Jump to content

GiBombs

Members
 View Profile  See their activity

  • Posts

    6

  • Joined

  • Last visited

 Content Type 

Posts posted by GiBombs

    service.exe issue

    in Resolved Malware Removal Logs

    Posted

    Results of screen317's Security Check version 0.99.62

    Windows 7 Service Pack 1 x64 (UAC is enabled)

    Internet Explorer 8 Out of date!

    ``````````````Antivirus/Firewall Check:``````````````

    Windows Firewall Enabled!

    Avira Desktop

    Antivirus up to date!

    `````````Anti-malware/Other Utilities Check:`````````

    Malwarebytes Anti-Malware version 1.75.0.1300

    Java 6 Update 32

    Java version out of Date!

    Adobe Flash Player 11.6.602.180

    Adobe Reader XI

    Google Chrome 26.0.1410.43

    Google Chrome 26.0.1410.64

    ````````Process Check: objlist.exe by Laurent````````

    Malwarebytes Anti-Malware mbamservice.exe

    Malwarebytes Anti-Malware mbamgui.exe

    Avira Antivir avgnt.exe

    Avira Antivir avguard.exe

    Malwarebytes' Anti-Malware mbamscheduler.exe

    `````````````````System Health check`````````````````

    Total Fragmentation on Drive C: 5%

    ````````````````````End of Log``````````````````````

    service.exe issue

    in Resolved Malware Removal Logs

    Posted

    # AdwCleaner v2.200 - Logfile created 04/20/2013 at 21:12:04

    # Updated 02/04/2013 by Xplode

    # Operating system : Windows 7 Professional Service Pack 1 (64 bits)

    # User : Mike - GODBOX

    # Boot Mode : Normal

    # Running from : C:\Users\Mike\Downloads\adwcleaner.exe

    # Option [search]

    ***** [services] *****

    ***** [Files / Folders] *****

    ***** [Registry] *****

    Key Found : HKLM\Software\Freeze.com

    ***** [internet Browsers] *****

    -\\ Internet Explorer v8.0.7601.17514

    [OK] Registry is clean.

    -\\ Google Chrome v26.0.1410.64

    File : C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    File : C:\Users\Katie\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    *************************

    AdwCleaner[R1].txt - [797 octets] - [20/04/2013 21:12:04]

    ########## EOF - C:\AdwCleaner[R1].txt - [856 octets] ##########

    service.exe issue

    in Resolved Malware Removal Logs

    Posted

    ComboFix 13-04-20.02 - Mike 04/20/2013 20:37:22.1.4 - x64

    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8175.5872 [GMT -4:00]

    Running from: c:\users\Mike\Downloads\ComboFix.exe

    AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

    SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    .

    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    C:\install.exe

    c:\users\Mike\AppData\Local\Temp\1.tmp\F_IN_BOX.dll

    .

    .

    ((((((((((((((((((((((((( Files Created from 2013-03-21 to 2013-04-21 )))))))))))))))))))))))))))))))

    .

    .

    2013-04-21 00:42 . 2013-04-21 00:42 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

    2013-04-21 00:06 . 2013-04-17 10:31 9317456 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4D982084-8F35-4FDD-A446-840BB47CDD92}\mpengine.dll

    2013-04-20 17:34 . 2013-04-04 18:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

    2013-04-20 17:34 . 2013-04-20 17:34 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

    2013-04-20 17:34 . 2013-04-20 17:34 -------- d-----w- c:\users\Mike\AppData\Local\Programs

    2013-03-28 23:01 . 2013-03-28 23:01 28600 ----a-w- c:\windows\system32\drivers\avkmgr.sys

    2013-03-28 23:01 . 2013-03-28 23:01 130016 ----a-w- c:\windows\system32\drivers\avipbb.sys

    2013-03-28 23:01 . 2013-03-28 23:01 100712 ----a-w- c:\windows\system32\drivers\avgntflt.sys

    2013-03-24 16:10 . 2013-03-24 16:10 -------- d-----w- c:\users\Mike\AppData\Roaming\HpUpdate

    2013-03-24 16:10 . 2012-10-17 08:31 741480 ------w- c:\windows\system32\HPDiscoPMAD11.dll

    2013-03-23 16:19 . 2013-03-23 16:19 -------- d-----w- c:\programdata\Belkin

    2013-03-23 16:14 . 2013-03-23 16:15 -------- d-----w- c:\programdata\Affinegy

    2013-03-23 16:14 . 2013-03-23 16:14 -------- d-----w- c:\program files (x86)\Belkin

    .

    .

    .

    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2013-03-12 22:51 . 2012-06-14 21:29 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

    2013-03-12 22:51 . 2011-09-21 04:04 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

    2013-03-12 05:10 . 2011-09-23 16:49 282744 ------w- c:\windows\system32\MpSigStub.exe

    .

    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    *Note* empty entries & legit default entries are not shown

    REGEDIT4

    .

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "Steam"="c:\program files (x86)\Steam\steam.exe" [2013-03-29 1631144]

    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]

    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]

    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-07 421736]

    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

    "avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-03-28 345312]

    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]

    "InstaLAN"="c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2011-05-27 2015136]

    "HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]

    .

    c:\users\Katie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

    OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]

    .

    c:\users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

    OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

    "ConsentPromptBehaviorAdmin"= 5 (0x5)

    "ConsentPromptBehaviorUser"= 3 (0x3)

    "EnableUIADesktopToggle"= 0 (0x0)

    "PromptOnSecureDesktop"= 0 (0x0)

    .

    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

    "mixer4"=wdmaud.drv

    .

    R3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtVlan60.sys [2007-12-03 24064]

    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]

    R3 VLAN;Realtek Virtual Miniport Driver for VLAN (NDIS 6.2);c:\windows\system32\DRIVERS\RtVLAN60.sys [2007-12-03 24064]

    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-21 1255736]

    S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-03-28 28600]

    S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2013-03-28 86752]

    S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-07-12 8704]

    S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]

    S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]

    S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys [2009-07-20 27136]

    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-29 382272]

    S3 ALSysIO;ALSysIO;c:\users\Mike\AppData\Local\Temp\ALSysIO64.sys [x]

    S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys [2011-08-17 57088]

    S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys [2011-08-17 80384]

    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 25928]

    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-01 535656]

    .

    .

    --- Other Services/Drivers In Memory ---

    .

    *NewlyCreated* - ALSYSIO

    .

    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

    2013-04-11 23:35 1642448 ----a-w- c:\program files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe

    .

    Contents of the 'Scheduled Tasks' folder

    .

    2013-04-20 c:\windows\Tasks\Adobe Flash Player Updater.job

    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-14 22:51]

    .

    2013-04-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-10 22:49]

    .

    2013-04-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-10 22:49]

    .

    .

    --------- X64 Entries -----------

    .

    .

    ------- Supplementary Scan -------

    .

    uLocal Page = c:\windows\system32\blank.htm

    mLocal Page = c:\windows\SysWOW64\blank.htm

    uInternet Settings,ProxyOverride = *.local

    TCP: DhcpNameServer = 192.168.2.1

    .

    - - - - ORPHANS REMOVED - - - -

    .

    Wow6432Node-HKLM-Run-<NO NAME> - (no file)

    AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe

    .

    .

    .

    --------------------- LOCKED REGISTRY KEYS ---------------------

    .

    [HKEY_USERS\S-1-5-21-2705763669-4163530776-1091406540-1000\Software\SecuROM\License information*]

    "datasecu"=hex:2d,b0,fc,a1,3c,77,9f,32,46,22,93,0e,0c,52,df,eb,29,54,ab,eb,bf,

    69,1f,87,9e,28,c0,8b,4c,82,51,3c,f9,fe,10,ee,0d,3d,62,b8,87,96,fa,fc,a6,0e,\

    "rkeysecu"=hex:31,49,d7,e2,10,45,57,43,89,4a,3c,f3,9d,df,44,c6

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

    @Denied: (A 2) (Everyone)

    @="FlashBroker"

    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

    "Enabled"=dword:00000001

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

    @Denied: (A 2) (Everyone)

    @="IFlashBroker5"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

    @="{00020424-0000-0000-C000-000000000046}"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    "Version"="1.0"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

    @Denied: (A 2) (Everyone)

    @="FlashBroker"

    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

    "Enabled"=dword:00000001

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

    @Denied: (A 2) (Everyone)

    @="Shockwave Flash Object"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"

    "ThreadingModel"="Apartment"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

    @="0"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

    @="ShockwaveFlash.ShockwaveFlash.11"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

    @="1.0"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

    @="ShockwaveFlash.ShockwaveFlash"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

    @Denied: (A 2) (Everyone)

    @="Macromedia Flash Factory Object"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"

    "ThreadingModel"="Apartment"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

    @="FlashFactory.FlashFactory.1"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

    @="1.0"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

    @="FlashFactory.FlashFactory"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

    @Denied: (A 2) (Everyone)

    @="IFlashBroker5"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

    @="{00020424-0000-0000-C000-000000000046}"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    "Version"="1.0"

    .

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

    @Denied: (Full) (Everyone)

    .

    ------------------------ Other Running Processes ------------------------

    .

    c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

    c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe

    c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe

    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

    c:\windows\SysWOW64\PnkBstrA.exe

    c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

    c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

    .

    **************************************************************************

    .

    Completion time: 2013-04-20 20:47:28 - machine was rebooted

    ComboFix-quarantined-files.txt 2013-04-21 00:47

    .

    Pre-Run: 654,415,736,832 bytes free

    Post-Run: 655,801,872,384 bytes free

    .

    - - End Of File - - 76351A15A1D498F0CA801950FF752DC7

    service.exe issue

    in Resolved Malware Removal Logs

    Posted

    ---------------------------------------

    Malwarebytes Anti-Rootkit BETA 1.05.0.1001

    © Malwarebytes Corporation 2011-2012

    OS version: 6.1.7601 Windows 7 Service Pack 1 x64

    Account is Administrative

    Internet Explorer version: 8.0.7601.17514

    Java version: 1.6.0_32

    File system is: NTFS

    Disk drives: C:\ DRIVE_FIXED

    CPU speed: 3.109000 GHz

    Memory total: 8572362752, free: 6927482880

    ------------ Kernel report ------------

    04/20/2013 18:38:57

    ------------ Loaded modules -----------

    \SystemRoot\system32\ntoskrnl.exe

    \SystemRoot\system32\hal.dll

    \SystemRoot\system32\kdcom.dll

    \SystemRoot\system32\mcupdate_GenuineIntel.dll

    \SystemRoot\system32\PSHED.dll

    \SystemRoot\system32\CLFS.SYS

    \SystemRoot\system32\CI.dll

    \SystemRoot\system32\drivers\Wdf01000.sys

    \SystemRoot\system32\drivers\WDFLDR.SYS

    \SystemRoot\system32\drivers\ACPI.sys

    \SystemRoot\system32\drivers\WMILIB.SYS

    \SystemRoot\system32\drivers\msisadrv.sys

    \SystemRoot\system32\drivers\pci.sys

    \SystemRoot\system32\drivers\vdrvroot.sys

    \SystemRoot\System32\drivers\partmgr.sys

    \SystemRoot\system32\drivers\volmgr.sys

    \SystemRoot\System32\drivers\volmgrx.sys

    \SystemRoot\system32\drivers\pciide.sys

    \SystemRoot\system32\drivers\PCIIDEX.SYS

    \SystemRoot\System32\drivers\mountmgr.sys

    \SystemRoot\system32\drivers\vmbus.sys

    \SystemRoot\system32\drivers\winhv.sys

    \SystemRoot\system32\drivers\atapi.sys

    \SystemRoot\system32\drivers\ataport.SYS

    \SystemRoot\system32\drivers\amdxata.sys

    \SystemRoot\system32\drivers\fltmgr.sys

    \SystemRoot\system32\drivers\fileinfo.sys

    \SystemRoot\System32\Drivers\Ntfs.sys

    \SystemRoot\System32\Drivers\msrpc.sys

    \SystemRoot\System32\Drivers\ksecdd.sys

    \SystemRoot\System32\Drivers\cng.sys

    \SystemRoot\System32\drivers\pcw.sys

    \SystemRoot\System32\Drivers\Fs_Rec.sys

    \SystemRoot\system32\drivers\ndis.sys

    \SystemRoot\system32\drivers\NETIO.SYS

    \SystemRoot\System32\Drivers\ksecpkg.sys

    \SystemRoot\System32\drivers\tcpip.sys

    \SystemRoot\System32\drivers\fwpkclnt.sys

    \SystemRoot\system32\drivers\vmstorfl.sys

    \SystemRoot\system32\drivers\volsnap.sys

    \SystemRoot\System32\Drivers\spldr.sys

    \SystemRoot\System32\drivers\rdyboost.sys

    \SystemRoot\System32\Drivers\mup.sys

    \SystemRoot\System32\drivers\hwpolicy.sys

    \SystemRoot\System32\DRIVERS\fvevol.sys

    \SystemRoot\system32\DRIVERS\disk.sys

    \SystemRoot\system32\DRIVERS\CLASSPNP.SYS

    \SystemRoot\system32\DRIVERS\cdrom.sys

    \SystemRoot\System32\Drivers\Null.SYS

    \SystemRoot\System32\Drivers\Beep.SYS

    \SystemRoot\System32\drivers\vga.sys

    \SystemRoot\System32\drivers\VIDEOPRT.SYS

    \SystemRoot\System32\drivers\watchdog.sys

    \SystemRoot\System32\DRIVERS\RDPCDD.sys

    \SystemRoot\system32\drivers\rdpencdd.sys

    \SystemRoot\system32\drivers\rdprefmp.sys

    \SystemRoot\System32\Drivers\Msfs.SYS

    \SystemRoot\System32\Drivers\Npfs.SYS

    \SystemRoot\system32\DRIVERS\tdx.sys

    \SystemRoot\system32\DRIVERS\TDI.SYS

    \SystemRoot\System32\DRIVERS\netbt.sys

    \SystemRoot\system32\drivers\afd.sys

    \SystemRoot\system32\DRIVERS\wfplwf.sys

    \SystemRoot\system32\DRIVERS\pacer.sys

    \SystemRoot\system32\DRIVERS\netbios.sys

    \SystemRoot\system32\DRIVERS\serial.sys

    \SystemRoot\system32\DRIVERS\wanarp.sys

    \SystemRoot\system32\drivers\termdd.sys

    \SystemRoot\system32\DRIVERS\rdbss.sys

    \SystemRoot\system32\drivers\nsiproxy.sys

    \SystemRoot\system32\drivers\mssmbios.sys

    \SystemRoot\System32\drivers\discache.sys

    \SystemRoot\system32\drivers\csc.sys

    \SystemRoot\System32\Drivers\dfsc.sys

    \SystemRoot\system32\DRIVERS\blbdrive.sys

    \SystemRoot\system32\DRIVERS\avkmgr.sys

    \SystemRoot\system32\DRIVERS\avipbb.sys

    \SystemRoot\system32\DRIVERS\tunnel.sys

    \SystemRoot\system32\DRIVERS\intelppm.sys

    \SystemRoot\system32\DRIVERS\nvlddmkm.sys

    \SystemRoot\System32\drivers\dxgkrnl.sys

    \SystemRoot\System32\drivers\dxgmms1.sys

    \SystemRoot\system32\DRIVERS\HDAudBus.sys

    \SystemRoot\system32\DRIVERS\HECIx64.sys

    \SystemRoot\system32\drivers\usbehci.sys

    \SystemRoot\system32\drivers\USBPORT.SYS

    \SystemRoot\System32\Drivers\EtronXHCI.sys

    \SystemRoot\system32\DRIVERS\Rt64win7.sys

    \SystemRoot\system32\DRIVERS\serenum.sys

    \SystemRoot\system32\DRIVERS\parport.sys

    \SystemRoot\system32\drivers\i8042prt.sys

    \SystemRoot\system32\drivers\kbdclass.sys

    \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys

    \SystemRoot\system32\drivers\CompositeBus.sys

    \SystemRoot\system32\DRIVERS\AgileVpn.sys

    \SystemRoot\system32\DRIVERS\rasl2tp.sys

    \SystemRoot\system32\DRIVERS\ndistapi.sys

    \SystemRoot\system32\DRIVERS\ndiswan.sys

    \SystemRoot\system32\DRIVERS\raspppoe.sys

    \SystemRoot\system32\DRIVERS\raspptp.sys

    \SystemRoot\system32\DRIVERS\rassstp.sys

    \SystemRoot\system32\DRIVERS\rdpbus.sys

    \SystemRoot\system32\DRIVERS\mouclass.sys

    \SystemRoot\system32\drivers\swenum.sys

    \SystemRoot\system32\drivers\ks.sys

    \SystemRoot\system32\drivers\umbus.sys

    \SystemRoot\system32\drivers\usbhub.sys

    \SystemRoot\System32\Drivers\EtronHub3.sys

    \SystemRoot\System32\Drivers\USBD.SYS

    \SystemRoot\System32\Drivers\NDProxy.SYS

    \SystemRoot\system32\drivers\nvhda64v.sys

    \SystemRoot\system32\drivers\portcls.sys

    \SystemRoot\system32\drivers\drmk.sys

    \SystemRoot\system32\drivers\ksthunk.sys

    \SystemRoot\system32\drivers\HdAudio.sys

    \SystemRoot\system32\DRIVERS\hidusb.sys

    \SystemRoot\system32\DRIVERS\HIDCLASS.SYS

    \SystemRoot\system32\DRIVERS\HIDPARSE.SYS

    \SystemRoot\system32\DRIVERS\mouhid.sys

    \SystemRoot\System32\win32k.sys

    \SystemRoot\System32\drivers\Dxapi.sys

    \SystemRoot\System32\Drivers\crashdmp.sys

    \SystemRoot\System32\Drivers\dump_dumpata.sys

    \SystemRoot\System32\Drivers\dump_atapi.sys

    \SystemRoot\System32\Drivers\dump_dumpfve.sys

    \SystemRoot\system32\DRIVERS\monitor.sys

    \SystemRoot\System32\TSDDD.dll

    \SystemRoot\System32\cdd.dll

    \SystemRoot\system32\drivers\luafv.sys

    \SystemRoot\system32\DRIVERS\avgntflt.sys

    \??\C:\Windows\system32\drivers\mbam.sys

    \SystemRoot\system32\drivers\WudfPf.sys

    \SystemRoot\system32\DRIVERS\lltdio.sys

    \SystemRoot\system32\DRIVERS\nwifi.sys

    \SystemRoot\system32\DRIVERS\ndisuio.sys

    \SystemRoot\system32\DRIVERS\rspndr.sys

    \SystemRoot\system32\DRIVERS\RtNdPt60.sys

    \SystemRoot\system32\drivers\HTTP.sys

    \SystemRoot\system32\DRIVERS\bowser.sys

    \SystemRoot\system32\DRIVERS\mrxsmb.sys

    \SystemRoot\system32\DRIVERS\mrxsmb10.sys

    \SystemRoot\system32\DRIVERS\mrxsmb20.sys

    \SystemRoot\system32\drivers\peauth.sys

    \SystemRoot\System32\Drivers\secdrv.SYS

    \SystemRoot\System32\DRIVERS\srvnet.sys

    \SystemRoot\System32\drivers\tcpipreg.sys

    \SystemRoot\System32\DRIVERS\srv2.sys

    \SystemRoot\System32\DRIVERS\srv.sys

    \??\C:\Users\Mike\AppData\Local\Temp\ALSysIO64.sys

    \SystemRoot\system32\DRIVERS\asyncmac.sys

    \SystemRoot\System32\Drivers\fastfat.SYS

    \SystemRoot\system32\DRIVERS\cdfs.sys

    \??\C:\Windows\system32\drivers\mbamchameleon.sys

    \??\C:\Windows\system32\drivers\mbamswissarmy.sys

    \Windows\System32\ntdll.dll

    \Windows\System32\smss.exe

    \Windows\System32\apisetschema.dll

    \Windows\System32\autochk.exe

    \Windows\System32\wininet.dll

    \Windows\System32\clbcatq.dll

    \Windows\System32\advapi32.dll

    \Windows\System32\msctf.dll

    \Windows\System32\shlwapi.dll

    \Windows\System32\oleaut32.dll

    \Windows\System32\psapi.dll

    \Windows\System32\sechost.dll

    \Windows\System32\nsi.dll

    \Windows\System32\difxapi.dll

    \Windows\System32\imm32.dll

    \Windows\System32\gdi32.dll

    \Windows\System32\lpk.dll

    \Windows\System32\iertutil.dll

    \Windows\System32\rpcrt4.dll

    \Windows\System32\Wldap32.dll

    \Windows\System32\msvcrt.dll

    \Windows\System32\comdlg32.dll

    \Windows\System32\ws2_32.dll

    \Windows\System32\imagehlp.dll

    \Windows\System32\usp10.dll

    \Windows\System32\user32.dll

    \Windows\System32\normaliz.dll

    \Windows\System32\urlmon.dll

    \Windows\System32\kernel32.dll

    \Windows\System32\shell32.dll

    \Windows\System32\setupapi.dll

    \Windows\System32\ole32.dll

    \Windows\System32\KernelBase.dll

    \Windows\System32\wintrust.dll

    \Windows\System32\cfgmgr32.dll

    \Windows\System32\crypt32.dll

    \Windows\System32\comctl32.dll

    \Windows\System32\devobj.dll

    \Windows\System32\msasn1.dll

    \Windows\SysWOW64\normaliz.dll

    ----------- End -----------

    <<<1>>>

    Upper Device Name: \Device\Harddisk0\DR0

    Upper Device Object: 0xfffffa80077af060

    Upper Device Driver Name: \Driver\Disk\

    Lower Device Name: \Device\Ide\IdeDeviceP1T0L0-1\

    Lower Device Object: 0xfffffa80074fc680

    Lower Device Driver Name: \Driver\atapi\

    Driver name found: atapi

    Initialization returned 0x0

    Port sub-driver loaded: \??\C:\Windows\System32\drivers\ataport.sys (0x0)

    Load Function returned 0x0

    Downloaded database version: v2013.04.20.10

    Downloaded database version: v2013.04.17.03

    Initializing...

    Done!

    <<<2>>>

    Device number: 0, partition: 2

    Physical Sector Size: 512

    Drive: 0, DevicePointer: 0xfffffa80077af060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

    --------- Disk Stack ------

    DevicePointer: 0xfffffa80077afb90, DeviceName: Unknown, DriverName: \Driver\partmgr\

    DevicePointer: 0xfffffa80077af060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

    DevicePointer: 0xfffffa8007500520, DeviceName: Unknown, DriverName: \Driver\ACPI\

    DevicePointer: 0xfffffa80074fc680, DeviceName: \Device\Ide\IdeDeviceP1T0L0-1\, DriverName: \Driver\atapi\

    ------------ End ----------

    Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

    Upper DeviceData: 0xfffff8a008253f10, 0xfffffa80077af060, 0xfffffa8009d91090

    Lower DeviceData: 0xfffff8a00a0cba40, 0xfffffa80074fc680, 0xfffffa8006904ab0

    <<<3>>>

    Volume: C:

    File system type: NTFS

    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

    Scanning directory: C:\Windows\system32\drivers...

    <<<2>>>

    Device number: 0, partition: 2

    <<<3>>>

    Volume: C:

    File system type: NTFS

    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

    Done!

    Drive 0

    Scanning MBR on drive 0...

    Inspecting partition table:

    MBR Signature: 55AA

    Disk Signature: F5A8035D

    Partition information:

    Partition 0 type is Primary (0x7)

    Partition is ACTIVE.

    Partition starts at LBA: 2048 Numsec = 204800

    Partition file system is NTFS

    Partition is bootable

    Partition 1 type is Primary (0x7)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 206848 Numsec = 1953314816

    Partition 2 type is Empty (0x0)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 0 Numsec = 0

    Partition 3 type is Empty (0x0)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 1000204886016 bytes

    Sector size: 512 bytes

    Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1953505168-1953525168)...

    Done!

    Performing system, memory and registry scan...

    Infected: c:\Windows\System32\services.exe --> [Rootkit.0Access.S]

    Backup file found for a file c:\Windows\System32\services.exe

    Infected: c:\Windows\assembly\GAC_32\Desktop.ini --> [Trojan.0access]

    Infected: c:\Windows\assembly\GAC_64\Desktop.ini --> [Rootkit.0access]

    Infected: c:\Users\Mike\Desktop\RK_Quarantine\00000008.@.vir --> [Trojan.Dropper.BCMiner]

    Infected: c:\Users\Mike\Desktop\RK_Quarantine\000000cb.@.vir --> [Rootkit.0Access]

    Infected: c:\Users\Mike\Desktop\RK_Quarantine\80000032.@.vir --> [Trojan.Zaccess]

    Infected: c:\Users\Mike\Desktop\RK_Quarantine\80000064.@.vir --> [Trojan.Zaccess.64]

    Infected: c:\Windows\Installer\{275fca38-8b77-c8b3-6acd-09cf1d7118c2}\U --> [backdoor.0Access]

    Done!

    Scan finished

    Creating System Restore point...

    Scheduling clean up...

    <<<2>>>

    Device number: 0, partition: 2

    <<<3>>>

    Volume: C:

    File system type: NTFS

    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

    Executing an action fixdamage.exe...

    Success!

    Removal scheduling successful. System shutdown needed.

    System shutdown occurred

    =======================================

    ---------------------------------------

    Malwarebytes Anti-Rootkit BETA 1.05.0.1001

    © Malwarebytes Corporation 2011-2012

    OS version: 6.1.7601 Windows 7 Service Pack 1 x64

    Account is Administrative

    Internet Explorer version: 8.0.7601.17514

    Java version: 1.6.0_32

    File system is: NTFS

    Disk drives: C:\ DRIVE_FIXED

    CPU speed: 3.109000 GHz

    Memory total: 8572362752, free: 7041167360

    Removal queue found; removal started

    Removing c:\Windows\assembly\GAC_32\Desktop.ini...

    Removing c:\Windows\assembly\GAC_64\Desktop.ini...

    Removing c:\Users\Mike\Desktop\RK_Quarantine\00000008.@.vir...

    Removing c:\Users\Mike\Desktop\RK_Quarantine\000000cb.@.vir...

    Removing c:\Users\Mike\Desktop\RK_Quarantine\80000032.@.vir...

    Removing c:\Users\Mike\Desktop\RK_Quarantine\80000064.@.vir...

    Removing c:\Windows\Installer\{275fca38-8b77-c8b3-6acd-09cf1d7118c2}\U...

    Removal finished

    =======================================

    ---------------------------------------

    Malwarebytes Anti-Rootkit BETA 1.05.0.1001

    © Malwarebytes Corporation 2011-2012

    OS version: 6.1.7601 Windows 7 Service Pack 1 x64

    Account is Administrative

    Internet Explorer version: 8.0.7601.17514

    Java version: 1.6.0_32

    File system is: NTFS

    Disk drives: C:\ DRIVE_FIXED

    CPU speed: 3.109000 GHz

    Memory total: 8572362752, free: 6835417088

    ------------ Kernel report ------------

    04/20/2013 19:53:26

    ------------ Loaded modules -----------

    \SystemRoot\system32\ntoskrnl.exe

    \SystemRoot\system32\hal.dll

    \SystemRoot\system32\kdcom.dll

    \SystemRoot\system32\mcupdate_GenuineIntel.dll

    \SystemRoot\system32\PSHED.dll

    \SystemRoot\system32\CLFS.SYS

    \SystemRoot\system32\CI.dll

    \SystemRoot\system32\drivers\Wdf01000.sys

    \SystemRoot\system32\drivers\WDFLDR.SYS

    \SystemRoot\system32\drivers\ACPI.sys

    \SystemRoot\system32\drivers\WMILIB.SYS

    \SystemRoot\system32\drivers\msisadrv.sys

    \SystemRoot\system32\drivers\pci.sys

    \SystemRoot\system32\drivers\vdrvroot.sys

    \SystemRoot\System32\drivers\partmgr.sys

    \SystemRoot\system32\drivers\volmgr.sys

    \SystemRoot\System32\drivers\volmgrx.sys

    \SystemRoot\system32\drivers\pciide.sys

    \SystemRoot\system32\drivers\PCIIDEX.SYS

    \SystemRoot\System32\drivers\mountmgr.sys

    \SystemRoot\system32\drivers\vmbus.sys

    \SystemRoot\system32\drivers\winhv.sys

    \SystemRoot\system32\drivers\atapi.sys

    \SystemRoot\system32\drivers\ataport.SYS

    \SystemRoot\system32\drivers\amdxata.sys

    \SystemRoot\system32\drivers\fltmgr.sys

    \SystemRoot\system32\drivers\fileinfo.sys

    \SystemRoot\System32\Drivers\Ntfs.sys

    \SystemRoot\System32\Drivers\msrpc.sys

    \SystemRoot\System32\Drivers\ksecdd.sys

    \SystemRoot\System32\Drivers\cng.sys

    \SystemRoot\System32\drivers\pcw.sys

    \SystemRoot\System32\Drivers\Fs_Rec.sys

    \SystemRoot\system32\drivers\ndis.sys

    \SystemRoot\system32\drivers\NETIO.SYS

    \SystemRoot\System32\Drivers\ksecpkg.sys

    \SystemRoot\System32\drivers\tcpip.sys

    \SystemRoot\System32\drivers\fwpkclnt.sys

    \SystemRoot\system32\drivers\vmstorfl.sys

    \SystemRoot\system32\drivers\volsnap.sys

    \SystemRoot\System32\Drivers\spldr.sys

    \SystemRoot\System32\drivers\rdyboost.sys

    \SystemRoot\System32\Drivers\mup.sys

    \SystemRoot\System32\drivers\hwpolicy.sys

    \SystemRoot\System32\DRIVERS\fvevol.sys

    \SystemRoot\system32\DRIVERS\disk.sys

    \SystemRoot\system32\DRIVERS\CLASSPNP.SYS

    \SystemRoot\system32\DRIVERS\cdrom.sys

    \SystemRoot\System32\Drivers\Null.SYS

    \SystemRoot\System32\Drivers\Beep.SYS

    \SystemRoot\System32\drivers\vga.sys

    \SystemRoot\System32\drivers\VIDEOPRT.SYS

    \SystemRoot\System32\drivers\watchdog.sys

    \SystemRoot\System32\DRIVERS\RDPCDD.sys

    \SystemRoot\system32\drivers\rdpencdd.sys

    \SystemRoot\system32\drivers\rdprefmp.sys

    \SystemRoot\System32\Drivers\Msfs.SYS

    \SystemRoot\System32\Drivers\Npfs.SYS

    \SystemRoot\system32\DRIVERS\tdx.sys

    \SystemRoot\system32\DRIVERS\TDI.SYS

    \SystemRoot\System32\DRIVERS\netbt.sys

    \SystemRoot\system32\drivers\afd.sys

    \SystemRoot\system32\DRIVERS\wfplwf.sys

    \SystemRoot\system32\DRIVERS\pacer.sys

    \SystemRoot\system32\DRIVERS\netbios.sys

    \SystemRoot\system32\DRIVERS\serial.sys

    \SystemRoot\system32\DRIVERS\wanarp.sys

    \SystemRoot\system32\drivers\termdd.sys

    \SystemRoot\system32\DRIVERS\rdbss.sys

    \SystemRoot\system32\drivers\nsiproxy.sys

    \SystemRoot\system32\drivers\mssmbios.sys

    \SystemRoot\System32\drivers\discache.sys

    \SystemRoot\system32\drivers\csc.sys

    \SystemRoot\System32\Drivers\dfsc.sys

    \SystemRoot\system32\DRIVERS\blbdrive.sys

    \SystemRoot\system32\DRIVERS\avkmgr.sys

    \SystemRoot\system32\DRIVERS\avipbb.sys

    \SystemRoot\system32\DRIVERS\tunnel.sys

    \SystemRoot\system32\DRIVERS\intelppm.sys

    \SystemRoot\system32\DRIVERS\nvlddmkm.sys

    \SystemRoot\System32\drivers\dxgkrnl.sys

    \SystemRoot\System32\drivers\dxgmms1.sys

    \SystemRoot\system32\DRIVERS\HDAudBus.sys

    \SystemRoot\system32\DRIVERS\HECIx64.sys

    \SystemRoot\system32\drivers\usbehci.sys

    \SystemRoot\system32\drivers\USBPORT.SYS

    \SystemRoot\System32\Drivers\EtronXHCI.sys

    \SystemRoot\system32\DRIVERS\Rt64win7.sys

    \SystemRoot\system32\DRIVERS\serenum.sys

    \SystemRoot\system32\DRIVERS\parport.sys

    \SystemRoot\system32\drivers\i8042prt.sys

    \SystemRoot\system32\drivers\kbdclass.sys

    \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys

    \SystemRoot\system32\drivers\CompositeBus.sys

    \SystemRoot\system32\DRIVERS\AgileVpn.sys

    \SystemRoot\system32\DRIVERS\rasl2tp.sys

    \SystemRoot\system32\DRIVERS\ndistapi.sys

    \SystemRoot\system32\DRIVERS\ndiswan.sys

    \SystemRoot\system32\DRIVERS\raspppoe.sys

    \SystemRoot\system32\DRIVERS\raspptp.sys

    \SystemRoot\system32\DRIVERS\rassstp.sys

    \SystemRoot\system32\DRIVERS\rdpbus.sys

    \SystemRoot\system32\DRIVERS\mouclass.sys

    \SystemRoot\system32\drivers\swenum.sys

    \SystemRoot\system32\drivers\ks.sys

    \SystemRoot\system32\drivers\umbus.sys

    \SystemRoot\system32\drivers\usbhub.sys

    \SystemRoot\System32\Drivers\EtronHub3.sys

    \SystemRoot\System32\Drivers\USBD.SYS

    \SystemRoot\System32\Drivers\NDProxy.SYS

    \SystemRoot\system32\drivers\nvhda64v.sys

    \SystemRoot\system32\drivers\portcls.sys

    \SystemRoot\system32\drivers\drmk.sys

    \SystemRoot\system32\drivers\ksthunk.sys

    \SystemRoot\system32\drivers\HdAudio.sys

    \SystemRoot\system32\DRIVERS\hidusb.sys

    \SystemRoot\system32\DRIVERS\HIDCLASS.SYS

    \SystemRoot\system32\DRIVERS\HIDPARSE.SYS

    \SystemRoot\system32\DRIVERS\mouhid.sys

    \SystemRoot\System32\win32k.sys

    \SystemRoot\System32\drivers\Dxapi.sys

    \SystemRoot\System32\Drivers\crashdmp.sys

    \SystemRoot\System32\Drivers\dump_dumpata.sys

    \SystemRoot\System32\Drivers\dump_atapi.sys

    \SystemRoot\System32\Drivers\dump_dumpfve.sys

    \SystemRoot\system32\DRIVERS\monitor.sys

    \SystemRoot\System32\TSDDD.dll

    \SystemRoot\System32\cdd.dll

    \SystemRoot\system32\drivers\luafv.sys

    \SystemRoot\system32\DRIVERS\avgntflt.sys

    \??\C:\Windows\system32\drivers\mbam.sys

    \SystemRoot\system32\drivers\WudfPf.sys

    \SystemRoot\system32\DRIVERS\lltdio.sys

    \SystemRoot\system32\DRIVERS\nwifi.sys

    \SystemRoot\system32\DRIVERS\ndisuio.sys

    \SystemRoot\system32\DRIVERS\rspndr.sys

    \SystemRoot\system32\DRIVERS\RtNdPt60.sys

    \SystemRoot\system32\drivers\HTTP.sys

    \SystemRoot\system32\DRIVERS\bowser.sys

    \SystemRoot\System32\drivers\mpsdrv.sys

    \SystemRoot\system32\DRIVERS\mrxsmb.sys

    \SystemRoot\system32\DRIVERS\mrxsmb10.sys

    \SystemRoot\system32\DRIVERS\mrxsmb20.sys

    \SystemRoot\system32\drivers\peauth.sys

    \SystemRoot\System32\Drivers\secdrv.SYS

    \SystemRoot\System32\DRIVERS\srvnet.sys

    \SystemRoot\System32\drivers\tcpipreg.sys

    \SystemRoot\System32\DRIVERS\srv2.sys

    \SystemRoot\System32\DRIVERS\srv.sys

    \??\C:\Users\Mike\AppData\Local\Temp\ALSysIO64.sys

    \??\C:\Windows\system32\drivers\mbamchameleon.sys

    \??\C:\Windows\system32\drivers\mbamswissarmy.sys

    \Windows\System32\ntdll.dll

    \Windows\System32\smss.exe

    \Windows\System32\apisetschema.dll

    \Windows\System32\autochk.exe

    \Windows\System32\gdi32.dll

    \Windows\System32\comdlg32.dll

    \Windows\System32\lpk.dll

    \Windows\System32\imagehlp.dll

    \Windows\System32\oleaut32.dll

    \Windows\System32\normaliz.dll

    \Windows\System32\setupapi.dll

    \Windows\System32\rpcrt4.dll

    \Windows\System32\imm32.dll

    \Windows\System32\sechost.dll

    \Windows\System32\ws2_32.dll

    \Windows\System32\psapi.dll

    \Windows\System32\clbcatq.dll

    \Windows\System32\ole32.dll

    \Windows\System32\Wldap32.dll

    \Windows\System32\shlwapi.dll

    \Windows\System32\shell32.dll

    \Windows\System32\msvcrt.dll

    \Windows\System32\advapi32.dll

    \Windows\System32\urlmon.dll

    \Windows\System32\nsi.dll

    \Windows\System32\iertutil.dll

    \Windows\System32\kernel32.dll

    \Windows\System32\msctf.dll

    \Windows\System32\wininet.dll

    \Windows\System32\difxapi.dll

    \Windows\System32\user32.dll

    \Windows\System32\usp10.dll

    \Windows\System32\cfgmgr32.dll

    \Windows\System32\crypt32.dll

    \Windows\System32\wintrust.dll

    \Windows\System32\KernelBase.dll

    \Windows\System32\devobj.dll

    \Windows\System32\comctl32.dll

    \Windows\System32\msasn1.dll

    \Windows\SysWOW64\normaliz.dll

    ----------- End -----------

    <<<1>>>

    Upper Device Name: \Device\Harddisk0\DR0

    Upper Device Object: 0xfffffa80077b3060

    Upper Device Driver Name: \Driver\Disk\

    Lower Device Name: \Device\Ide\IdeDeviceP1T0L0-1\

    Lower Device Object: 0xfffffa8007168060

    Lower Device Driver Name: \Driver\atapi\

    Driver name found: atapi

    Initialization returned 0x0

    Port sub-driver loaded: \??\C:\Windows\System32\drivers\ataport.sys (0x0)

    Load Function returned 0x0

    Initializing...

    Done!

    <<<2>>>

    Device number: 0, partition: 2

    Physical Sector Size: 512

    Drive: 0, DevicePointer: 0xfffffa80077b3060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

    --------- Disk Stack ------

    DevicePointer: 0xfffffa80077b3b90, DeviceName: Unknown, DriverName: \Driver\partmgr\

    DevicePointer: 0xfffffa80077b3060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

    DevicePointer: 0xfffffa8007166580, DeviceName: Unknown, DriverName: \Driver\ACPI\

    DevicePointer: 0xfffffa8007168060, DeviceName: \Device\Ide\IdeDeviceP1T0L0-1\, DriverName: \Driver\atapi\

    ------------ End ----------

    Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

    Upper DeviceData: 0xfffff8a0029ea050, 0xfffffa80077b3060, 0xfffffa8009efb790

    Lower DeviceData: 0xfffff8a0081bfa20, 0xfffffa8007168060, 0xfffffa80085a4d60

    <<<3>>>

    Volume: C:

    File system type: NTFS

    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

    Scanning directory: C:\Windows\system32\drivers...

    <<<2>>>

    Device number: 0, partition: 2

    <<<3>>>

    Volume: C:

    File system type: NTFS

    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

    Done!

    Drive 0

    Scanning MBR on drive 0...

    Inspecting partition table:

    MBR Signature: 55AA

    Disk Signature: F5A8035D

    Partition information:

    Partition 0 type is Primary (0x7)

    Partition is ACTIVE.

    Partition starts at LBA: 2048 Numsec = 204800

    Partition file system is NTFS

    Partition is bootable

    Partition 1 type is Primary (0x7)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 206848 Numsec = 1953314816

    Partition 2 type is Empty (0x0)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 0 Numsec = 0

    Partition 3 type is Empty (0x0)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 1000204886016 bytes

    Sector size: 512 bytes

    Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1953505168-1953525168)...

    Done!

    Performing system, memory and registry scan...

    Done!

    Scan finished

    =======================================

    ---------------------------------------

    Malwarebytes Anti-Rootkit BETA 1.05.0.1001

    © Malwarebytes Corporation 2011-2012

    OS version: 6.1.7601 Windows 7 Service Pack 1 x64

    Account is Administrative

    Internet Explorer version: 8.0.7601.17514

    Java version: 1.6.0_32

    File system is: NTFS

    Disk drives: C:\ DRIVE_FIXED

    CPU speed: 3.109000 GHz

    Memory total: 8572362752, free: 6308122624

    ------------ Kernel report ------------

    04/20/2013 20:13:14

    ------------ Loaded modules -----------

    \SystemRoot\system32\ntoskrnl.exe

    \SystemRoot\system32\hal.dll

    \SystemRoot\system32\kdcom.dll

    \SystemRoot\system32\mcupdate_GenuineIntel.dll

    \SystemRoot\system32\PSHED.dll

    \SystemRoot\system32\CLFS.SYS

    \SystemRoot\system32\CI.dll

    \SystemRoot\system32\drivers\Wdf01000.sys

    \SystemRoot\system32\drivers\WDFLDR.SYS

    \SystemRoot\system32\drivers\ACPI.sys

    \SystemRoot\system32\drivers\WMILIB.SYS

    \SystemRoot\system32\drivers\msisadrv.sys

    \SystemRoot\system32\drivers\pci.sys

    \SystemRoot\system32\drivers\vdrvroot.sys

    \SystemRoot\System32\drivers\partmgr.sys

    \SystemRoot\system32\drivers\volmgr.sys

    \SystemRoot\System32\drivers\volmgrx.sys

    \SystemRoot\system32\drivers\pciide.sys

    \SystemRoot\system32\drivers\PCIIDEX.SYS

    \SystemRoot\System32\drivers\mountmgr.sys

    \SystemRoot\system32\drivers\vmbus.sys

    \SystemRoot\system32\drivers\winhv.sys

    \SystemRoot\system32\drivers\atapi.sys

    \SystemRoot\system32\drivers\ataport.SYS

    \SystemRoot\system32\drivers\amdxata.sys

    \SystemRoot\system32\drivers\fltmgr.sys

    \SystemRoot\system32\drivers\fileinfo.sys

    \SystemRoot\System32\Drivers\Ntfs.sys

    \SystemRoot\System32\Drivers\msrpc.sys

    \SystemRoot\System32\Drivers\ksecdd.sys

    \SystemRoot\System32\Drivers\cng.sys

    \SystemRoot\System32\drivers\pcw.sys

    \SystemRoot\System32\Drivers\Fs_Rec.sys

    \SystemRoot\system32\drivers\ndis.sys

    \SystemRoot\system32\drivers\NETIO.SYS

    \SystemRoot\System32\Drivers\ksecpkg.sys

    \SystemRoot\System32\drivers\tcpip.sys

    \SystemRoot\System32\drivers\fwpkclnt.sys

    \SystemRoot\system32\drivers\vmstorfl.sys

    \SystemRoot\system32\drivers\volsnap.sys

    \SystemRoot\System32\Drivers\spldr.sys

    \SystemRoot\System32\drivers\rdyboost.sys

    \SystemRoot\System32\Drivers\mup.sys

    \SystemRoot\System32\drivers\hwpolicy.sys

    \SystemRoot\System32\DRIVERS\fvevol.sys

    \SystemRoot\system32\DRIVERS\disk.sys

    \SystemRoot\system32\DRIVERS\CLASSPNP.SYS

    \SystemRoot\system32\DRIVERS\cdrom.sys

    \SystemRoot\System32\Drivers\Null.SYS

    \SystemRoot\System32\Drivers\Beep.SYS

    \SystemRoot\System32\drivers\vga.sys

    \SystemRoot\System32\drivers\VIDEOPRT.SYS

    \SystemRoot\System32\drivers\watchdog.sys

    \SystemRoot\System32\DRIVERS\RDPCDD.sys

    \SystemRoot\system32\drivers\rdpencdd.sys

    \SystemRoot\system32\drivers\rdprefmp.sys

    \SystemRoot\System32\Drivers\Msfs.SYS

    \SystemRoot\System32\Drivers\Npfs.SYS

    \SystemRoot\system32\DRIVERS\tdx.sys

    \SystemRoot\system32\DRIVERS\TDI.SYS

    \SystemRoot\System32\DRIVERS\netbt.sys

    \SystemRoot\system32\drivers\afd.sys

    \SystemRoot\system32\DRIVERS\wfplwf.sys

    \SystemRoot\system32\DRIVERS\pacer.sys

    \SystemRoot\system32\DRIVERS\netbios.sys

    \SystemRoot\system32\DRIVERS\serial.sys

    \SystemRoot\system32\DRIVERS\wanarp.sys

    \SystemRoot\system32\drivers\termdd.sys

    \SystemRoot\system32\DRIVERS\rdbss.sys

    \SystemRoot\system32\drivers\nsiproxy.sys

    \SystemRoot\system32\drivers\mssmbios.sys

    \SystemRoot\System32\drivers\discache.sys

    \SystemRoot\system32\drivers\csc.sys

    \SystemRoot\System32\Drivers\dfsc.sys

    \SystemRoot\system32\DRIVERS\blbdrive.sys

    \SystemRoot\system32\DRIVERS\avkmgr.sys

    \SystemRoot\system32\DRIVERS\avipbb.sys

    \SystemRoot\system32\DRIVERS\tunnel.sys

    \SystemRoot\system32\DRIVERS\intelppm.sys

    \SystemRoot\system32\DRIVERS\nvlddmkm.sys

    \SystemRoot\System32\drivers\dxgkrnl.sys

    \SystemRoot\System32\drivers\dxgmms1.sys

    \SystemRoot\system32\DRIVERS\HDAudBus.sys

    \SystemRoot\system32\DRIVERS\HECIx64.sys

    \SystemRoot\system32\drivers\usbehci.sys

    \SystemRoot\system32\drivers\USBPORT.SYS

    \SystemRoot\System32\Drivers\EtronXHCI.sys

    \SystemRoot\system32\DRIVERS\Rt64win7.sys

    \SystemRoot\system32\DRIVERS\serenum.sys

    \SystemRoot\system32\DRIVERS\parport.sys

    \SystemRoot\system32\drivers\i8042prt.sys

    \SystemRoot\system32\drivers\kbdclass.sys

    \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys

    \SystemRoot\system32\drivers\CompositeBus.sys

    \SystemRoot\system32\DRIVERS\AgileVpn.sys

    \SystemRoot\system32\DRIVERS\rasl2tp.sys

    \SystemRoot\system32\DRIVERS\ndistapi.sys

    \SystemRoot\system32\DRIVERS\ndiswan.sys

    \SystemRoot\system32\DRIVERS\raspppoe.sys

    \SystemRoot\system32\DRIVERS\raspptp.sys

    \SystemRoot\system32\DRIVERS\rassstp.sys

    \SystemRoot\system32\DRIVERS\rdpbus.sys

    \SystemRoot\system32\DRIVERS\mouclass.sys

    \SystemRoot\system32\drivers\swenum.sys

    \SystemRoot\system32\drivers\ks.sys

    \SystemRoot\system32\drivers\umbus.sys

    \SystemRoot\system32\drivers\usbhub.sys

    \SystemRoot\System32\Drivers\EtronHub3.sys

    \SystemRoot\System32\Drivers\USBD.SYS

    \SystemRoot\System32\Drivers\NDProxy.SYS

    \SystemRoot\system32\drivers\nvhda64v.sys

    \SystemRoot\system32\drivers\portcls.sys

    \SystemRoot\system32\drivers\drmk.sys

    \SystemRoot\system32\drivers\ksthunk.sys

    \SystemRoot\system32\drivers\HdAudio.sys

    \SystemRoot\system32\DRIVERS\hidusb.sys

    \SystemRoot\system32\DRIVERS\HIDCLASS.SYS

    \SystemRoot\system32\DRIVERS\HIDPARSE.SYS

    \SystemRoot\system32\DRIVERS\mouhid.sys

    \SystemRoot\System32\win32k.sys

    \SystemRoot\System32\drivers\Dxapi.sys

    \SystemRoot\System32\Drivers\crashdmp.sys

    \SystemRoot\System32\Drivers\dump_dumpata.sys

    \SystemRoot\System32\Drivers\dump_atapi.sys

    \SystemRoot\System32\Drivers\dump_dumpfve.sys

    \SystemRoot\system32\DRIVERS\monitor.sys

    \SystemRoot\System32\TSDDD.dll

    \SystemRoot\System32\cdd.dll

    \SystemRoot\system32\drivers\luafv.sys

    \SystemRoot\system32\DRIVERS\avgntflt.sys

    \??\C:\Windows\system32\drivers\mbam.sys

    \SystemRoot\system32\drivers\WudfPf.sys

    \SystemRoot\system32\DRIVERS\lltdio.sys

    \SystemRoot\system32\DRIVERS\nwifi.sys

    \SystemRoot\system32\DRIVERS\ndisuio.sys

    \SystemRoot\system32\DRIVERS\rspndr.sys

    \SystemRoot\system32\DRIVERS\RtNdPt60.sys

    \SystemRoot\system32\drivers\HTTP.sys

    \SystemRoot\system32\DRIVERS\bowser.sys

    \SystemRoot\System32\drivers\mpsdrv.sys

    \SystemRoot\system32\DRIVERS\mrxsmb.sys

    \SystemRoot\system32\DRIVERS\mrxsmb10.sys

    \SystemRoot\system32\DRIVERS\mrxsmb20.sys

    \SystemRoot\system32\drivers\peauth.sys

    \SystemRoot\System32\Drivers\secdrv.SYS

    \SystemRoot\System32\DRIVERS\srvnet.sys

    \SystemRoot\System32\drivers\tcpipreg.sys

    \SystemRoot\System32\DRIVERS\srv2.sys

    \SystemRoot\System32\DRIVERS\srv.sys

    \??\C:\Users\Mike\AppData\Local\Temp\ALSysIO64.sys

    \SystemRoot\system32\DRIVERS\asyncmac.sys

    \??\C:\Windows\system32\drivers\mbamchameleon.sys

    \??\C:\Windows\system32\drivers\mbamswissarmy.sys

    \Windows\System32\ntdll.dll

    \Windows\System32\smss.exe

    \Windows\System32\apisetschema.dll

    \Windows\System32\autochk.exe

    \Windows\System32\gdi32.dll

    \Windows\System32\comdlg32.dll

    \Windows\System32\lpk.dll

    \Windows\System32\imagehlp.dll

    \Windows\System32\oleaut32.dll

    \Windows\System32\normaliz.dll

    \Windows\System32\setupapi.dll

    \Windows\System32\rpcrt4.dll

    \Windows\System32\imm32.dll

    \Windows\System32\sechost.dll

    \Windows\System32\ws2_32.dll

    \Windows\System32\psapi.dll

    \Windows\System32\clbcatq.dll

    \Windows\System32\ole32.dll

    \Windows\System32\Wldap32.dll

    \Windows\System32\shlwapi.dll

    \Windows\System32\shell32.dll

    \Windows\System32\msvcrt.dll

    \Windows\System32\advapi32.dll

    \Windows\System32\urlmon.dll

    \Windows\System32\nsi.dll

    \Windows\System32\iertutil.dll

    \Windows\System32\kernel32.dll

    \Windows\System32\msctf.dll

    \Windows\System32\wininet.dll

    \Windows\System32\difxapi.dll

    \Windows\System32\user32.dll

    \Windows\System32\usp10.dll

    \Windows\System32\cfgmgr32.dll

    \Windows\System32\crypt32.dll

    \Windows\System32\wintrust.dll

    \Windows\System32\KernelBase.dll

    \Windows\System32\devobj.dll

    \Windows\System32\comctl32.dll

    \Windows\System32\msasn1.dll

    \Windows\SysWOW64\normaliz.dll

    ----------- End -----------

    <<<1>>>

    Upper Device Name: \Device\Harddisk0\DR0

    Upper Device Object: 0xfffffa80077b3060

    Upper Device Driver Name: \Driver\Disk\

    Lower Device Name: \Device\Ide\IdeDeviceP1T0L0-1\

    Lower Device Object: 0xfffffa8007168060

    Lower Device Driver Name: \Driver\atapi\

    Device already Exists: 0xfffffa80085a4d60

    Initializing...

    Done!

    <<<2>>>

    Device number: 0, partition: 2

    Physical Sector Size: 512

    Drive: 0, DevicePointer: 0xfffffa80077b3060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

    --------- Disk Stack ------

    DevicePointer: 0xfffffa80077b3b90, DeviceName: Unknown, DriverName: \Driver\partmgr\

    DevicePointer: 0xfffffa80077b3060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

    DevicePointer: 0xfffffa8007166580, DeviceName: Unknown, DriverName: \Driver\ACPI\

    DevicePointer: 0xfffffa8007168060, DeviceName: \Device\Ide\IdeDeviceP1T0L0-1\, DriverName: \Driver\atapi\

    ------------ End ----------

    Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

    Upper DeviceData: 0xfffff8a0139fd290, 0xfffffa80077b3060, 0xfffffa8009efb790

    Lower DeviceData: 0xfffff8a00baebfe0, 0xfffffa8007168060, 0xfffffa80085a4d60

    <<<3>>>

    Volume: C:

    File system type: NTFS

    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

    Scanning directory: C:\Windows\system32\drivers...

    <<<2>>>

    Device number: 0, partition: 2

    <<<3>>>

    Volume: C:

    File system type: NTFS

    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

    Done!

    Drive 0

    Scanning MBR on drive 0...

    Inspecting partition table:

    MBR Signature: 55AA

    Disk Signature: F5A8035D

    Partition information:

    Partition 0 type is Primary (0x7)

    Partition is ACTIVE.

    Partition starts at LBA: 2048 Numsec = 204800

    Partition file system is NTFS

    Partition is bootable

    Partition 1 type is Primary (0x7)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 206848 Numsec = 1953314816

    Partition 2 type is Empty (0x0)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 0 Numsec = 0

    Partition 3 type is Empty (0x0)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 1000204886016 bytes

    Sector size: 512 bytes

    Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1953505168-1953525168)...

    Done!

    Performing system, memory and registry scan...

    Done!

    Scan finished

    =======================================

    Malwarebytes Anti-Rootkit BETA 1.05.0.1001

    www.malwarebytes.org

    Database version: v2013.04.20.10

    Windows 7 Service Pack 1 x64 NTFS

    Internet Explorer 8.0.7601.17514

    Mike :: GODBOX [administrator]

    4/20/2013 8:18:38 PM

    mbar-log-2013-04-20 (20-18-38).txt

    Scan type: Quick scan

    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P

    Scan options disabled:

    Objects scanned: 29453

    Time elapsed: 5 minute(s), 18 second(s)

    Memory Processes Detected: 0

    (No malicious items detected)

    Memory Modules Detected: 0

    (No malicious items detected)

    Registry Keys Detected: 0

    (No malicious items detected)

    Registry Values Detected: 0

    (No malicious items detected)

    Registry Data Items Detected: 0

    (No malicious items detected)

    Folders Detected: 0

    (No malicious items detected)

    Files Detected: 0

    (No malicious items detected)

    (end)

    service.exe issue

    in Resolved Malware Removal Logs

    Posted

    RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy

    mail : tigzyRK<at>gmail<dot>com

    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

    Website : http://tigzy.geekstogo.com/roguekiller.php

    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

    Started in : Normal mode

    User : Mike [Admin rights]

    Mode : Scan -- Date : 04/20/2013 17:36:07

    | ARK || FAK || MBR |

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 6 ¤¤¤

    [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND

    [HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND

    [HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND

    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

    [HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\Users\Mike\AppData\Local\{275fca38-8b77-c8b3-6acd-09cf1d7118c2}\n.) [x] -> FOUND

    ¤¤¤ Particular Files / Folders: ¤¤¤

    [ZeroAccess][FILE] @ : C:\Windows\Installer\{275fca38-8b77-c8b3-6acd-09cf1d7118c2}\@ [-] --> FOUND

    [ZeroAccess][FILE] @ : C:\Users\Mike\AppData\Local\{275fca38-8b77-c8b3-6acd-09cf1d7118c2}\@ [-] --> FOUND

    [ZeroAccess][FOLDER] U : C:\Windows\Installer\{275fca38-8b77-c8b3-6acd-09cf1d7118c2}\U --> FOUND

    [ZeroAccess][FOLDER] U : C:\Users\Mike\AppData\Local\{275fca38-8b77-c8b3-6acd-09cf1d7118c2}\U --> FOUND

    [ZeroAccess][FOLDER] L : C:\Windows\Installer\{275fca38-8b77-c8b3-6acd-09cf1d7118c2}\L --> FOUND

    [ZeroAccess][FOLDER] L : C:\Users\Mike\AppData\Local\{275fca38-8b77-c8b3-6acd-09cf1d7118c2}\L --> FOUND

    [ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_32\Desktop.ini [-] --> FOUND

    [ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_64\Desktop.ini [-] --> FOUND

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤

    ¤¤¤ Infection : ZeroAccess ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤

    --> C:\Windows\system32\drivers\etc\hosts

    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: SAMSUNG HD103SJ ATA Device +++++

    --- User ---

    [MBR] 19618fe00efd5b426500c1e73bbbe450

    [bSP] b5eb077b7f7f50f7042d1ecd6cbfcdec : Windows 7/8 MBR Code

    Partition table:

    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 953767 Mo

    User = LL1 ... OK!

    User = LL2 ... OK!

    Finished : << RKreport[1]_S_04202013_02d1736.txt >>

    RKreport[1]_S_04202013_02d1736.txt

    service.exe issue

    in Resolved Malware Removal Logs

    Posted

    Hello, I'm having a problem similar to the user here: http://forums.malwar...howtopic=122499

    Malwarebytes finds a couple things but when I restart and run the scan again it finds them again, and it does not find the issue with services.exe that Avira reports. Neither will do anything about it due to its location.

    Attach Log:

    .

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

    IF REQUESTED, ZIP IT UP & ATTACH IT

    .

    DDS (Ver_2012-11-20.01)

    .

    Microsoft Windows 7 Professional

    Boot Device: \Device\HarddiskVolume1

    Install Date: 9/20/2011 7:56:06 PM

    System Uptime: 4/20/2013 1:42:59 PM (0 hours ago)

    .

    Motherboard: Gigabyte Technology Co., Ltd. | | P67A-D3-B3

    Processor: Intel® Core™ i5-2400 CPU @ 3.10GHz | Socket 1155 | 3301/100mhz

    .

    ==== Disk Partitions =========================

    .

    C: is FIXED (NTFS) - 931 GiB total, 611.704 GiB free.

    D: is CDROM ()

    .

    ==== Disabled Device Manager Items =============

    .

    ==== System Restore Points ===================

    .

    RP127: 3/4/2013 5:56:05 PM - Installed DirectX

    RP128: 3/12/2013 7:53:52 PM - Scheduled Checkpoint

    RP129: 4/17/2013 11:22:47 AM - Scheduled Checkpoint

    .

    ==== Installed Programs ======================

    .

    7-Zip 9.20 (x64 edition)

    Adobe Flash Player 11 ActiveX

    Adobe Flash Player 11 Plugin

    Adobe Reader XI (11.0.02)

    APB Reloaded

    Apple Application Support

    Apple Mobile Device Support

    Apple Software Update

    Assassin's Creed Revelations

    Avira Free Antivirus

    Bastion - Demo

    Belkin Setup and Router Monitor

    Bonjour

    Brothers in Arms: Hell's Highway

    Cisco Connect

    Core Temp 1.0 RC2

    Diagnostic Utility

    Dishonored

    Etron USB3.0 Host Controller

    Explorer Suite III

    Fallout 3 - Game of the Year Edition

    Fraps

    Google Chrome

    Google Update Helper

    Hi-Rez Studios Authenticate and Update Service

    HP Deskjet 3050 J610 series Basic Device Software

    HP Deskjet 3050 J610 series Help

    HP Deskjet 3510 series Basic Device Software

    HP Deskjet 3510 series Help

    HP Update

    Intel® Management Engine Components

    iTunes

    Java Auto Updater

    Java™ 6 Update 32

    Killing Floor

    Malwarebytes Anti-Malware version 1.75.0.1300

    Mass Effect

    Mass Effect 2

    Mass Effect™ 3

    Microsoft Age of Empires II

    Microsoft Age of Empires II: The Conquerors Expansion

    Microsoft Games for Windows - LIVE Redistributable

    Microsoft Visual C++ 2005 Redistributable

    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219

    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

    Microsoft WSE 3.0 Runtime

    Microsoft XNA Framework Redistributable 3.1

    Nexus Mod Manager

    NVIDIA 3D Vision Controller Driver

    NVIDIA 3D Vision Controller Driver 296.10

    NVIDIA 3D Vision Driver 296.10

    NVIDIA Control Panel 296.10

    NVIDIA Graphics Driver 296.10

    NVIDIA HD Audio Driver 1.3.12.0

    NVIDIA Install Application

    NVIDIA PhysX

    NVIDIA PhysX System Software 9.12.0213

    NVIDIA Stereoscopic 3D Driver

    NVIDIA Update 1.7.11

    NVIDIA Update Components

    OpenOffice.org 3.3

    Origin

    Portal

    Portal 2

    Portal 2 Publishing Tool

    PunkBuster Services

    QuickTime

    Realtek Ethernet Controller Driver

    S.T.A.L.K.E.R.: Call of Pripyat

    S.T.A.L.K.E.R.: Shadow of Chernobyl

    Saints Row: The Third

    Steam

    The Elder Scrolls III: Morrowind

    The Elder Scrolls IV: Oblivion

    The Elder Scrolls V: Skyrim

    The Sims™ 3

    The Witcher 2: Assassins of Kings Enhanced Edition

    The Witcher 2: Bonus Content

    Tom Clancy's Splinter Cell: Conviction

    Tribes Ascend

    Ubisoft Game Launcher

    Visual Studio 2008 x64 Redistributables

    Visual Studio 2010 x64 Redistributables

    .

    ==== Event Viewer Messages From Past Week ========

    .

    4/17/2013 11:22:42 AM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolumeShadowCopy7.

    4/13/2013 8:19:18 PM, Error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.2.2 with the system having network hardware address 14-8F-C6-9E-47-D0. Network operations on this system may be disrupted as a result.

    .

    ==== End Of File ===========================

    DDS log

    DDS (Ver_2012-11-20.01) - NTFS_AMD64

    Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_32

    Run by Mike at 13:47:55 on 2013-04-20

    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8175.6209 [GMT -4:00]

    .

    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    .

    ============== Running Processes ===============

    .

    C:\Windows\system32\lsm.exe

    C:\Windows\system32\svchost.exe -k DcomLaunch

    C:\Windows\system32\nvvsvc.exe

    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

    C:\Windows\system32\svchost.exe -k RPCSS

    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

    C:\Windows\system32\svchost.exe -k netsvcs

    C:\Windows\system32\svchost.exe -k LocalService

    C:\Windows\system32\svchost.exe -k NetworkService

    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

    C:\Windows\system32\nvvsvc.exe

    C:\Windows\System32\spoolsv.exe

    C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

    C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe

    C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

    C:\Program Files\Bonjour\mDNSResponder.exe

    C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork

    C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe

    C:\Windows\SysWOW64\PnkBstrA.exe

    C:\Windows\system32\svchost.exe -k imgsvc

    C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

    C:\Windows\system32\taskeng.exe

    C:\Windows\system32\Dwm.exe

    C:\Windows\system32\taskhost.exe

    C:\Windows\system32\taskeng.exe

    C:\Program Files\Core Temp\Core Temp.exe

    C:\Windows\Explorer.EXE

    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

    C:\Program Files\Windows Sidebar\sidebar.exe

    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe

    C:\Program Files (x86)\iTunes\iTunesHelper.exe

    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

    C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin

    C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe

    C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

    C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe

    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

    C:\Program Files\iPod\bin\iPodService.exe

    C:\Windows\system32\SearchIndexer.exe

    C:\Windows\system32\SearchProtocolHost.exe

    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

    C:\Windows\system32\sppsvc.exe

    C:\Program Files\Windows Media Player\wmpnetwk.exe

    C:\Windows\system32\wbem\wmiprvse.exe

    C:\Windows\system32\SearchFilterHost.exe

    C:\Windows\system32\SearchProtocolHost.exe

    \\?\C:\Windows\system32\wbem\WMIADAP.EXE

    C:\Windows\system32\wbem\wmiprvse.exe

    C:\Windows\System32\cscript.exe

    .

    ============== Pseudo HJT Report ===============

    .

    mWinlogon: Userinit = userinit.exe,

    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

    BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

    BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

    uRun: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent

    uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

    mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

    mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

    mRun: [instaLAN] "C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startup

    mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe

    StartupFolder: C:\Users\Mike\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe

    mPolicies-Explorer: NoActiveDesktop = dword:1

    mPolicies-Explorer: NoActiveDesktopChanges = dword:1

    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

    mPolicies-System: ConsentPromptBehaviorUser = dword:3

    mPolicies-System: EnableUIADesktopToggle = dword:0

    mPolicies-System: PromptOnSecureDesktop = dword:0

    LSP: mswsock.dll

    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab

    DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab

    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab

    TCP: NameServer = 192.168.2.1

    TCP: Interfaces\{CF25872C-D22A-4963-9BE3-0BDA78E8AD26} : DHCPNameServer = 192.168.2.1

    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -

    SSODL: WebCheck - <orphaned>

    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

    x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -

    x64-SSODL: WebCheck - <orphaned>

    .

    ============= SERVICES / DRIVERS ===============

    .

    R1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2013-3-28 28600]

    R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2012-12-24 86752]

    R2 AntiVirService;Avira Real-Time Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2012-12-24 110816]

    R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2013-3-28 100712]

    R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-5-3 8704]

    R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-4-20 418376]

    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-4-20 701512]

    R2 RtNdPt60;Realtek NDIS Protocol Driver;C:\Windows\System32\drivers\RtNdPt60.sys [2011-9-20 27136]

    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-2-29 382272]

    R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\System32\drivers\EtronHub3.sys [2011-8-17 57088]

    R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\System32\drivers\EtronXHCI.sys [2011-8-17 80384]

    R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-4-20 25928]

    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-9-20 535656]

    S3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);C:\Windows\System32\drivers\RtVlan60.sys [2011-9-20 24064]

    S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]

    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-9-21 59392]

    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-2-15 52736]

    S3 VLAN;Realtek Virtual Miniport Driver for VLAN (NDIS 6.2);C:\Windows\System32\drivers\RtVlan60.sys [2011-9-20 24064]

    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-9-21 1255736]

    .

    =============== Created Last 30 ================

    .

    2013-04-20 17:34:44 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

    2013-04-20 17:34:43 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

    2013-04-20 17:34:25 -------- d-----w- C:\Users\Mike\AppData\Local\Programs

    2013-03-28 23:01:53 28600 ----a-w- C:\Windows\System32\drivers\avkmgr.sys

    2013-03-28 23:01:53 100712 ----a-w- C:\Windows\System32\drivers\avgntflt.sys

    2013-03-24 16:10:46 -------- d-----w- C:\Users\Mike\AppData\Roaming\HpUpdate

    2013-03-24 16:10:45 741480 ------w- C:\Windows\System32\HPDiscoPMAD11.dll

    2013-03-23 16:19:51 -------- d-----w- C:\ProgramData\Belkin

    2013-03-23 16:14:53 -------- d-----w- C:\ProgramData\Affinegy

    2013-03-23 16:14:53 -------- d-----w- C:\Program Files (x86)\Belkin

    .

    ==================== Find3M ====================

    .

    2013-03-12 22:51:48 73432 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

    2013-03-12 22:51:48 693976 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

    .

    ============= FINISH: 13:49:06.06 ===============

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.