll 2012-09-28 01:36 . 2012-09-28 01:36 59392 ----a-w- c:\windows\system32\atiedu64.dll 2012-09-28 01:36 . 2012-09-28 01:36 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll 2012-09-28 01:31 . 2011-05-25 03:18 3127296 ----a-w- c:\windows\system32\atiumd6a.dll 2012-09-28 01:25 . 2011-05-25 03:33 6704640 ----a-w- c:\windows\system32\atiumd64.dll 2012-09-28 01:22 . 2009-11-04 15:31 7167488 ----a-w- c:\windows\system32\atidxx64.dll 2012-09-28 01:22 . 2012-09-28 01:22 2691584 ----a-w- c:\windows\SysWow64\atiumdva.dll 2012-09-28 01:13 . 2012-09-28 01:13 595456 ----a-w- c:\windows\system32\atiadlxx.dll 2012-09-28 01:13 . 2012-09-28 01:13 405504 ----a-w- c:\windows\SysWow64\atiadlxy.dll 2012-09-28 01:13 . 2012-09-28 01:13 17920 ----a-w- c:\windows\system32\atig6pxx.dll 2012-09-28 01:13 . 2012-09-28 01:13 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll 2012-09-28 01:13 . 2012-09-28 01:13 14848 ----a-w- c:\windows\system32\atiglpxx.dll 2012-09-28 01:13 . 2012-09-28 01:13 41984 ----a-w- c:\windows\system32\atig6txx.dll 2012-09-28 01:13 . 2012-09-28 01:13 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll 2012-09-28 01:12 . 2012-09-28 01:12 56320 ----a-w- c:\windows\system32\atimpc64.dll 2012-09-28 01:12 . 2012-09-28 01:12 56320 ----a-w- c:\windows\system32\amdpcom64.dll 2012-09-28 01:12 . 2012-09-28 01:12 460288 ----a-w- c:\windows\system32\drivers\atikmpag.sys 2012-09-28 01:12 . 2012-09-28 01:12 56832 ----a-w- c:\windows\SysWow64\atimpc32.dll 2012-09-28 01:12 . 2012-09-28 01:12 56832 ----a-w- c:\windows\SysWow64\amdpcom32.dll 2012-09-28 01:11 . 2011-05-25 03:24 129536 ----a-w- c:\windows\system32\atiuxp64.dll 2012-09-28 01:11 . 2011-05-25 03:24 109568 ----a-w- c:\windows\SysWow64\atiuxpag.dll 2012-09-28 01:11 . 2011-05-25 03:24 103424 ----a-w- c:\windows\system32\atiu9p64.dll 2012-09-28 01:10 . 2011-05-25 03:24 82944 ----a-w- c:\windows\SysWow64\atiu9pag.dll 2012-09-28 01:09 . 2012-09-28 01:09 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll 2012-09-02 19:31 . 2012-09-02 19:31 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2012-09-02 19:31 . 2012-09-02 19:31 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-08-31 05:03 . 2012-08-31 05:03 228768 ----a-w- c:\windows\system32\drivers\MpFilter.sys 2012-08-31 05:03 . 2010-10-25 05:25 128456 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files (x86)\Yahoo!\Companion\Installs\cpn2\YTNavAssist.dll" [2011-03-16 214840] . [HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}] [HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin.1] [HKEY_CLASSES_ROOT\TypeLib\{A31F34A1-EBD2-45A2-BF6D-231C1B987CC8}] [HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Messenger (Yahoo!)"="c:\progra~2\Yahoo!\MESSEN~1\YahooMessenger.exe" [2011-06-16 6276408] "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-12-28 39408] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584] "Steam"="d:\games\Steam.exe" [2012-08-11 1353080] "DDAssist"="c:\program files (x86)\Drobo\Drobo Dashboard\DDAssist.exe" [2011-07-14 323456] "Akamai NetSession Interface"="c:\users\DCHAM\AppData\Local\Akamai\netsession_win.exe" [2012-10-09 4441920] "HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2011-05-25 393216] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408] "UpdatePSTShortCut"="c:\program files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2009-05-08 210216] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2009-11-11 417792] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-02-16 141608] "LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-03-13 119152] "ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296] "CTxfiHlp"="CTXFIHLP.EXE" [2010-07-07 24576] "googletalk"="c:\program files (x86)\Google\Google Talk\googletalk.exe" [2007-01-01 3739648] "RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2010-02-03 87336] "BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2010-11-18 75048] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-09-28 642728] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce] "1"="c:\program files (x86)\Malwarebytes' Anti-Malware\Chameleon\mbam-chameleon.exe" [2012-09-30 218184] "Z1"="c:\mbar\mbar\mbar.exe" [2012-11-08 1341800] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CtxfiReg"="CTXFIREG.exe" [2010-07-07 47104] "LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-01-28 2387968] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 cuyyjphks;Remote Procedure Call (RPC) Service;c:\users\DCHAM\AppData\Roaming\Microsoft\Xyqzwni\xyqzwni.exe [x] R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS [2009-08-25 35840] R3 cpuz130;cpuz130;c:\users\DORANC~1\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x] R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-08-04 79360] R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-11-25 79360] R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [2010-07-07 230488] R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [2010-07-07 1445976] R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [2010-07-07 95320] R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-12-15 25832] R3 dc3d;MS Hardware Device Detection Driver (HID);c:\windows\system32\DRIVERS\dc3d.sys [2010-04-17 27536] R3 ENTECH64;ENTECH64;c:\windows\system32\DRIVERS\ENTECH64.sys [2007-08-20 12744] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456] R3 RemoteControl-USBLAN;RemoteControl-USBLAN;c:\windows\system32\DRIVERS\rcblan.sys [2007-01-24 46616] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-15 1255736] R3 WLRAWMp50x64;WLRAWMp50x64 NDIS Protocol Driver;c:\windows\system32\Drivers\WLRAWMp50x64.sys [2012-06-12 35352] R3 WLRAWSp50x64;WLRAWSp50x64 NDIS Protocol Driver;c:\windows\system32\Drivers\WLRAWSp50x64.sys [2012-06-12 34328] S2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2011/01/16 17:55];c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl [2010-11-18 05:29 146928] S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-09-28 239616] S2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\HitmanPro\hmpsched.exe [2012-11-24 108904] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-30 399432] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-30 676936] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-05-14 96896] S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [2010-07-07 230488] S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [2010-07-07 1445976] S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [2010-07-07 95320] S3 ha20x22k;Creative 20X2 HAL Driver;c:\windows\system32\drivers\ha20x22k.sys [2010-07-07 1612888] S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-07-14 22408] S3 LGPBTDD;LGPBTDD.sys Display Driver;c:\windows\system32\Drivers\LGPBTDD.sys [2009-07-01 30728] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-30 25928] S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2010-09-30 82816] S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-09-28 395264] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] Akamai REG_MULTI_SZ Akamai . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2009-01-28 06:28 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe . Contents of the 'Scheduled Tasks' folder . 2012-11-24 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-11 13:20] . 2012-11-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-11 13:20] . 2012-11-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-11 13:20] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2009-08-14 415752] "Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2009-08-14 2093064] "Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2009-08-14 4195848] "VX3000"="c:\windows\vVX3000.exe" [2010-03-13 762736] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.com/ mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local> IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html IE: Open Client to monitor &1 - c:\windows\web\AOpenClient.htm IE: Open Client to monitor &2 - c:\windows\web\AOpenClient.htm Trusted Zone: clonewarsadventures.com Trusted Zone: freerealms.com Trusted Zone: soe.com Trusted Zone: sony.com TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\DCHAM\AppData\Roaming\Mozilla\Firefox\Profiles\xxrtogqb.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: network.proxy.type - 0 FF - ExtSQL: !HIDDEN! 2012-11-23 16:29; {4a068a1c-9604-493b-b11b-c2add4964c37}; c:\users\DCHAM\AppData\Roaming\Mozilla\Firefox\Profiles\xxrtogqb.default\extensions\{4a068a1c-9604-493b-b11b-c2add4964c37}.xpi FF - user.js: yahoo.ytff.general.dontshowhpoffer - true . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai] "ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}] "ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-664601792-439284596-4029592348-1000\Software\SecuROM\License information*] @Allowed: (Read) (RestrictedCode) "datasecu"=hex:a9,01,e2,f6,59,8d,09,e2,e2,a4,34,ca,4a,fc,48,f3,71,4a,a9,4c,e9, 86,2e,a0,a3,a9,9e,31,d0,81,56,77,cb,0f,88,f5,03,08,9b,65,10,91,ce,75,c3,62,\ "rkeysecu"=hex:64,b6,bd,e1,3e,80,9e,c4,40,b4,90,83,87,8e,33,49 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-11-24 12:56:02 ComboFix-quarantined-files.txt 2012-11-24 20:56 ComboFix2.txt 2012-11-24 03:20 . Pre-Run: 44,251,512,832 bytes free Post-Run: 44,283,662,336 bytes free . - - End Of File - - 88B603CBF121415152E8150E29D2A838
- November 24, 2012
- 16 replies
Cannot fully remove Trojan

doran66 replied to doran66's topic in Resolved Malware Removal Logs

I deleted the files per your instructions via Roguekiller and manually for the folder. After running MBAR I received the following: Cleanup: Congratulations, no cleanup is required Scan Finished: No malware found Here are the logs: mbar-log: Malwarebytes Anti-Rootkit 1.1.0.1009 www.malwarebytes.org Database version: v2012.11.24.08 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 DCHAM :: DCHAM102086 [administrator] 11/24/2012 10:56:05 AM mbar-log-2012-11-24 (10-56-05).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken Scan options disabled: PUP | PUM | P2P Objects scanned: 32433 Time elapsed: 8 minute(s), 6 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) system-log: --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.01.0.1009 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 9.0.8112.16421 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED CPU speed: 3.340000 GHz Memory total: 12875583488, free: 9499553792 ------------ Kernel report ------------ 11/24/2012 10:47:00 ------------ Loaded modules ----------- \SystemRoot\system32\ntoskrnl.exe \SystemRoot\system32\hal.dll \SystemRoot\system32\kdcom.dll \SystemRoot\system32\mcupdate_GenuineIntel.dll \SystemRoot\system32\PSHED.dll \SystemRoot\system32\CLFS.SYS \SystemRoot\system32\CI.dll \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\system32\drivers\ACPI.sys \SystemRoot\system32\drivers\WMILIB.SYS \SystemRoot\system32\drivers\msisadrv.sys \SystemRoot\system32\drivers\pci.sys \SystemRoot\system32\drivers\vdrvroot.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\system32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\system32\drivers\vmbus.sys \SystemRoot\system32\drivers\winhv.sys \SystemRoot\system32\drivers\atapi.sys \SystemRoot\system32\drivers\ataport.SYS \SystemRoot\system32\drivers\msahci.sys \SystemRoot\system32\drivers\PCIIDEX.SYS \SystemRoot\system32\drivers\amdxata.sys \SystemRoot\system32\drivers\fltmgr.sys \SystemRoot\system32\drivers\fileinfo.sys \SystemRoot\system32\DRIVERS\MpFilter.sys \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\System32\Drivers\msrpc.sys \SystemRoot\System32\Drivers\ksecdd.sys \SystemRoot\System32\Drivers\cng.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\system32\drivers\vmstorfl.sys \SystemRoot\system32\drivers\volsnap.sys \SystemRoot\System32\Drivers\spldr.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\System32\drivers\hwpolicy.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\system32\DRIVERS\disk.sys \SystemRoot\system32\DRIVERS\CLASSPNP.SYS \SystemRoot\system32\drivers\cdrom.sys \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\drivers\VIDEOPRT.SYS \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\system32\drivers\rdpencdd.sys \SystemRoot\system32\drivers\rdprefmp.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\system32\drivers\afd.sys \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\drivers\ws2ifsl.sys \SystemRoot\system32\DRIVERS\wfplwf.sys \SystemRoot\system32\DRIVERS\pacer.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\system32\drivers\termdd.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\system32\drivers\mssmbios.sys \SystemRoot\System32\drivers\discache.sys \SystemRoot\system32\drivers\csc.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\system32\DRIVERS\blbdrive.sys \SystemRoot\system32\DRIVERS\tunnel.sys \SystemRoot\system32\DRIVERS\intelppm.sys \SystemRoot\system32\drivers\ctaud2k.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\system32\drivers\ks.sys \SystemRoot\system32\drivers\ctoss2k.sys \SystemRoot\system32\drivers\ctprxy2k.sys \SystemRoot\system32\drivers\ksthunk.sys \SystemRoot\system32\DRIVERS\atikmpag.sys \SystemRoot\system32\DRIVERS\atikmdag.sys \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\dxgmms1.sys \SystemRoot\system32\drivers\HDAudBus.sys \SystemRoot\system32\DRIVERS\usbuhci.sys \SystemRoot\system32\DRIVERS\USBPORT.SYS \SystemRoot\system32\DRIVERS\usbehci.sys \SystemRoot\system32\DRIVERS\yk62x64.sys \SystemRoot\system32\drivers\1394ohci.sys \SystemRoot\system32\DRIVERS\ASACPI.sys \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys \SystemRoot\system32\drivers\wmiacpi.sys \SystemRoot\system32\drivers\CompositeBus.sys \SystemRoot\system32\drivers\msiscsi.sys \SystemRoot\system32\drivers\storport.sys \SystemRoot\system32\DRIVERS\AgileVpn.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\rassstp.sys \SystemRoot\System32\Drivers\pcouffin.sys \SystemRoot\system32\DRIVERS\rdpbus.sys \SystemRoot\system32\DRIVERS\kbdclass.sys \SystemRoot\system32\drivers\mouclass.sys \SystemRoot\system32\drivers\swenum.sys \SystemRoot\system32\drivers\LGBusEnum.sys \SystemRoot\system32\DRIVERS\umbus.sys \SystemRoot\system32\drivers\ha20x22k.sys \SystemRoot\system32\drivers\emupia2k.sys \SystemRoot\system32\drivers\ctsfm2k.sys \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\System32\drivers\CTHWIUT.SYS \SystemRoot\System32\drivers\CT20XUT.SYS \SystemRoot\System32\drivers\CTEXFIFX.SYS \SystemRoot\system32\drivers\AtihdW76.sys \SystemRoot\system32\DRIVERS\udfs.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\Drivers\dump_dumpata.sys \SystemRoot\System32\Drivers\dump_msahci.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\system32\DRIVERS\usbccgp.sys \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\system32\DRIVERS\hidusb.sys \SystemRoot\system32\DRIVERS\HIDCLASS.SYS \SystemRoot\system32\DRIVERS\HIDPARSE.SYS \SystemRoot\system32\DRIVERS\mouhid.sys \SystemRoot\system32\DRIVERS\kbdhid.sys \SystemRoot\System32\Drivers\LGPBTDD.sys \SystemRoot\system32\DRIVERS\monitor.sys \SystemRoot\system32\DRIVERS\USBSTOR.SYS \SystemRoot\System32\TSDDD.dll \SystemRoot\System32\cdd.dll \SystemRoot\system32\drivers\luafv.sys \??\C:\Windows\system32\drivers\mbam.sys \SystemRoot\system32\drivers\WudfPf.sys \SystemRoot\system32\DRIVERS\WUDFRd.sys \SystemRoot\system32\DRIVERS\lltdio.sys \SystemRoot\system32\DRIVERS\rspndr.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \SystemRoot\system32\DRIVERS\atksgt.sys \SystemRoot\system32\DRIVERS\lirsgt.sys \SystemRoot\system32\DRIVERS\NisDrvWFP.sys \SystemRoot\system32\drivers\peauth.sys \SystemRoot\System32\Drivers\secdrv.SYS \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\System32\drivers\tcpipreg.sys \??\C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\System32\DRIVERS\srv.sys \SystemRoot\System32\drivers\rdpdr.sys \SystemRoot\system32\drivers\tdtcp.sys \SystemRoot\System32\DRIVERS\tssecsrv.sys \SystemRoot\System32\Drivers\RDPWD.SYS \SystemRoot\system32\DRIVERS\asyncmac.sys \??\C:\Windows\system32\Drivers\PROCEXP113.SYS \SystemRoot\system32\drivers\spsys.sys \??\C:\Windows\system32\drivers\mbamchameleon.sys \??\C:\Windows\system32\drivers\mbamswissarmy.sys \Windows\System32\ntdll.dll \Windows\System32\smss.exe \Windows\System32\apisetschema.dll \Windows\System32\autochk.exe \Windows\System32\user32.dll \Windows\System32\ws2_32.dll \Windows\System32\imm32.dll \Windows\System32\msvcrt.dll \Windows\System32\nsi.dll \Windows\System32\urlmon.dll \Windows\System32\msctf.dll \Windows\System32\ole32.dll \Windows\System32\Wldap32.dll \Windows\System32\shell32.dll \Windows\System32\wininet.dll \Windows\System32\iertutil.dll \Windows\System32\psapi.dll \Windows\System32\advapi32.dll \Windows\System32\comdlg32.dll \Windows\System32\oleaut32.dll \Windows\System32\setupapi.dll \Windows\System32\clbcatq.dll \Windows\System32\difxapi.dll \Windows\System32\sechost.dll \Windows\System32\kernel32.dll \Windows\System32\gdi32.dll \Windows\System32\rpcrt4.dll \Windows\System32\usp10.dll \Windows\System32\shlwapi.dll \Windows\System32\lpk.dll \Windows\System32\normaliz.dll \Windows\System32\imagehlp.dll \Windows\System32\crypt32.dll \Windows\System32\devobj.dll \Windows\System32\comctl32.dll \Windows\System32\wintrust.dll \Windows\System32\KernelBase.dll \Windows\System32\cfgmgr32.dll \Windows\System32\msasn1.dll \Windows\SysWOW64\normaliz.dll ----------- End ----------- <<<1>>> Upper Device Name: \Device\Harddisk6\DR6 Upper Device Object: 0xfffffa800cc28060 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\000000a9\ Lower Device Object: 0xfffffa800cc22750 Lower Device Driver Name: \Driver\USBSTOR\ Driver name found: USBSTOR DriverEntry returned 0x0 Function returned 0x0 <<<1>>> Upper Device Name: \Device\Harddisk5\DR5 Upper Device Object: 0xfffffa800cc27060 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\000000a8\ Lower Device Object: 0xfffffa800cc22060 Lower Device Driver Name: \Driver\USBSTOR\ Driver name found: USBSTOR <<<1>>> Upper Device Name: \Device\Harddisk4\DR4 Upper Device Object: 0xfffffa800cc26060 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\000000a7\ Lower Device Object: 0xfffffa800cc1d550 Lower Device Driver Name: \Driver\USBSTOR\ Driver name found: USBSTOR <<<1>>> Upper Device Name: \Device\Harddisk3\DR3 Upper Device Object: 0xfffffa800cc25060 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\000000a6\ Lower Device Object: 0xfffffa800cc1f060 Lower Device Driver Name: \Driver\USBSTOR\ Driver name found: USBSTOR <<<1>>> Upper Device Name: \Device\Harddisk2\DR2 Upper Device Object: 0xfffffa800cc24060 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\000000a5\ Lower Device Object: 0xfffffa800cc1eb60 Lower Device Driver Name: \Driver\USBSTOR\ Driver name found: USBSTOR <<<1>>> Upper Device Name: \Device\Harddisk1\DR1 Upper Device Object: 0xfffffa800a620790 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IdeDeviceP1T0L0-1\ Lower Device Object: 0xfffffa800a3b1060 Lower Device Driver Name: \Driver\atapi\ Driver name found: atapi DriverEntry returned 0x0 Function returned 0x0 <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xfffffa800a61a790 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\ Lower Device Object: 0xfffffa800a3a4060 Lower Device Driver Name: \Driver\atapi\ Driver name found: atapi Downloaded database version: v2012.11.24.08 Downloaded database version: v2012.11.19.01 Initializing... Done! Scanning directory: C:\Windows\system32\drivers... <<<2>>> Device number: 0, partition: 1 Physical Sector Size: 512 Drive: 0, DevicePointer: 0xfffffa800a61a790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa800a61a2c0, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa800a61a790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa800a3573e0, DeviceName: Unknown, DriverName: \Driver\ACPI\ DevicePointer: 0xfffffa800a3a4060, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\ ------------ End ---------- Upper DeviceData: 0xfffff8a01650f120, 0xfffffa800a61a790, 0xfffffa8010157090 Lower DeviceData: 0xfffff8a017958600, 0xfffffa800a3a4060, 0xfffffa80100d1e40 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Done! Drive 0 Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: B8EA0E00 Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 2048 Numsec = 500113408 Partition file system is NTFS Partition is bootable Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 256060514304 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-2047-500098192-500118192)... Physical Sector Size: 512 Drive: 1, DevicePointer: 0xfffffa800a620790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa800a6201e0, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa800a620790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa800a3a7520, DeviceName: Unknown, DriverName: \Driver\ACPI\ DevicePointer: 0xfffffa800a3b1060, DeviceName: \Device\Ide\IdeDeviceP1T0L0-1\, DriverName: \Driver\atapi\ ------------ End ---------- Upper DeviceData: 0xfffff8a00bc57180, 0xfffffa800a620790, 0xfffffa80100c1640 Lower DeviceData: 0xfffff8a01968d590, 0xfffffa800a3b1060, 0xfffffa800fc7d090 Drive 1 Scanning MBR on drive 1... Inspecting partition table: MBR Signature: 55AA Disk Signature: A6548B34 Partition information: Partition 0 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 2048 Numsec = 3907024896 Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 2000398934016 bytes Sector size: 512 bytes Physical Sector Size: 0 Drive: 2, DevicePointer: 0xfffffa800cc24060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa800cc1d040, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa800cc24060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa800cc1eb60, DeviceName: \Device\000000a5\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Physical Sector Size: 0 Drive: 3, DevicePointer: 0xfffffa800cc25060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa800cc24b90, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa800cc25060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa800cc1f060, DeviceName: \Device\000000a6\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Physical Sector Size: 0 Drive: 4, DevicePointer: 0xfffffa800cc26060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa800cc25b90, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa800cc26060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa800cc1d550, DeviceName: \Device\000000a7\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Physical Sector Size: 0 Drive: 5, DevicePointer: 0xfffffa800cc27060, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa800cc26b90, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa800cc27060, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa800cc22060, DeviceName: \Device\000000a8\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Physical Sector Size: 0 Drive: 6, DevicePointer: 0xfffffa800cc28060, DeviceName: \Device\Harddisk6\DR6\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa800cc27b90, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa800cc28060, DeviceName: \Device\Harddisk6\DR6\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa800cc22750, DeviceName: \Device\000000a9\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Done! Performing system, memory and registry scan... Done! Scan finished Scanning directory: C:\Windows\system32\drivers... Done! Drive 0 Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: B8EA0E00 Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 2048 Numsec = 500113408 Partition file system is NTFS Partition is bootable Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 256060514304 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-2047-500098192-500118192)... Drive 1 Scanning MBR on drive 1... Inspecting partition table: MBR Signature: 55AA Disk Signature: A6548B34 Partition information: Partition 0 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 2048 Numsec = 3907024896 Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 2000398934016 bytes Sector size: 512 bytes Physical Sector Size: 0 Drive: 2, DevicePointer: 0xfffffa800cc24060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa800cc1d040, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa800cc24060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa800cc1eb60, DeviceName: \Device\000000a5\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Physical Sector Size: 0 Drive: 3, DevicePointer: 0xfffffa800cc25060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa800cc24b90, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa800cc25060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa800cc1f060, DeviceName: \Device\000000a6\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Physical Sector Size: 0 Drive: 4, DevicePointer: 0xfffffa800cc26060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa800cc25b90, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa800cc26060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa800cc1d550, DeviceName: \Device\000000a7\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Physical Sector Size: 0 Drive: 5, DevicePointer: 0xfffffa800cc27060, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa800cc26b90, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa800cc27060, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa800cc22060, DeviceName: \Device\000000a8\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Physical Sector Size: 0 Drive: 6, DevicePointer: 0xfffffa800cc28060, DeviceName: \Device\Harddisk6\DR6\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa800cc27b90, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa800cc28060, DeviceName: \Device\Harddisk6\DR6\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa800cc22750, DeviceName: \Device\000000a9\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Done! Performing system, memory and registry scan... Done! Scan finished
- November 24, 2012
- 16 replies
Cannot fully remove Trojan

doran66 replied to doran66's topic in Resolved Malware Removal Logs

Thanks so much for your help, here is the output from RogueKiller: RogueKiller V8.3.1 [Nov 23 2012] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : DCHAM [Admin rights] Mode : Scan -- Date : 11/24/2012 09:57:46 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 14 ¤¤¤ [RUN][ROGUE ST] HKLM\[...]\Wow6432Node\RunOnce : 1 (C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\mbam-chameleon.exe /r /p) -> FOUND [services][ROGUE ST] HKLM\[...]\ControlSet001\Services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC} (C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl) -> FOUND [services][ROGUE ST] HKLM\[...]\ControlSet002\Services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC} (C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl) -> FOUND [sTARTUP][sUSP PATH] vaaiwfbv.lnk @Guest : C:\Users\Guest\AppData\Roaming\Microsoft\Vaaiwfbv\vaaiwfbv.exe -> FOUND [HJPOL] HKCU\[...]\System : disableregistrytools (0) -> FOUND [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND [HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND [HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND [HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND [HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: CORSAIR CMFSSD-256GBG2D ATA Device +++++ --- User --- [MBR] 607541a524bb2e9e48d5cb3ca06258c1 [bSP] a224d1731a240c3eff817feb5cbb8333 : Windows Vista MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 244196 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: WDC WD20EADS-00R6B0 ATA Device +++++ --- User --- [MBR] 204b7e577b57d8c9f9c1599814124daf [bSP] 7b77c505ad3f90984c738ddbe259e48b : Windows 7/8 MBR Code Partition table: 0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1907727 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1]_S_11242012_02d0957.txt >> RKreport[1]_S_11242012_02d0957.txt
- November 24, 2012
- 16 replies
Cannot fully remove Trojan

doran66 posted a topic in Resolved Malware Removal Logs

Hello. 2 days ago Microsoft Security Essentials started detecting Trojans on my computer. Both Malewarebytes and MSE found items to quarantine and remove, here is a sample: PWS:Win32/Fareit.gen!E TrojanDropper:Win32/Qakbot.A Backdoor:Win32/Qakbot!lnk Trojan:JS/Medfos.B The Trojans kept returning, and I saw in some log posts on the MS site to uninstall Java first, which then allowed MSE to detect and remove items such as this: Exploit:Java/CVE-2012-1723.DGW Today I received this notification from Malewarebytes, and another detection of a Exploit:Java/CVE from MSE: 2012/11/24 08:27:59 -0800 DCHAM102086 IP-BLOCK 66.150.14.17 (Type: outgoing, Port: 49782, Process: iexplore.exe) Any assistance would be greatly appreciated. Here is the DDS file: DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16455 Run by DCham at 9:06:53 on 2012-11-24 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.12279.9541 [GMT -8:00] . AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C} SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Program Files\Microsoft Security Client\MsMpEng.exe C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\atieclxx.exe C:\Windows\System32\WUDFHost.exe C:\Windows\System32\WUDFHost.exe C:\Program Files\HitmanPro\hmpsched.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files (x86)\Bonjour\mDNSResponder.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Microsoft LifeCam\MSCamS64.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Microsoft Security Client\NisSrv.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\System32\WUDFHost.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\taskhost.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Windows Sidebar\sidebar.exe D:\Games\steam.exe C:\Program Files (x86)\Drobo\Drobo Dashboard\DDAssist.exe C:\Program Files\Logitech\GamePanel Software\Applets\LCDCountdown.exe C:\Program Files\Logitech\GamePanel Software\Applets\ColorOnly\LCDYT.exe C:\Program Files\Logitech\GamePanel Software\Applets\ColorOnly\LCDMovieViewer.exe C:\Program Files\Logitech\GamePanel Software\Applets\LCDRSS.exe C:\Program Files\Logitech\GamePanel Software\Applets\LCDClock.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Google\Google Talk\googletalk.exe C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe C:\Program Files (x86)\CyberLink\Shared Files\brs.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Windows Media Player\WMPSideShowGadget.exe C:\Program Files (x86)\Windows Media Player\wmplayer.exe C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe C:\Windows\system32\taskhost.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe C:\Windows\SysWOW64\NOTEPAD.EXE C:\Windows\system32\svchost.exe -k HPService C:\Windows\system32\sppsvc.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe \\?\C:\Windows\system32\wbem\WMIADAP.EXE C:\Windows\SysWOW64\svchost.exe -k Akamai C:\Windows\system32\vssvc.exe C:\Windows\System32\svchost.exe -k swprv C:\Program Files\Microsoft Security Client\MpCmdRun.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ uProxyOverride = 127.0.0.1:9421;<local> uURLSearchHooks: YTNavAssist.YTNavAssistPlugin Class: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\YTNavAssist.dll BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun uRun: [steam] "D:\Games\Steam.exe" -silent uRun: [DDAssist] C:\Program Files (x86)\Drobo\Drobo Dashboard\DDAssist.exe uRun: [Akamai NetSession Interface] "C:\Users\DCham\AppData\Local\Akamai\netsession_win.exe" uRun: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe" mRun: [updateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.0" mRun: [updatePSTShortCut] "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe" mRun: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" mRun: [CTxfiHlp] CTXFIHLP.EXE mRun: [googletalk] C:\Program Files (x86)\Google\Google Talk\googletalk.exe /autostart mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" mRun: [bDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun dRun: [CtxfiReg] CTXFIREG.exe /FAIL1 dRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 uPolicies-Explorer: NoDrives = dword:0 mPolicies-Explorer: NoDrives = dword:0 mPolicies-System: ConsentPromptBehaviorAdmin = dword:0 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableLUA = dword:0 mPolicies-System: EnableUIADesktopToggle = dword:0 mPolicies-System: PromptOnSecureDesktop = dword:0 mPolicies-Explorer: NoDriveTypeAutoRun = dword:145 IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html IE: Open Client to monitor &1 - C:\Windows\web\AOpenClient.htm IE: Open Client to monitor &2 - C:\Windows\web\AOpenClient.htm IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} Trusted Zone: clonewarsadventures.com Trusted Zone: freerealms.com Trusted Zone: soe.com Trusted Zone: sony.com DPF: {000F1EA4-5E08-4564-A29B-29076F63A37A} - hxxp://launch.soe.com/plugin/web/SOEWebInstaller.cab DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} - hxxp://chat.yahoo.com/cab/yuplapp.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15112/CTPID.cab TCP: NameServer = 192.168.1.1 TCP: Interfaces\{AAC08565-3C4E-42B5-88BD-42ADEE3007F6} : DHCPNameServer = 192.168.1.1 SSODL: WebCheck - <orphaned> mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe" x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg64.dll x64-Run: [Launch LgDeviceAgent] "C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe" x64-Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" x64-Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE x64-Run: [VX3000] C:\Windows\vVX3000.exe x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey x64-SSODL: WebCheck - <orphaned> . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\DCham\AppData\Roaming\Mozilla\Firefox\Profiles\xxrtogqb.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: network.proxy.type - 0 FF - ExtSQL: !HIDDEN! 2012-11-23 16:29; {4a068a1c-9604-493b-b11b-c2add4964c37}; C:\Users\DCham\AppData\Roaming\Mozilla\Firefox\Profiles\xxrtogqb.default\extensions\{4a068a1c-9604-493b-b11b-c2add4964c37}.xpi . ---- FIREFOX POLICIES ---- FF - user.js: yahoo.ytff.general.dontshowhpoffer - true . ============= SERVICES / DRIVERS =============== . R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2012-8-30 228768] R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2011/01/16 17:55:28];C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl [2010-11-17 146928] R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 27136] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-9-27 239616] R2 HitmanProScheduler;HitmanPro Scheduler;C:\Program Files\HitmanPro\hmpsched.exe [2012-11-23 108904] R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-10-6 399432] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2009-12-17 676936] R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2010-10-24 128456] R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-5-13 96896] R3 CT20XUT.SYS;CT20XUT.SYS;C:\Windows\System32\drivers\CT20XUT.sys [2010-7-7 230488] R3 CTEXFIFX.SYS;CTEXFIFX.SYS;C:\Windows\System32\drivers\CTEXFIFX.sys [2010-7-7 1445976] R3 CTHWIUT.SYS;CTHWIUT.SYS;C:\Windows\System32\drivers\CTHWIUT.sys [2010-7-7 95320] R3 ha20x22k;Creative 20X2 HAL Driver;C:\Windows\System32\drivers\ha20x22k.sys [2010-7-7 1612888] R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\drivers\LGBusEnum.sys [2009-7-14 22408] R3 LGPBTDD;LGPBTDD.sys Display Driver;C:\Windows\System32\drivers\LGPBTDD.sys [2009-7-1 30728] R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2009-12-17 25928] R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896] R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-9-28 395264] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 cuyyjphks;Remote Procedure Call (RPC) Service;C:\Users\DCham\AppData\Roaming\Microsoft\Xyqzwni\xyqzwni.exe /D --> C:\Users\DCham\AppData\Roaming\Microsoft\Xyqzwni\xyqzwni.exe [?] S3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;C:\Windows\System32\drivers\BVRPMPR5a64.SYS [2010-8-11 35840] S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2009-11-25 79360] S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-11-25 79360] S3 CT20XUT;CT20XUT;C:\Windows\System32\drivers\CT20XUT.sys [2010-7-7 230488] S3 CTEXFIFX;CTEXFIFX;C:\Windows\System32\drivers\CTEXFIFX.sys [2010-7-7 1445976] S3 CTHWIUT;CTHWIUT;C:\Windows\System32\drivers\CTHWIUT.sys [2010-7-7 95320] S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe [2009-12-15 25832] S3 ENTECH64;ENTECH64;C:\Windows\System32\drivers\Entech64.sys [2009-11-19 12744] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-2 19456] S3 RemoteControl-USBLAN;RemoteControl-USBLAN;C:\Windows\System32\drivers\rcblan.sys [2010-5-20 46616] S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-2 57856] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-4-14 1255736] S3 WLRAWMp50x64;WLRAWMp50x64 NDIS Protocol Driver;C:\Windows\System32\drivers\WLRAWMp50x64.sys [2011-3-30 35352] S3 WLRAWSp50x64;WLRAWSp50x64 NDIS Protocol Driver;C:\Windows\System32\drivers\WLRAWSp50x64.sys [2010-12-6 34328] . =============== Created Last 30 ================ . 2012-11-24 17:01:17 76232 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{52F9C032-1C8B-4A17-9386-07CB045E63D6}\offreg.dll 2012-11-24 16:33:15 9125352 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{52F9C032-1C8B-4A17-9386-07CB045E63D6}\mpengine.dll 2012-11-24 05:28:26 -------- d-----w- C:\Program Files\HitmanPro 2012-11-24 05:28:03 -------- d-----w- C:\ProgramData\HitmanPro 2012-11-24 04:49:46 9125352 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-11-19 06:16:48 9728 ----a-w- C:\Windows\System32\Wdfres.dll 2012-11-19 06:16:48 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys 2012-11-19 06:16:48 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys 2012-11-19 06:16:48 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui 2012-11-19 06:11:16 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys 2012-11-19 06:11:16 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll 2012-11-19 06:11:16 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys 2012-11-19 06:11:16 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll 2012-11-19 06:11:15 744448 ----a-w- C:\Windows\System32\WUDFx.dll 2012-11-19 06:11:15 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll 2012-11-19 06:11:15 229888 ----a-w- C:\Windows\System32\WUDFHost.exe 2012-11-19 01:13:23 -------- d-----w- C:\Brother 2012-11-19 01:13:13 45056 ----a-w- C:\Windows\SysWow64\BRTCPCON.DLL 2012-11-19 01:13:05 103736 ----a-w- C:\Windows\SysWow64\BRRBTOOL.EXE 2012-11-19 01:13:03 77824 ----a-w- C:\Windows\SysWow64\BRLMW03A.DLL 2012-11-19 01:13:03 25299 ----a-w- C:\Windows\SysWow64\BRLM03A.DLL 2012-11-19 01:13:01 73728 ----a-w- C:\Windows\SysWow64\BrDctF2.dll 2012-11-19 01:13:01 5120 ----a-w- C:\Windows\SysWow64\BrDctF2L.dll 2012-11-19 01:13:01 2560 ----a-w- C:\Windows\SysWow64\BrDctF2S.dll 2012-11-19 01:13:01 217088 ----a-w- C:\Windows\SysWow64\NSSearch.dll 2012-11-19 01:13:00 -------- d-----w- C:\Program Files (x86)\Brother 2012-11-19 01:12:59 180224 ----a-w- C:\Windows\SysWow64\BroSNMP.dll 2012-11-19 01:12:16 -------- d-----w- C:\ProgramData\Brother 2012-11-11 14:02:46 -------- d-----w- C:\Program Files (x86)\CodeFromThe70s.org 2012-11-03 02:59:00 -------- d-----w- C:\Program Files (x86)\AMD AVT 2012-11-03 02:55:37 2048 ----a-w- C:\Windows\SysWow64\tzres.dll . ==================== Find3M ==================== . 2012-11-11 13:20:31 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-11-11 13:20:31 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-10-18 18:25:58 3149824 ----a-w- C:\Windows\System32\win32k.sys 2012-10-09 18:17:13 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll 2012-10-09 18:17:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll 2012-10-09 17:40:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll 2012-10-09 17:40:31 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll 2012-10-08 11:31:03 2312704 ----a-w- C:\Windows\System32\jscript9.dll 2012-10-08 11:23:52 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-10-08 11:22:55 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-10-08 11:18:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-10-08 11:17:35 599040 ----a-w- C:\Windows\System32\vbscript.dll 2012-10-08 11:13:33 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-10-08 07:56:24 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-10-08 07:48:03 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-10-08 07:47:44 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-10-08 07:44:05 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-10-08 07:43:21 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll 2012-10-08 07:40:56 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-10-03 17:56:54 1914248 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2012-10-03 17:44:21 70656 ----a-w- C:\Windows\System32\nlaapi.dll 2012-10-03 17:44:21 303104 ----a-w- C:\Windows\System32\nlasvc.dll 2012-10-03 17:44:17 246272 ----a-w- C:\Windows\System32\netcorehc.dll 2012-10-03 17:44:17 18944 ----a-w- C:\Windows\System32\netevent.dll 2012-10-03 17:44:16 216576 ----a-w- C:\Windows\System32\ncsi.dll 2012-10-03 17:42:16 569344 ----a-w- C:\Windows\System32\iphlpsvc.dll 2012-10-03 16:42:24 18944 ----a-w- C:\Windows\SysWow64\netevent.dll 2012-10-03 16:42:24 175104 ----a-w- C:\Windows\SysWow64\netcorehc.dll 2012-10-03 16:42:23 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll 2012-10-03 16:07:26 45568 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys 2012-09-30 03:54:26 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-09-28 22:37:02 221696 ----a-w- C:\Windows\System32\clinfo.exe 2012-09-28 22:36:44 75776 ----a-w- C:\Windows\System32\OpenVideo64.dll 2012-09-28 22:36:40 65536 ----a-w- C:\Windows\SysWow64\OpenVideo.dll 2012-09-28 22:36:36 63488 ----a-w- C:\Windows\System32\OVDecode64.dll 2012-09-28 22:36:34 56320 ----a-w- C:\Windows\SysWow64\OVDecode.dll 2012-09-28 22:36:24 32635904 ----a-w- C:\Windows\System32\amdocl64.dll 2012-09-28 22:32:16 27341824 ----a-w- C:\Windows\SysWow64\amdocl.dll 2012-09-28 02:23:00 5557928 ----a-w- C:\Windows\SysWow64\atiumdag.dll 2012-09-28 02:21:20 10697216 ----a-w- C:\Windows\System32\drivers\atikmdag.sys 2012-09-28 02:05:38 70144 ----a-w- C:\Windows\System32\coinst_9.002.dll 2012-09-28 02:03:52 163840 ----a-w- C:\Windows\System32\atiapfxx.exe 2012-09-28 02:02:30 51200 ----a-w- C:\Windows\System32\aticalrt64.dll 2012-09-28 02:02:28 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll 2012-09-28 02:02:22 44544 ----a-w- C:\Windows\System32\aticalcl64.dll 2012-09-28 02:02:20 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll 2012-09-28 02:02:08 16082432 ----a-w- C:\Windows\System32\aticaldd64.dll 2012-09-28 01:59:56 23825920 ----a-w- C:\Windows\System32\atio6axx.dll 2012-09-28 01:57:20 13703168 ----a-w- C:\Windows\SysWow64\aticaldd.dll 2012-09-28 01:43:28 935424 ----a-w- C:\Windows\SysWow64\aticfx32.dll 2012-09-28 01:41:40 1120768 ----a-w- C:\Windows\System32\aticfx64.dll 2012-09-28 01:41:14 19624960 ----a-w- C:\Windows\SysWow64\atioglxx.dll 2012-09-28 01:39:36 6536192 ----a-w- C:\Windows\SysWow64\atidxx32.dll 2012-09-28 01:39:14 442368 ----a-w- C:\Windows\System32\atidemgy.dll 2012-09-28 01:39:08 538112 ----a-w- C:\Windows\System32\atieclxx.exe 2012-09-28 01:38:16 239616 ----a-w- C:\Windows\System32\atiesrxx.exe 2012-09-28 01:36:50 120320 ----a-w- C:\Windows\System32\atitmm64.dll 2012-09-28 01:36:36 21504 ----a-w- C:\Windows\System32\atimuixx.dll 2012-09-28 01:36:30 59392 ----a-w- C:\Windows\System32\atiedu64.dll 2012-09-28 01:36:26 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll 2012-09-28 01:31:26 3127296 ----a-w- C:\Windows\System32\atiumd6a.dll 2012-09-28 01:25:24 6704640 ----a-w- C:\Windows\System32\atiumd64.dll 2012-09-28 01:22:42 7167488 ----a-w- C:\Windows\System32\atidxx64.dll 2012-09-28 01:22:30 2691584 ----a-w- C:\Windows\SysWow64\atiumdva.dll 2012-09-28 01:13:40 595456 ----a-w- C:\Windows\System32\atiadlxx.dll 2012-09-28 01:13:30 405504 ----a-w- C:\Windows\SysWow64\atiadlxy.dll 2012-09-28 01:13:16 17920 ----a-w- C:\Windows\System32\atig6pxx.dll 2012-09-28 01:13:12 14848 ----a-w- C:\Windows\SysWow64\atiglpxx.dll 2012-09-28 01:13:12 14848 ----a-w- C:\Windows\System32\atiglpxx.dll 2012-09-28 01:13:08 41984 ----a-w- C:\Windows\System32\atig6txx.dll 2012-09-28 01:13:00 33280 ----a-w- C:\Windows\SysWow64\atigktxx.dll 2012-09-28 01:12:58 56320 ----a-w- C:\Windows\System32\atimpc64.dll 2012-09-28 01:12:58 56320 ----a-w- C:\Windows\System32\amdpcom64.dll 2012-09-28 01:12:52 460288 ----a-w- C:\Windows\System32\drivers\atikmpag.sys 2012-09-28 01:12:48 56832 ----a-w- C:\Windows\SysWow64\atimpc32.dll 2012-09-28 01:12:48 56832 ----a-w- C:\Windows\SysWow64\amdpcom32.dll 2012-09-28 01:11:22 129536 ----a-w- C:\Windows\System32\atiuxp64.dll 2012-09-28 01:11:16 109568 ----a-w- C:\Windows\SysWow64\atiuxpag.dll 2012-09-28 01:11:08 103424 ----a-w- C:\Windows\System32\atiu9p64.dll 2012-09-28 01:10:58 82944 ----a-w- C:\Windows\SysWow64\atiu9pag.dll 2012-09-28 01:09:48 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll 2012-09-25 22:47:43 78336 ----a-w- C:\Windows\SysWow64\synceng.dll 2012-09-25 22:46:17 95744 ----a-w- C:\Windows\System32\synceng.dll 2012-09-14 19:19:29 2048 ----a-w- C:\Windows\System32\tzres.dll 2012-09-02 19:31:47 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll 2012-09-02 19:31:47 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2012-08-31 18:19:35 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys 2012-08-31 05:03:48 228768 ----a-w- C:\Windows\System32\drivers\MpFilter.sys 2012-08-31 05:03:48 128456 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys 2012-08-30 18:03:45 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-08-30 17:12:02 3968880 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-08-30 17:12:02 3914096 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe . ============= FINISH: 9:07:10.78 =============== attach file: . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Professional Boot Device: \Device\HarddiskVolume1 Install Date: 11/25/2009 11:53:58 AM System Uptime: 11/24/2012 9:01:04 AM (0 hours ago) . Motherboard: ASUSTeK Computer INC. | | P6TD DELUXE Processor: Intel® Core i7 CPU 975 @ 3.33GHz | LGA1366 | 1700/133mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 238 GiB total, 41.586 GiB free. D: is FIXED (NTFS) - 1863 GiB total, 1771.817 GiB free. E: is CDROM (UDF) F: is CDROM () G: is Removable H: is Removable I: is Removable J: is Removable K: is Removable U: is NetworkDisk (NTFS) - 16362 GiB total, 16256.637 GiB free. V: is NetworkDisk (NTFS) - 16362 GiB total, 16256.637 GiB free. Z: is NetworkDisk (NTFS) - 16362 GiB total, 16256.637 GiB free. . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP497: 11/24/2012 9:05:49 AM - ComboFix created restore point . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) 2007 Microsoft Office system 64 Bit HP CIO Components Installer 6400_Help Acrobat.com Adobe AIR Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader 9.5.2 Akamai NetSession Interface Akamai NetSession Interface Service Alpha Protocol Amazon MP3 Downloader 1.0.10 Amazon MP3 Uploader AMD Accelerated Video Transcoding AMD APP SDK Runtime AMD Catalyst Install Manager AMD Drag and Drop Transcoding AMD Media Foundation Decoders Apple Application Support Apple Mobile Device Support Apple Software Update Application Profiles ATI AVIVO64 Codecs ATI Catalyst Registration ATI Problem Report Wizard Baldur's Gate Baldur's Gate II - Throne of Bhaal Bastion Betrayal Pack Bonjour bpd_scan BPDSoftware BPDSoftware_Ini Brother MFL-Pro Suite MFC-7860DW Catalyst Control Center Catalyst Control Center - Branding Catalyst Control Center Graphics Previews Common Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-utility64 CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish Circle of Eight Modpack version 6.1.0 NC Creative ALchemy Creative Audio Control Panel Creative Console Launcher Creative Diagnostics Creative Software AutoUpdate Creative Sound Blaster Properties x64 Edition CyberLink PowerDVD 10 Dolby Digital Live Pack Dragon Age II Dragon Age: Origins Drakensang Drakensang The River of Time Drobo Dashboard Dungeon Siege III DVDFab 8.0.6.6 (30/12/2010) Ewisoft Website Builder (include eCommerce Builder) Version 5 Fallout Fallout 3 Fallout: New Vegas Faster Than Light Futuremark SystemInfo GIMP 2.6.11 GOG.com Downloader version 3.0.52 Google Chrome Google Talk (remove only) Google Toolbar for Internet Explorer Google Update Helper HitmanPro 3.6 HP Officejet J6400 Series HydraVision Icewind Dale II iTunes J6400_Basic LG Burning Tools LG CyberLink LabelPrint LG CyberLink PowerBackup LG CyberLink PowerProducer LG Power Tools LightScribe System Software Logitech Alert Commander Logitech GamePanel Software 3.03.133 Logitech Harmony Remote Software 7 Magic The Gathering Tactics Malwarebytes Anti-Malware version 1.65.1.1000 Microsoft .NET Framework 4 Client Profile Microsoft Application Compatibility Toolkit 5.6 Microsoft Corporation Microsoft DirectX SDK (March 2008) Microsoft Games for Windows - LIVE Redistributable Microsoft Games for Windows Marketplace Microsoft LifeCam Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office File Validation Add-In Microsoft Office Office 64-bit Components 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Professional Hybrid 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared 64-bit MUI (English) 2007 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Security Client Microsoft Security Essentials Microsoft Silverlight Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable - KB2467175 Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft XNA Framework Redistributable 3.1 Mozilla Firefox 9.0.1 (x86 en-US) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) neroxml Netflix in Windows Media Center Network64 NVIDIA PhysX OpenAL Origin Poke Pool of Radiance: RoMD POR DB PowerDVD QuickTime Remote Control USB Driver Scan Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687314) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2687315) 32-Bit Edition Sid Meier's Civilization V SPORE™ Star Wars: The Old Republic Steam Temple of Elemental Evil The Elder Scrolls V: Skyrim The Lord of the Rings FREE Trial The Witcher Enhanced Edition Toolbox Torchlight Torchlight 2 Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition Update for Microsoft Office Access 2007 Help (KB963663) Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition Update for Microsoft Office Outlook 2007 Help (KB963677) Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2760413) 32-Bit Edition Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Publisher 2007 Help (KB963667) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) Vim 7.3 (self-installing) WebReg Windows Live ID Sign-in Assistant WinZip 14.0 XBMC XCOM: Enemy Unknown Yahoo! BrowserPlus 2.9.8 Yahoo! Messenger Yahoo! Software Update Yahoo! Toolbar . ==== Event Viewer Messages From Past Week ======== . 11/24/2012 9:05:26 AM, Error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service. 11/23/2012 8:50:33 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: Update Source: User Update Stage: Install Source Path: Signature Type: Update Type: User: DCHAM102086\DCham Current Engine Version: Previous Engine Version: Error code: 0x80070652 Error description: Another installation is already in progress. Complete that installation before proceeding with this install. 11/23/2012 8:49:11 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.343.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x800703fa Error description: Illegal operation attempted on a registry key that has been marked for deletion. 11/23/2012 8:48:34 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.343.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x800703fa Error description: Illegal operation attempted on a registry key that has been marked for deletion. . ==== End Of File ===========================
- November 24, 2012
- 16 replies

Sign In

doran66

Posts

Joined

Last visited

Reputation

doran66

MrCharlie

Cannot fully remove Trojan

Cannot fully remove Trojan

Cannot fully remove Trojan

Cannot fully remove Trojan

Cannot fully remove Trojan

Cannot fully remove Trojan

Cannot fully remove Trojan

Cannot fully remove Trojan

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information