RichAC

Honorary Members

View Profile See their activity

Posts
33
Joined
January 4, 2013
Last visited
July 31, 2013

Content Type

All Activity

Events

Profiles

Forums

Topics
Posts

Everything posted by RichAC

Am I still infected?

RichAC replied to RichAC's topic in Resolved Malware Removal Logs

ok so i ran a cleanboot for a couple days. i noticed again explorer.exe gaining in size after a while. not as much as when i load all drivers and services i have going...but maybe its just normal for my machine. since i do alot of diff tasks and run diff programs everyday with many windows open. maybe supefetch keeps everyting in memory always. btw i also got a brand new corsair psu. and the game is running much better. but now i have another question. I just set up my home network again on my pc. i share music and movies on my network with another computer. and now my NIS firewall randomly asked me to allow explorer.exe to connect to the other computer. Is this something i need to allow for file sharing between the two pcs? i'm pretty sure i already transferred the movie.....so i'm curious about this.
- January 7, 2013
- 27 replies
Am I still infected?

RichAC replied to RichAC's topic in Resolved Malware Removal Logs

I will try the clean boot of windows and leave my pc on for a day and see if I get the same issue...but I if the explorer.exe increasing in size so much is not anything to worry about then everything is ok. I will update my java asap. I guess i need further instruction on cleaing up the tools? I appreciate all your time and help Kevin. The only other other questions i have regarding my pc were about my hardware. Would you know any proper forums to ask these questions? I was wondering if the psu getting really hot under full stress might be causing my cpu to spike. And i was wondering if the cpu could also be causing my NB temperature to be hotter at idle...then when at full load...lol I don't know if this is by design on the new amd gigabyte boards or what, which is what my dell pc has. ...... At first i just thought the software was not reading the censor correct. But i acctually did the finger test....and to my amazment. the NB heatsink is much cooler to the touch at full load....then it is at idle. so the temp reading must be correct. defies common logic but maybe it is by design. It idles at 65 degrees and cools to as low as 50 on full load. Could this be another sign of a faulty psu not undervolting correctly I wonder? Would you know any hardware experts i could ask? Tks again for everything Kevin.
- January 5, 2013
- 27 replies
Am I still infected?

RichAC replied to RichAC's topic in Resolved Malware Removal Logs

ok tks again Kevin. I will be sure to do that and post if i see any other issues. And just to clarify then, it is not unusual for the explorer.exe to get so big after the pc is on for a while?
- January 5, 2013
- 27 replies
Am I still infected?

RichAC replied to RichAC's topic in Resolved Malware Removal Logs

i'm not sure how to edit the post i apologize. I just wanted to add that one of my svchost.exe process is at 250,000k and that basically all the running processes increase in memory over time. Maybe this is a nautral occurence. I dont' know much about windows 7. ty again. Rich.
- January 4, 2013
- 27 replies
Am I still infected?

RichAC replied to RichAC's topic in Resolved Malware Removal Logs

I'm sorry i had a type oh there. I mean to say i "sometimes notice" my csrss.exe process go to about 150,000k and stay there for an hour or so. I'm not sure why. I was thinking it had to do with the game i play online. but my explorer.exe is still at a large number. maybe this is normal in windows 7? tks again for your understanding and help with this matter.
- January 4, 2013
- 27 replies
Am I still infected?

RichAC replied to RichAC's topic in Resolved Malware Removal Logs

Tks once again. Here are the logs. ComboFix 13-01-04.03 - Rick 01/04/2013 17:26:50.2.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6143.4584 [GMT -5:00] Running from: c:\users\Rick\Desktop\ComboFix.exe Command switches used :: c:\users\Rick\Desktop\cfscript..txt AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((( Files Created from 2012-12-04 to 2013-01-04 ))))))))))))))))))))))))))))))) . . 2013-01-04 22:30 . 2013-01-04 22:30 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-01-04 19:32 . 2013-01-04 19:32 -------- d-----w- c:\program files\Realmware 2013-01-04 18:39 . 2013-01-04 18:50 -------- d-----w- c:\program files (x86)\OCCTPT 2013-01-04 05:50 . 2013-01-04 05:50 -------- d-----w- c:\programdata\Malwarebytes 2013-01-04 05:50 . 2013-01-04 05:50 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2013-01-04 05:50 . 2012-12-14 21:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-01-03 00:45 . 2010-02-18 14:18 46136 ----a-w- c:\windows\system32\drivers\amdiox64.sys 2013-01-02 23:39 . 2013-01-02 23:39 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services 2013-01-02 23:39 . 2013-01-02 23:39 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition 2013-01-01 04:41 . 2013-01-01 04:41 -------- d-----w- c:\program files\WinRAR 2012-12-30 14:56 . 2012-12-30 14:56 -------- d-----w- c:\program files (x86)\Common Files\Adobe 2012-12-30 05:09 . 2013-01-04 15:48 -------- d-----w- c:\program files\PeerBlock 2012-12-30 03:24 . 2012-12-30 03:24 -------- d-----w- c:\program files\CCleaner 2012-12-29 20:40 . 2000-05-11 06:00 90112 ------w- c:\windows\Updreg.EXE 2012-12-29 20:40 . 2010-01-12 20:37 230912 ----a-w- c:\windows\system32\APOMgr64.DLL 2012-12-29 20:40 . 2010-01-12 20:36 177664 ----a-w- c:\windows\SysWow64\APOMngr.DLL 2012-12-29 20:40 . 2009-12-29 21:52 89088 ----a-w- c:\windows\system32\CmdRtr64.DLL 2012-12-29 20:40 . 2009-12-29 21:50 73728 ----a-w- c:\windows\SysWow64\CmdRtr.DLL 2012-12-29 20:40 . 2012-12-29 20:40 -------- d-----w- c:\program files (x86)\Creative 2012-12-29 20:39 . 2003-11-10 23:14 729088 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iKernel.dll 2012-12-29 20:39 . 2003-11-10 23:13 69715 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\ctor.dll 2012-12-29 20:39 . 2003-11-10 23:12 266240 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iscript.dll 2012-12-29 20:39 . 2003-11-10 23:12 192512 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iuser.dll 2012-12-29 20:39 . 2003-11-10 23:11 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\DotNetInstaller.exe 2012-12-29 20:39 . 2012-12-29 20:39 311428 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\setup.dll 2012-12-29 20:39 . 2012-12-29 20:39 188548 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iGdi.dll 2012-12-29 15:06 . 2012-10-09 18:17 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll 2012-12-29 05:48 . 2012-12-29 19:11 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-12-29 05:48 . 2012-12-29 19:11 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-12-29 05:48 . 2012-12-29 05:48 -------- d-----w- c:\windows\system32\Macromed 2012-12-29 03:32 . 2012-12-29 20:45 -------- d--h--w- c:\program files (x86)\Temp 2012-12-29 03:32 . 2012-05-25 23:06 1706640 ----a-w- c:\windows\RtlExUpd.dll 2012-12-29 03:32 . 2006-02-07 20:45 757760 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll 2012-12-29 03:32 . 2006-02-07 20:44 65024 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ISBEW64.exe 2012-12-29 03:32 . 2006-02-07 20:40 204800 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll 2012-12-29 03:32 . 2006-02-07 20:40 69715 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll 2012-12-29 03:32 . 2006-02-07 20:40 274432 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll 2012-12-29 03:32 . 2005-11-14 04:19 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe 2012-12-29 03:32 . 2012-12-29 03:32 331908 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll 2012-12-29 03:32 . 2012-12-29 03:32 200836 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll 2012-12-28 22:47 . 2013-01-04 20:04 281520 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr 2012-12-28 22:16 . 2012-12-28 22:19 -------- d-----w- c:\program files (x86)\ArgusMonitor 2012-12-28 20:38 . 2012-12-28 20:38 -------- d-----w- c:\program files (x86)\Battlelog Web Plugins 2012-12-28 20:32 . 2012-12-28 20:32 -------- d-----w- c:\programdata\EA Core 2012-12-28 20:32 . 2012-12-29 03:50 -------- d-----w- c:\programdata\EA Logs 2012-12-28 19:59 . 2012-12-28 19:59 -------- d--h--w- c:\program files (x86)\Common Files\EAInstaller 2012-12-28 19:47 . 2012-12-28 20:35 -------- d-----w- c:\programdata\Electronic Arts 2012-12-28 19:47 . 2012-12-28 19:51 -------- d-----w- c:\program files (x86)\Origin Games 2012-12-28 19:47 . 2012-12-28 19:51 -------- d-----w- c:\programdata\Origin 2012-12-28 19:47 . 2012-12-28 19:51 -------- d-----w- c:\program files (x86)\Origin 2012-12-28 19:01 . 2011-07-13 18:59 15920 ----a-w- c:\windows\system32\drivers\NBVolUp.sys 2012-12-28 19:01 . 2012-12-28 19:01 -------- dc----w- c:\windows\system32\DRVSTORE 2012-12-28 19:01 . 2011-07-13 18:59 72240 ----a-w- c:\windows\system32\drivers\NBVol.sys 2012-12-28 19:01 . 2012-12-28 19:02 -------- d-----w- c:\program files (x86)\Nero 2012-12-28 19:01 . 2012-12-28 19:01 -------- d-----w- c:\program files (x86)\Common Files\Nero 2012-12-28 18:55 . 2012-12-28 18:55 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service 2012-12-28 18:49 . 2012-12-28 18:49 -------- d-----w- c:\program files (x86)\uTorrent 2012-12-28 18:41 . 2011-02-19 12:05 1139200 ----a-w- c:\windows\system32\FntCache.dll 2012-12-28 18:41 . 2011-02-19 12:04 902656 ----a-w- c:\windows\system32\d2d1.dll 2012-12-28 18:41 . 2011-02-19 06:30 739840 ----a-w- c:\windows\SysWow64\d2d1.dll 2012-12-28 18:23 . 2012-09-07 02:05 43680 ----a-r- c:\windows\system32\drivers\SymIMV.sys 2012-12-28 18:15 . 2012-12-28 18:15 -------- d-----w- c:\program files (x86)\MSXML 4.0 2012-12-28 18:14 . 2012-12-28 18:14 -------- d-----w- c:\programdata\ATI 2012-12-28 18:12 . 2012-12-28 18:12 -------- d-----w- c:\program files (x86)\AMD AVT 2012-12-28 18:12 . 2012-12-28 18:12 -------- d-----w- c:\program files (x86)\AMD APP 2012-12-28 18:11 . 2012-12-28 18:11 -------- d-----w- c:\program files\Common Files\ATI Technologies 2012-12-28 18:11 . 2012-12-28 18:11 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies 2012-12-28 18:11 . 2013-01-03 01:13 -------- d-----w- c:\programdata\AMD 2012-12-28 18:08 . 2012-12-28 18:08 -------- d-----w- c:\program files (x86)\Microsoft.NET 2012-12-28 18:08 . 2012-12-28 18:11 -------- d-----w- c:\program files\ATI Technologies 2012-12-28 18:08 . 2012-12-28 18:08 -------- d-----w- c:\program files\ATI 2012-12-28 18:07 . 2012-12-28 18:07 -------- d-----w- C:\AMD 2012-12-28 17:40 . 2012-12-28 17:40 -------- d-----w- c:\windows\SysWow64\Wat 2012-12-28 17:40 . 2012-12-28 17:40 -------- d-----w- c:\windows\system32\Wat 2012-12-28 17:39 . 2012-12-28 17:39 -------- d-----w- c:\windows\system32\SPReview 2012-12-28 17:38 . 2012-12-28 17:38 -------- d-----w- c:\windows\system32\EventProviders 2012-12-28 17:37 . 2010-11-05 01:57 48976 ----a-w- c:\windows\system32\netfxperf.dll 2012-12-28 17:37 . 2010-11-05 01:57 1942856 ----a-w- c:\windows\system32\dfshim.dll 2012-12-28 17:35 . 2010-11-20 13:27 978944 ----a-w- c:\windows\system32\WMSPDMOD.DLL 2012-12-28 17:24 . 2011-03-11 06:41 189824 ----a-w- c:\windows\system32\drivers\storport.sys 2012-12-28 16:54 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys 2012-12-28 16:54 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys 2012-12-28 16:54 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui 2012-12-28 16:54 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll 2012-12-28 16:48 . 2012-11-28 20:58 67413224 ----a-w- c:\windows\system32\MRT.exe 2012-12-28 16:41 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll 2012-12-28 16:41 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll 2012-12-28 16:41 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2012-12-28 16:41 . 2010-09-30 10:41 100864 ----a-w- c:\windows\system32\fontsub.dll 2012-12-28 16:41 . 2010-09-30 06:47 70656 ----a-w- c:\windows\SysWow64\fontsub.dll 2012-12-28 16:41 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll 2012-12-28 16:41 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe 2012-12-28 16:41 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll 2012-12-28 16:41 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll 2012-12-28 16:41 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll 2012-12-28 16:41 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys 2012-12-28 16:41 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys 2012-12-28 16:41 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll 2012-12-28 16:39 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys 2012-12-28 16:39 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll 2012-12-28 16:39 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll 2012-12-28 16:39 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll 2012-12-28 16:39 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll 2012-12-28 16:36 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll 2012-12-28 16:35 . 2012-05-14 05:26 956928 ----a-w- c:\windows\system32\localspl.dll 2012-12-28 16:25 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll 2012-12-28 16:25 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll 2012-12-28 16:25 . 2012-12-28 16:25 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared 2012-12-28 16:16 . 2012-12-28 16:16 -------- d-----w- c:\program files (x86)\Common Files\Java 2012-12-28 16:16 . 2012-12-28 16:16 477168 ----a-w- c:\windows\SysWow64\npdeployJava1.dll 2012-12-28 16:16 . 2012-12-28 16:16 -------- d-----w- c:\program files (x86)\Java 2012-12-28 16:15 . 2012-12-28 16:15 -------- d-----w- c:\program files\Symantec 2012-12-28 16:15 . 2012-12-28 16:15 177312 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS 2012-12-28 16:15 . 2012-12-28 16:15 -------- d-----w- c:\program files\Common Files\Symantec Shared 2012-12-28 16:15 . 2012-12-28 16:15 -------- d-----w- c:\windows\system32\drivers\NISx64 2012-12-28 16:15 . 2012-12-28 16:15 -------- d-----w- c:\program files (x86)\Norton Internet Security 2012-12-28 16:15 . 2012-12-28 16:15 -------- d-----w- c:\program files (x86)\NortonInstaller 2012-12-28 16:10 . 2013-01-03 06:12 -------- d-----w- c:\programdata\Norton 2012-12-28 16:00 . 2012-12-28 16:02 -------- d-----w- c:\programdata\PCDr 2012-12-28 10:09 . 2012-12-28 10:09 -------- d-----w- c:\windows\SMINST 2012-12-28 09:27 . 2012-12-28 09:27 -------- d-----w- c:\users\Default\AppData\Local\SoftThinks 2012-12-28 09:26 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll 2012-12-28 09:26 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll 2012-12-28 09:26 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys 2012-12-28 09:23 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-12-28 17:49 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll 2012-12-28 17:49 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll 2012-12-28 16:16 . 2010-11-19 08:45 473072 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-11-20 21:01 . 2012-11-20 21:01 68808 ----a-w- c:\windows\SysWow64\drivers\ArgusMonitor.sys 2012-10-16 08:38 . 2012-12-28 16:37 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2012-10-16 08:38 . 2012-12-28 16:37 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2012-10-16 07:39 . 2012-12-28 16:37 561664 ----a-w- c:\windows\apppatch\AcLayers.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Argus Monitor"="c:\program files (x86)\ArgusMonitor\ArgusMonitor.exe" [2012-12-17 1785112] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "ShwiconXP9106"="c:\program files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe" [2010-03-10 237568] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-24 926896] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "EnableLinkedConnections"= 1 (0x1) . R2 AODService;AODService;c:\program files (x86)\AMD\OverDrive\AODAssist.exe [2012-09-21 136648] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184] R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344] R2 SessionLauncher;SessionLauncher;c:\users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x] R3 ahcix64s;ahcix64s;c:\windows\system32\DRIVERS\ahcix64s.sys [2009-07-14 226616] R3 AmdLLD64;AMD Low Level Device Driver;c:\windows\system32\DRIVERS\AmdLLD64.sys [2009-04-22 47672] R3 cpuz135;cpuz135;c:\users\Rick\AppData\Local\Temp\cpuz135\cpuz135_x64.sys [x] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176] R3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [2010-11-07 24176] R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-26 1124848] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-12-28 1255736] R4 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-09-28 361984] S0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\DRIVERS\NBVol.sys [2011-07-13 72240] S0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\DRIVERS\NBVolUp.sys [2011-07-13 15920] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1402000.013\SYMDS64.SYS [2012-10-04 493216] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1402000.013\SYMEFA64.SYS [2012-10-04 1133216] S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\BASHDefs\20121130.005\BHDrvx64.sys [2012-11-29 1384608] S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1402000.013\ccSetx64.sys [2012-10-04 168096] S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\IPSDefs\20130103.002\IDSvia64.sys [2012-12-27 513184] S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1402000.013\Ironx64.SYS [2012-09-07 224416] S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\NISx64\1402000.013\SYMNETS.SYS [2012-09-07 432800] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-09-28 239616] S2 AMD FusionUtility Service;AMD FusionUtility Service;c:\program files (x86)\AMD\Fusion Utility for Desktop\FusionUtility2Service.exe [2010-04-14 275832] S2 AMD Reservation Manager;AMD Reservation Manager;c:\program files (x86)\AMD\Reservation Manager\AMD Reservation Manager.exe [2010-04-14 140160] S2 AODDriver4.2.0;AODDriver4.2.0;c:\program files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [2012-09-21 57512] S2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-04-09 57472] S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\20.2.0.19\ccSvcHst.exe [2012-10-11 143928] S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136] S3 ArgusMonitor;ArgusMonitor kernel mode driver;SysWOW64\drivers\ArgusMonitor.sys [x] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-12-27 138912] S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-10-16 321064] . . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RunDLLEntry_THXCfg"="c:\windows\system32\THXCfg64.dll" [2009-10-15 17920] "RunDLLEntry_EptMon"="c:\windows\system32\EptMon64.dll" [2009-10-15 21504] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-06-11 12503184] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.yahoo.com/ mLocal Page = c:\windows\SysWOW64\blank.htm Trusted Zone: dell.com TCP: DhcpNameServer = 192.168.1.1 68.237.161.12 FF - ProfilePath - c:\users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\u6nmebcb.default\ FF - prefs.js: browser.startup.homepage - www.yahoo.com FF - ExtSQL: 2012-12-28 13:24; {BBDA0591-3099-440a-AA10-41764D9DB4DB}; c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\IPSFFPlgn FF - ExtSQL: 2012-12-28 13:43; {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}; c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\coFFPlgn FF - ExtSQL: 2012-12-28 13:56; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\u6nmebcb.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi FF - ExtSQL: 2012-12-28 13:56; {73a6fe31-595d-460b-a920-fcc0f8843232}; c:\users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\u6nmebcb.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) AddRemove-{C73A3942-84C8-4597-9F9B-EE227DCBA758} - c:\programdata\{D19C2D22-6043-47E7-B400-83A351841204}\delldock.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS] "ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\20.2.0.19\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\20.2.0.19\diMaster.dll\" /prefetch:1" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-01-04 17:32:20 ComboFix-quarantined-files.txt 2013-01-04 22:32 . Pre-Run: 907,904,237,568 bytes free Post-Run: 907,856,613,376 bytes free . - - End Of File - - 365A0FBEFC836A3E04CE81EFD5A3D8D1 ESET found one threat: C:\Users\Rick\Downloads\winamp561_full_emusic-7plus_all.exe Win32/OpenCandy application I have downloaded this to my pc but never clicked on it to install. should i delete it? Results of screen317's Security Check version 0.99.56 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Norton Internet Security WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.70.0.1100 Java 6 Update 38 Java version out of Date! Adobe Flash Player 11.5.502.135 Adobe Reader XI Mozilla Firefox (17.0.1) ````````Process Check: objlist.exe by Laurent```````` Norton ccSvcHst.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 1% ````````````````````End of Log`````````````````````` The issues i'm concerned about is when playing battlefiled 3 online. I was getting random disconnects. other players advised me to shut off UPNP in my router and in windows. which i have done. I haven't been losing my connection now.......but after playing for a while i start to get cpu spikes. My performance decreases the longer i'm playing the game and i was wondering if it had to do with windows using more memory the longer it is on. Due to the issue of my parents pc on the network getting crippled i wanted to make sure i have no malware. I have to restart the pc after a few hours....to get the best performance. I have no heat issues. I have updated drivers. Could this be a psu problem? the back of the psu does feel extremely hot to the touch. i don't feel the fan blowing. and the fan underneath the psu is making noise. so i plan on replacing that next week. but the other issue is fter playing the game, or i'm not sure what program causes this, but i sp,eto,es notice my csrss.exe process goes to about 150,000k memory used. is this normal? I just went to check it now....but it seems to have gone back to normal, and is back at 25,000k. But my explorer.exe is still at 167,000k. and i notice overtime if i leave my pc on for days....even windows starts to get a little sluggish. is this normal?
- January 4, 2013
- 27 replies
Am I still infected?

RichAC replied to RichAC's topic in Resolved Malware Removal Logs

Ty for your fast response. I had some werid issues following these instructions. i downloaded and ran adwcleaner. but upon reboot and after loggin into windows. my pc just hung on a black screen with a mouse cursor. the desktop never came up. i waited 15 mins and there was no disk activity....so i had to power the pc off and on. after rebooting the second time....it went to the black screen only for a couple mins and i saw disk activity so i let it go. after only a few mins.....windows booted and generated the log file. Then i downloaded combofix. I went to shut off my norton antivirus and firewall. and norton crashed on me. wouldn't load up. so i rebooted again. this time the desktop only partially loaded up and froze again.... i was able to move the mouse and the icons loaded...but the only thing that loaded in the task tray was malwarebytes and nothing else. and i couldn't click on anything. so i rebooted once again. this time i was able to turn off the norton protetion and shut down malwarebytes and run combofix. combofix ran and rebooted. took a long time to generate the log file though, and i noticed one of the startup items in my task tray did not load. a shareware hardware monitor i use called argus monitor. i then went to load up the web browser. but IE and firefox both kept telling me an "illegal action was performed by a registry entry marke for deletion." and wouldnt load up. I once again rebooted the pc. the pc then booted very fast...loaded up the argus monitor as well on bootup and i am now able to load the browsers. Hopefully I followed these instructions correctly and these issues are nothing to worry about. i don't notice any other issues as of yet. again ty for your response. here are the log files generated: # AdwCleaner v2.104 - Logfile created 01/04/2013 at 10:49:04 # Updated 29/12/2012 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : Rick - RICK-PC # Boot Mode : Normal # Running from : C:\Users\Rick\Desktop\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** File Deleted : C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\u6nmebcb.default\searchplugins\safesearch.xml ***** [Registry] ***** Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16457 [OK] Registry is clean. -\\ Mozilla Firefox v17.0.1 (en-US) File : C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\u6nmebcb.default\prefs.js [OK] File is clean. ************************* AdwCleaner[s1].txt - [893 octets] - [04/01/2013 10:49:04] ########## EOF - C:\AdwCleaner[s1].txt - [952 octets] ########## ComboFix 13-01-04.03 - Rick 01/04/2013 11:12:21.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6143.4786 [GMT -5:00] Running from: c:\users\Rick\Desktop\ComboFix.exe AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\Install.exe . . ((((((((((((((((((((((((( Files Created from 2012-12-04 to 2013-01-04 ))))))))))))))))))))))))))))))) . . 2013-01-04 05:50 . 2013-01-04 05:50 -------- d-----w- c:\programdata\Malwarebytes 2013-01-04 05:50 . 2013-01-04 05:50 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2013-01-04 05:50 . 2012-12-14 21:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-01-03 00:45 . 2010-02-18 14:18 46136 ----a-w- c:\windows\system32\drivers\amdiox64.sys 2013-01-02 23:39 . 2013-01-02 23:39 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services 2013-01-02 23:39 . 2013-01-02 23:39 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition 2013-01-01 04:41 . 2013-01-01 04:41 -------- d-----w- c:\program files\WinRAR 2012-12-30 14:56 . 2012-12-30 14:56 -------- d-----w- c:\program files (x86)\Common Files\Adobe 2012-12-30 05:09 . 2013-01-04 15:48 -------- d-----w- c:\program files\PeerBlock 2012-12-30 03:24 . 2012-12-30 03:24 -------- d-----w- c:\program files\CCleaner 2012-12-29 20:40 . 2000-05-11 06:00 90112 ------w- c:\windows\Updreg.EXE 2012-12-29 20:40 . 2010-01-12 20:37 230912 ----a-w- c:\windows\system32\APOMgr64.DLL 2012-12-29 20:40 . 2010-01-12 20:36 177664 ----a-w- c:\windows\SysWow64\APOMngr.DLL 2012-12-29 20:40 . 2009-12-29 21:52 89088 ----a-w- c:\windows\system32\CmdRtr64.DLL 2012-12-29 20:40 . 2009-12-29 21:50 73728 ----a-w- c:\windows\SysWow64\CmdRtr.DLL 2012-12-29 20:40 . 2012-12-29 20:40 -------- d-----w- c:\program files (x86)\Creative 2012-12-29 20:39 . 2003-11-10 23:14 729088 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iKernel.dll 2012-12-29 20:39 . 2003-11-10 23:13 69715 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\ctor.dll 2012-12-29 20:39 . 2003-11-10 23:12 266240 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iscript.dll 2012-12-29 20:39 . 2003-11-10 23:12 192512 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iuser.dll 2012-12-29 20:39 . 2003-11-10 23:11 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\DotNetInstaller.exe 2012-12-29 20:39 . 2012-12-29 20:39 311428 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\setup.dll 2012-12-29 20:39 . 2012-12-29 20:39 188548 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iGdi.dll 2012-12-29 15:06 . 2012-10-09 18:17 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll 2012-12-29 05:48 . 2012-12-29 19:11 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-12-29 05:48 . 2012-12-29 19:11 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-12-29 05:48 . 2012-12-29 05:48 -------- d-----w- c:\windows\system32\Macromed 2012-12-29 03:32 . 2012-12-29 20:45 -------- d--h--w- c:\program files (x86)\Temp 2012-12-29 03:32 . 2012-05-25 23:06 1706640 ----a-w- c:\windows\RtlExUpd.dll 2012-12-29 03:32 . 2006-02-07 20:45 757760 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll 2012-12-29 03:32 . 2006-02-07 20:44 65024 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ISBEW64.exe 2012-12-29 03:32 . 2006-02-07 20:40 204800 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll 2012-12-29 03:32 . 2006-02-07 20:40 69715 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll 2012-12-29 03:32 . 2006-02-07 20:40 274432 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll 2012-12-29 03:32 . 2005-11-14 04:19 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe 2012-12-29 03:32 . 2012-12-29 03:32 331908 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll 2012-12-29 03:32 . 2012-12-29 03:32 200836 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll 2012-12-28 22:47 . 2013-01-04 03:56 281520 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr 2012-12-28 22:16 . 2012-12-28 22:19 -------- d-----w- c:\program files (x86)\ArgusMonitor 2012-12-28 20:38 . 2012-12-28 20:38 -------- d-----w- c:\program files (x86)\Battlelog Web Plugins 2012-12-28 20:32 . 2012-12-28 20:32 -------- d-----w- c:\programdata\EA Core 2012-12-28 20:32 . 2012-12-29 03:50 -------- d-----w- c:\programdata\EA Logs 2012-12-28 19:59 . 2012-12-28 19:59 -------- d--h--w- c:\program files (x86)\Common Files\EAInstaller 2012-12-28 19:47 . 2012-12-28 20:35 -------- d-----w- c:\programdata\Electronic Arts 2012-12-28 19:47 . 2012-12-28 19:51 -------- d-----w- c:\program files (x86)\Origin Games 2012-12-28 19:47 . 2012-12-28 19:51 -------- d-----w- c:\programdata\Origin 2012-12-28 19:47 . 2012-12-28 19:51 -------- d-----w- c:\program files (x86)\Origin 2012-12-28 19:01 . 2011-07-13 18:59 15920 ----a-w- c:\windows\system32\drivers\NBVolUp.sys 2012-12-28 19:01 . 2012-12-28 19:01 -------- dc----w- c:\windows\system32\DRVSTORE 2012-12-28 19:01 . 2011-07-13 18:59 72240 ----a-w- c:\windows\system32\drivers\NBVol.sys 2012-12-28 19:01 . 2012-12-28 19:02 -------- d-----w- c:\program files (x86)\Nero 2012-12-28 19:01 . 2012-12-28 19:01 -------- d-----w- c:\program files (x86)\Common Files\Nero 2012-12-28 18:55 . 2012-12-28 18:55 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service 2012-12-28 18:49 . 2012-12-28 18:49 -------- d-----w- c:\program files (x86)\uTorrent 2012-12-28 18:41 . 2011-02-19 12:05 1139200 ----a-w- c:\windows\system32\FntCache.dll 2012-12-28 18:41 . 2011-02-19 12:04 902656 ----a-w- c:\windows\system32\d2d1.dll 2012-12-28 18:41 . 2011-02-19 06:30 739840 ----a-w- c:\windows\SysWow64\d2d1.dll 2012-12-28 18:23 . 2012-09-07 02:05 43680 ----a-r- c:\windows\system32\drivers\SymIMV.sys 2012-12-28 18:15 . 2012-12-28 18:15 -------- d-----w- c:\program files (x86)\MSXML 4.0 2012-12-28 18:14 . 2012-12-28 18:14 -------- d-----w- c:\programdata\ATI 2012-12-28 18:12 . 2012-12-28 18:12 -------- d-----w- c:\program files (x86)\AMD AVT 2012-12-28 18:12 . 2012-12-28 18:12 -------- d-----w- c:\program files (x86)\AMD APP 2012-12-28 18:11 . 2012-12-28 18:11 -------- d-----w- c:\program files\Common Files\ATI Technologies 2012-12-28 18:11 . 2012-12-28 18:11 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies 2012-12-28 18:11 . 2013-01-03 01:13 -------- d-----w- c:\programdata\AMD 2012-12-28 18:08 . 2012-12-28 18:08 -------- d-----w- c:\program files (x86)\Microsoft.NET 2012-12-28 18:08 . 2012-12-28 18:11 -------- d-----w- c:\program files\ATI Technologies 2012-12-28 18:08 . 2012-12-28 18:08 -------- d-----w- c:\program files\ATI 2012-12-28 18:07 . 2012-12-28 18:07 -------- d-----w- C:\AMD 2012-12-28 17:40 . 2012-12-28 17:40 -------- d-----w- c:\windows\SysWow64\Wat 2012-12-28 17:40 . 2012-12-28 17:40 -------- d-----w- c:\windows\system32\Wat 2012-12-28 17:39 . 2012-12-28 17:39 -------- d-----w- c:\windows\system32\SPReview 2012-12-28 17:38 . 2012-12-28 17:38 -------- d-----w- c:\windows\system32\EventProviders 2012-12-28 17:37 . 2010-11-05 01:57 48976 ----a-w- c:\windows\system32\netfxperf.dll 2012-12-28 17:37 . 2010-11-05 01:57 1942856 ----a-w- c:\windows\system32\dfshim.dll 2012-12-28 17:35 . 2010-11-20 13:27 978944 ----a-w- c:\windows\system32\WMSPDMOD.DLL 2012-12-28 17:24 . 2011-03-11 06:41 189824 ----a-w- c:\windows\system32\drivers\storport.sys 2012-12-28 16:54 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys 2012-12-28 16:54 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys 2012-12-28 16:54 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui 2012-12-28 16:54 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll 2012-12-28 16:48 . 2012-11-28 20:58 67413224 ----a-w- c:\windows\system32\MRT.exe 2012-12-28 16:41 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll 2012-12-28 16:41 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll 2012-12-28 16:41 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2012-12-28 16:41 . 2010-09-30 10:41 100864 ----a-w- c:\windows\system32\fontsub.dll 2012-12-28 16:41 . 2010-09-30 06:47 70656 ----a-w- c:\windows\SysWow64\fontsub.dll 2012-12-28 16:41 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll 2012-12-28 16:41 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe 2012-12-28 16:41 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll 2012-12-28 16:41 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll 2012-12-28 16:41 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll 2012-12-28 16:41 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys 2012-12-28 16:41 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys 2012-12-28 16:41 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll 2012-12-28 16:39 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys 2012-12-28 16:39 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll 2012-12-28 16:39 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll 2012-12-28 16:39 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll 2012-12-28 16:39 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll 2012-12-28 16:36 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll 2012-12-28 16:35 . 2012-05-14 05:26 956928 ----a-w- c:\windows\system32\localspl.dll 2012-12-28 16:25 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll 2012-12-28 16:25 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll 2012-12-28 16:25 . 2012-12-28 16:25 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared 2012-12-28 16:16 . 2012-12-28 16:16 -------- d-----w- c:\program files (x86)\Common Files\Java 2012-12-28 16:16 . 2012-12-28 16:16 477168 ----a-w- c:\windows\SysWow64\npdeployJava1.dll 2012-12-28 16:16 . 2012-12-28 16:16 -------- d-----w- c:\program files (x86)\Java 2012-12-28 16:15 . 2012-12-28 16:15 -------- d-----w- c:\program files\Symantec 2012-12-28 16:15 . 2012-12-28 16:15 177312 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS 2012-12-28 16:15 . 2012-12-28 16:15 -------- d-----w- c:\program files\Common Files\Symantec Shared 2012-12-28 16:15 . 2012-12-28 16:15 -------- d-----w- c:\windows\system32\drivers\NISx64 2012-12-28 16:15 . 2012-12-28 16:15 -------- d-----w- c:\program files (x86)\Norton Internet Security 2012-12-28 16:15 . 2012-12-28 16:15 -------- d-----w- c:\program files (x86)\NortonInstaller 2012-12-28 16:10 . 2013-01-03 06:12 -------- d-----w- c:\programdata\Norton 2012-12-28 16:00 . 2012-12-28 16:02 -------- d-----w- c:\programdata\PCDr 2012-12-28 10:09 . 2012-12-28 10:09 -------- d-----w- c:\windows\SMINST 2012-12-28 09:27 . 2012-12-28 09:27 -------- d-----w- c:\users\Default\AppData\Local\SoftThinks 2012-12-28 09:26 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll 2012-12-28 09:26 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll 2012-12-28 09:26 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys 2012-12-28 09:23 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-12-28 09:23 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-12-28 09:23 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll 2012-12-28 09:23 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-12-28 17:49 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll 2012-12-28 17:49 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll 2012-12-28 16:16 . 2010-11-19 08:45 473072 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-11-20 21:01 . 2012-11-20 21:01 68808 ----a-w- c:\windows\SysWow64\drivers\ArgusMonitor.sys 2012-10-16 08:38 . 2012-12-28 16:37 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2012-10-16 08:38 . 2012-12-28 16:37 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2012-10-16 07:39 . 2012-12-28 16:37 561664 ----a-w- c:\windows\apppatch\AcLayers.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Argus Monitor"="c:\program files (x86)\ArgusMonitor\ArgusMonitor.exe" [2012-12-17 1785112] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "ShwiconXP9106"="c:\program files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe" [2010-03-10 237568] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-24 926896] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "EnableLinkedConnections"= 1 (0x1) . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 SessionLauncher;SessionLauncher;c:\users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x] R3 ahcix64s;ahcix64s;c:\windows\system32\DRIVERS\ahcix64s.sys [2009-07-14 226616] R3 AmdLLD64;AMD Low Level Device Driver;c:\windows\system32\DRIVERS\AmdLLD64.sys [2009-04-22 47672] R3 ArgusMonitor;ArgusMonitor kernel mode driver;SysWOW64\drivers\ArgusMonitor.sys [x] R3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [2010-11-07 24176] R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-26 1124848] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-12-28 1255736] R4 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-09-28 361984] S0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\DRIVERS\NBVol.sys [2011-07-13 72240] S0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\DRIVERS\NBVolUp.sys [2011-07-13 15920] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1402000.013\SYMDS64.SYS [2012-10-04 493216] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1402000.013\SYMEFA64.SYS [2012-10-04 1133216] S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\BASHDefs\20121130.005\BHDrvx64.sys [2012-11-29 1384608] S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1402000.013\ccSetx64.sys [2012-10-04 168096] S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\IPSDefs\20130103.002\IDSvia64.sys [2012-12-27 513184] S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1402000.013\Ironx64.SYS [2012-09-07 224416] S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\NISx64\1402000.013\SYMNETS.SYS [2012-09-07 432800] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-09-28 239616] S2 AMD FusionUtility Service;AMD FusionUtility Service;c:\program files (x86)\AMD\Fusion Utility for Desktop\FusionUtility2Service.exe [2010-04-14 275832] S2 AMD Reservation Manager;AMD Reservation Manager;c:\program files (x86)\AMD\Reservation Manager\AMD Reservation Manager.exe [2010-04-14 140160] S2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-04-09 57472] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344] S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\20.2.0.19\ccSvcHst.exe [2012-10-11 143928] S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-12-27 138912] S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-10-16 321064] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RunDLLEntry_THXCfg"="c:\windows\system32\THXCfg64.dll" [2009-10-15 17920] "RunDLLEntry_EptMon"="c:\windows\system32\EptMon64.dll" [2009-10-15 21504] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-06-11 12503184] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.yahoo.com/ mLocal Page = c:\windows\SysWOW64\blank.htm Trusted Zone: dell.com TCP: DhcpNameServer = 192.168.1.1 68.237.161.12 FF - ProfilePath - c:\users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\u6nmebcb.default\ FF - prefs.js: browser.startup.homepage - www.yahoo.com FF - ExtSQL: 2012-12-28 13:24; {BBDA0591-3099-440a-AA10-41764D9DB4DB}; c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\IPSFFPlgn FF - ExtSQL: 2012-12-28 13:43; {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}; c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\coFFPlgn FF - ExtSQL: 2012-12-28 13:56; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\u6nmebcb.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi FF - ExtSQL: 2012-12-28 13:56; {73a6fe31-595d-460b-a920-fcc0f8843232}; c:\users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\u6nmebcb.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) SafeBoot-mcmscsvc SafeBoot-MCODS Toolbar-Locked - (no file) AddRemove-{C73A3942-84C8-4597-9F9B-EE227DCBA758} - c:\programdata\{D19C2D22-6043-47E7-B400-83A351841204}\delldock.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS] "ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\20.2.0.19\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\20.2.0.19\diMaster.dll\" /prefetch:1" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe c:\windows\SysWOW64\PnkBstrA.exe c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe . ************************************************************************** . Completion time: 2013-01-04 11:22:20 - machine was rebooted ComboFix-quarantined-files.txt 2013-01-04 16:22 . Pre-Run: 908,068,220,928 bytes free Post-Run: 908,019,568,640 bytes free . - - End Of File - - 5C3C1A8B84180D805FD351EFC226B911
- January 4, 2013
- 27 replies
Am I still infected?

RichAC posted a topic in Resolved Malware Removal Logs

Greetings, Ty in advance for all your help. I'll start off describing my issue. About a week ago i reformatted a couple pcs on my home network. Mine and my parents. My parents pc had become so crippled it became unuseable. BSOD's, computer restarting. Especially worse when they would browse the internet in their webrowser. the pc would sometimes freeze and hitch, which was noticeable when the mouse would freeze on screen trying to click on webpage links. cpu use was always at stuck at 50% nomatter what program was executed or process being used. hdd was thrashing. pc was so slow to respond if you clicked osmething you had to wait I thought their old p4 machine was done and they needed a new one. we use NIS security suite. I scanned with malwarebytes... spybot....nothing came up with anything. Then eventually my machine also started acting strange. I started noticing system nt kernel process using cpu all the time when the pc was idle. sometimes the norton processes would hang at 25% similar to how their pc was mysteriously haning at 50% and i would have to reboot to stop it. I was geting random disconnects in online video games. game crashes. Then one day i noticed mouse freezing on my screen every couple seconds when i was browsing in firefox...the same manner it happened on their pc with IE. it only did that for a couple mintues, and didin't last as long as on their machine. but i freaked out. So i reformatted both pcs. Their machine then started running like it was brand new again with no noticeable issues. turns out we didn't need to buy a new computer like we though.. . but now no more crashes....computer boots up and runs much faster and seems normal again. very responsive and no unusual cpu usage in task manager. They have not mentioned to me any issues, although they usually wait till it gets bad...lol. But on my machine now i'm starting to notice weird activity again. I still notice the nt kernel process using cpu when my pc is idle. I downloaded process explorer and pinpoint it to file called srstp64.sys. I searched and found this is an NIS driver. I went to the norton forums but didn't get much help there. I don't know if they are taking me serious. I'm wondering if norton is corrupted by a virus. I've followed their proceudre for a clean removal and reinstall, even though i'm a fresh install of windows and the same issue keeps happening. But i'm also noticing my memory use steadily climbing from 15% on boot.....to about 40% after being on for a day or so on my machine.. every process seems to increase in memory size over time. maybe this is normal? the two biggest are the explorer.exe process goes from about 30mb to almost 200mb after a day or so. the svchost.exe process also climbs from about 150mb to 250mb. which i always thought was due to superfetch. I use win 7 64 bit. no scans find anything. but is it still possible my networkis still infected with a virus? I ran DDS like instructed. I appreciate your time and help with this matter and value any information you may have to set my mind at ease. Here is the DDS info and attachment. ty again. DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16457 Run by Rick at 1:33:35 on 2013-01-04 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6143.3688 [GMT -5:00] . AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k NetworkService C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\atieclxx.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\AMD\Reservation Manager\AMD Reservation Manager.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\ccSvcHst.exe C:\Windows\SysWOW64\PnkBstrA.exe C:\Program Files (x86)\AMD\Fusion Utility for Desktop\FusionUtility2Service.exe C:\Windows\System32\WUDFHost.exe C:\Windows\system32\taskhost.exe C:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\ccSvcHst.exe C:\Windows\Explorer.EXE C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\rundll32.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files (x86)\ArgusMonitor\ArgusMonitor.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files (x86)\AMD\Fusion Utility for Desktop\FusionUI.exe C:\Windows\system32\Dwm.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\taskhost.exe C:\Windows\System32\svchost.exe -k swprv C:\Windows\system32\taskmgr.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.yahoo.com/ mWinlogon: Userinit = userinit.exe BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\CoIEPlg.dll BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\IPS\IPSBHO.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\CoIEPlg.dll TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\CoIEPlg.dll uRun: [Argus Monitor] "C:\Program Files (x86)\ArgusMonitor\ArgusMonitor.exe" mRun: [shwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 Trusted Zone: dell.com DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab TCP: NameServer = 192.168.1.1 68.237.161.12 TCP: Interfaces\{15F1B488-6526-4D91-A062-5D8CE6283596} : DHCPNameServer = 192.168.1.1 68.237.161.12 Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll SSODL: WebCheck - <orphaned> x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll x64-Run: [RunDLLEntry_THXCfg] C:\Windows\System32\RunDLL32.exe C:\Windows\System32\THXCfg64.dll,RunDLLEntry THXCfg64 x64-Run: [RunDLLEntry_EptMon] C:\Windows\System32\RunDLL32.exe C:\Windows\System32\EptMon64.dll,RunDLLEntry EptMon64 x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab x64-DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-SSODL: WebCheck - <orphaned> . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\u6nmebcb.default\ FF - prefs.js: browser.startup.homepage - www.yahoo.com FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll FF - plugin: C:\Program Files (x86)\McAfee Security Scan\3.0.313\npMcAfeeMSS.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll FF - plugin: C:\Windows\SysWOW64\npmproxy.dll FF - ExtSQL: 2012-12-28 13:24; {BBDA0591-3099-440a-AA10-41764D9DB4DB}; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\IPSFFPlgn FF - ExtSQL: 2012-12-28 13:43; {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\coFFPlgn FF - ExtSQL: 2012-12-28 13:56; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\u6nmebcb.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi FF - ExtSQL: 2012-12-28 13:56; {73a6fe31-595d-460b-a920-fcc0f8843232}; C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\u6nmebcb.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi . ============= SERVICES / DRIVERS =============== . R0 NBVol;Nero Backup Volume Filter Driver;C:\Windows\System32\drivers\NBVol.sys [2012-12-28 72240] R0 NBVolUp;Nero Backup Volume Upper Filter Driver;C:\Windows\System32\drivers\NBVolUp.sys [2012-12-28 15920] R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-11-19 55280] R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1402000.013\SymDS64.sys [2012-12-28 493216] R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1402000.013\SymEFA64.sys [2012-12-28 1133216] R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\BASHDefs\20121130.005\BHDrvx64.sys [2012-11-29 1384608] R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\System32\drivers\NISx64\1402000.013\ccSetx64.sys [2012-12-28 168096] R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\IPSDefs\20130103.002\IDSviA64.sys [2013-1-3 513184] R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1402000.013\Ironx64.sys [2012-12-28 224416] R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NISx64\1402000.013\symnets.sys [2012-12-28 432800] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-9-27 239616] R2 AMD FusionUtility Service;AMD FusionUtility Service;C:\Program Files (x86)\AMD\Fusion Utility for Desktop\FusionUtility2Service.exe [2010-4-14 275832] R2 AMD Reservation Manager;AMD Reservation Manager;C:\Program Files (x86)\AMD\Reservation Manager\AMD Reservation Manager.exe [2010-4-14 140160] R2 AODDriver4.2;AODDriver4.2;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-4-9 57472] R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-1-4 398184] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-1-4 682344] R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\ccSvcHst.exe [2012-12-28 143928] R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2013-1-2 46136] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-12-28 138912] R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2010-11-19 321064] R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-1-4 24176] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 SessionLauncher;SessionLauncher;c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe --> c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [?] S3 ahcix64s;ahcix64s;C:\Windows\System32\drivers\ahcix64s.sys [2010-11-19 226616] S3 AmdLLD64;AMD Low Level Device Driver;C:\Windows\System32\drivers\AmdLLD64.sys [2010-11-19 47672] S3 RoxMediaDB10;RoxMediaDB10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCom\RoxMediaDB10.exe [2009-6-26 1124848] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-12-28 59392] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-12-28 1255736] S4 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-9-28 361984] . =============== Created Last 30 ================ . 2013-01-04 05:50:18 -------- d-----w- C:\Users\Rick\AppData\Roaming\Malwarebytes 2013-01-04 05:50:10 -------- d-----w- C:\ProgramData\Malwarebytes 2013-01-04 05:50:09 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys 2013-01-04 05:50:09 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-01-04 05:50:01 -------- d-----w- C:\Users\Rick\AppData\Local\Programs 2013-01-03 06:12:03 -------- d-----w- C:\Users\Rick\AppData\Local\NPE 2013-01-03 02:30:05 -------- d-----w- C:\Users\Rick\AppData\Local\Diagnostics 2013-01-03 00:45:21 46136 ----a-w- C:\Windows\System32\drivers\amdiox64.sys 2013-01-02 23:39:18 -------- d-----w- C:\Users\Rick\AppData\Local\Downloaded Installations 2013-01-02 23:39:16 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services 2013-01-02 23:39:15 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition 2012-12-31 19:25:13 -------- d-----w- C:\Users\Rick\AppData\Local\ElevatedDiagnostics 2012-12-31 07:00:53 -------- d-----w- C:\Users\Rick\AppData\Local\CrashDumps 2012-12-31 04:13:07 -------- d-----w- C:\Users\Rick\AppData\Local\ESN Sonar 2012-12-30 14:56:17 -------- d-----w- C:\Users\Rick\AppData\Local\Adobe 2012-12-30 06:10:28 -------- d-----w- C:\Users\Rick\AppData\Local\Advanced_Micro_Devices 2012-12-30 05:09:00 -------- d-----w- C:\Program Files\PeerBlock 2012-12-30 03:24:06 -------- d-----w- C:\Program Files\CCleaner 2012-12-29 20:40:23 90112 ------w- C:\Windows\Updreg.EXE 2012-12-29 20:40:22 89088 ----a-w- C:\Windows\System32\CmdRtr64.DLL 2012-12-29 20:40:22 73728 ----a-w- C:\Windows\SysWow64\CmdRtr.DLL 2012-12-29 20:40:22 230912 ----a-w- C:\Windows\System32\APOMgr64.DLL 2012-12-29 20:40:22 177664 ----a-w- C:\Windows\SysWow64\APOMngr.DLL 2012-12-29 20:40:12 -------- d-----w- C:\Program Files (x86)\Creative 2012-12-29 20:39:51 729088 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iKernel.dll 2012-12-29 20:39:51 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\ctor.dll 2012-12-29 20:39:51 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\DotNetInstaller.exe 2012-12-29 20:39:51 266240 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iscript.dll 2012-12-29 20:39:51 192512 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iuser.dll 2012-12-29 20:39:46 311428 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\setup.dll 2012-12-29 20:39:46 188548 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iGdi.dll 2012-12-29 05:58:53 -------- d-----w- C:\Users\Rick\AppData\Local\Macromedia 2012-12-29 05:48:09 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-12-29 05:48:09 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-12-29 03:32:20 1706640 ----a-w- C:\Windows\RtlExUpd.dll 2012-12-29 03:32:20 -------- d--h--w- C:\Program Files (x86)\Temp 2012-12-29 03:32:19 757760 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll 2012-12-29 03:32:19 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll 2012-12-29 03:32:19 65024 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ISBEW64.exe 2012-12-29 03:32:19 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe 2012-12-29 03:32:19 274432 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll 2012-12-29 03:32:19 204800 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll 2012-12-29 03:32:18 331908 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll 2012-12-29 03:32:18 200836 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll 2012-12-29 03:29:37 -------- d-----w- C:\Users\Rick\AppData\Local\Apps 2012-12-29 03:29:36 -------- d-----w- C:\Users\Rick\AppData\Local\Deployment 2012-12-28 22:47:56 281520 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr 2012-12-28 22:47:52 -------- d-----w- C:\Users\Rick\AppData\Local\PunkBuster 2012-12-28 22:16:56 -------- d-----w- C:\Users\Rick\AppData\Local\ArgusMonitor 2012-12-28 22:16:45 -------- d-----w- C:\Program Files (x86)\ArgusMonitor 2012-12-28 20:38:58 -------- d-----w- C:\Users\Rick\AppData\Local\ESN 2012-12-28 20:38:56 -------- d-----w- C:\Program Files (x86)\Battlelog Web Plugins 2012-12-28 20:32:23 -------- d-----w- C:\ProgramData\EA Core 2012-12-28 20:32:22 -------- d-----w- C:\ProgramData\EA Logs 2012-12-28 19:59:35 -------- d--h--w- C:\Program Files (x86)\Common Files\EAInstaller 2012-12-28 19:49:03 -------- d-----w- C:\Users\Rick\AppData\Roaming\Origin 2012-12-28 19:48:25 -------- d-----w- C:\Users\Rick\AppData\Local\Origin 2012-12-28 19:47:58 -------- d-----w- C:\ProgramData\Origin 2012-12-28 19:47:58 -------- d-----w- C:\ProgramData\Electronic Arts 2012-12-28 19:47:58 -------- d-----w- C:\Program Files (x86)\Origin Games 2012-12-28 19:47:50 -------- d-----w- C:\Program Files (x86)\Origin 2012-12-28 19:01:28 15920 ----a-w- C:\Windows\System32\drivers\NBVolUp.sys 2012-12-28 19:01:23 72240 ----a-w- C:\Windows\System32\drivers\NBVol.sys 2012-12-28 19:01:12 -------- d-----w- C:\Program Files (x86)\Nero 2012-12-28 18:49:57 -------- d-----w- C:\Program Files (x86)\uTorrent 2012-12-28 18:48:56 -------- d-----w- C:\Users\Rick\AppData\Roaming\uTorrent 2012-12-28 18:41:40 902656 ----a-w- C:\Windows\System32\d2d1.dll 2012-12-28 18:41:40 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll 2012-12-28 18:41:40 1139200 ----a-w- C:\Windows\System32\FntCache.dll 2012-12-28 18:24:54 -------- d-----w- C:\Windows\pss 2012-12-28 18:23:21 43680 ----a-r- C:\Windows\System32\drivers\SymIMV.sys 2012-12-28 18:15:37 -------- d-----w- C:\Program Files (x86)\MSXML 4.0 2012-12-28 18:14:36 -------- d-----w- C:\Users\Rick\AppData\Local\AMD 2012-12-28 18:12:05 -------- d-----w- C:\Program Files (x86)\AMD AVT 2012-12-28 18:12:02 -------- d-----w- C:\Program Files (x86)\AMD APP 2012-12-28 18:11:59 -------- d-----w- C:\Program Files\Common Files\ATI Technologies 2012-12-28 18:11:59 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies 2012-12-28 18:11:18 -------- d-----w- C:\ProgramData\AMD 2012-12-28 18:08:09 -------- d-----w- C:\Program Files\ATI Technologies 2012-12-28 18:08:07 -------- d-----w- C:\Program Files\ATI 2012-12-28 18:07:33 -------- d-----w- C:\AMD 2012-12-28 17:40:58 -------- d-----w- C:\Windows\SysWow64\Wat 2012-12-28 17:40:58 -------- d-----w- C:\Windows\System32\Wat 2012-12-28 17:39:01 -------- d-----w- C:\Windows\System32\SPReview 2012-12-28 17:38:49 -------- d-----w- C:\Windows\System32\EventProviders 2012-12-28 17:37:04 48976 ----a-w- C:\Windows\System32\netfxperf.dll 2012-12-28 17:37:04 1942856 ----a-w- C:\Windows\System32\dfshim.dll 2012-12-28 17:35:59 978944 ----a-w- C:\Windows\System32\WMSPDMOD.DLL 2012-12-28 17:24:55 96768 ----a-w- C:\Windows\System32\fsutil.exe 2012-12-28 16:54:32 9728 ----a-w- C:\Windows\System32\Wdfres.dll 2012-12-28 16:54:32 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys 2012-12-28 16:54:32 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys 2012-12-28 16:54:32 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui 2012-12-28 16:41:29 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll 2012-12-28 16:41:29 46080 ----a-w- C:\Windows\System32\atmlib.dll 2012-12-28 16:41:29 367616 ----a-w- C:\Windows\System32\atmfd.dll 2012-12-28 16:41:29 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll 2012-12-28 16:41:29 100864 ----a-w- C:\Windows\System32\fontsub.dll 2012-12-28 16:41:28 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll 2012-12-28 16:41:05 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys 2012-12-28 16:41:05 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll 2012-12-28 16:41:05 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll 2012-12-28 16:41:05 229888 ----a-w- C:\Windows\System32\WUDFHost.exe 2012-12-28 16:41:05 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys 2012-12-28 16:41:05 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll 2012-12-28 16:41:04 744448 ----a-w- C:\Windows\System32\WUDFx.dll 2012-12-28 16:39:29 81408 ----a-w- C:\Windows\System32\imagehlp.dll 2012-12-28 16:39:29 5120 ----a-w- C:\Windows\SysWow64\wmi.dll 2012-12-28 16:39:29 5120 ----a-w- C:\Windows\System32\wmi.dll 2012-12-28 16:39:29 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys 2012-12-28 16:39:29 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll 2012-12-28 16:36:58 1328128 ----a-w- C:\Windows\SysWow64\quartz.dll 2012-12-28 16:35:58 956928 ----a-w- C:\Windows\System32\localspl.dll 2012-12-28 16:25:43 77312 ----a-w- C:\Windows\System32\packager.dll 2012-12-28 16:25:43 67072 ----a-w- C:\Windows\SysWow64\packager.dll 2012-12-28 16:25:31 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared 2012-12-28 16:16:34 477168 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll 2012-12-28 16:10:40 -------- d-----w- C:\ProgramData\Norton 2012-12-28 16:01:48 -------- d-----w- C:\Users\Rick\AppData\Local\PackageAware 2012-12-28 16:00:02 -------- d-----w- C:\ProgramData\PCDr 2012-12-28 10:09:42 -------- d-----w- C:\Windows\SMINST 2012-12-28 09:28:13 -------- d-----w- C:\Users\Rick\AppData\Roaming\Dell 2012-12-28 09:28:08 -------- d-----w- C:\Users\Rick\AppData\Local\Stardock_Corporation 2012-12-28 09:27:58 -------- d-----w- C:\Users\Rick\AppData\Local\DataSafeOnline 2012-12-28 09:27:58 -------- d-----w- C:\Users\Rick\AppData\Local\ATI 2012-12-28 09:27:29 -------- d-sh--w- C:\$RECYCLE.BIN 2012-12-28 09:27:28 -------- d-----w- C:\Users\Rick\AppData\Local\VirtualStore 2012-12-28 09:27:11 -------- d-----w- C:\Users\Rick\AppData\Local\SoftThinks 2012-12-28 09:26:09 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll 2012-12-28 09:26:09 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys 2012-12-28 09:26:09 1031680 ----a-w- C:\Windows\System32\rdpcore.dll . ==================== Find3M ==================== . 2013-01-04 03:56:49 281520 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe 2013-01-04 03:19:08 281520 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0 2012-12-28 22:53:40 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe 2012-12-28 17:49:27 175616 ----a-w- C:\Windows\System32\msclmd.dll 2012-12-28 17:49:27 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll 2012-12-28 16:16:23 473072 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2012-12-28 16:15:29 177312 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS 2012-11-22 03:26:40 3149824 ----a-w- C:\Windows\System32\win32k.sys 2012-11-20 21:01:34 68808 ----a-w- C:\Windows\SysWow64\drivers\ArgusMonitor.sys 2012-11-09 05:45:09 2048 ----a-w- C:\Windows\System32\tzres.dll 2012-11-09 04:42:49 2048 ----a-w- C:\Windows\SysWow64\tzres.dll 2012-11-02 05:59:11 478208 ----a-w- C:\Windows\System32\dpnet.dll 2012-11-02 05:11:31 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll 2012-10-16 08:38:37 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll 2012-10-16 08:38:34 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll 2012-10-16 07:39:52 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll 2012-10-09 18:17:13 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll 2012-10-09 18:17:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll 2012-10-09 17:40:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll 2012-10-09 17:40:31 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll 2012-10-09 01:00:02 776864 ----a-r- C:\Windows\System32\drivers\NISx64\1402000.013\srtsp64.sys . ============= FINISH: 1:33:48.08 =============== attach.zip
- January 4, 2013
- 27 replies

Sign In

RichAC

Posts

Joined

Last visited

Content Type

Events

Profiles

Forums

Everything posted by RichAC

Am I still infected?

Am I still infected?

Am I still infected?

Am I still infected?

Am I still infected?

Am I still infected?

Am I still infected?

Am I still infected?

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information