Jump to content

brich1

Members
  • Posts

    15
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Mr. C - I am following your instructions to download OTC but I am getting a popup - OTC.exe couldn't be downloaded ?? Also - When I run Rogue Killer - there doesn't seem to be an uninstall option? Thanks
  2. Results of screen317's Security Check version 0.99.64 Windows 7 Service Pack 1 x86 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Microsoft Security Essentials (On Access scanning disabled!) Error obtaining update status for antivirus! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.75.0.1300 CCleaner Java 6 Update 32 Java version out of Date! Adobe Reader 10.1.4 Adobe Reader out of Date! Google Chrome 26.0.1410.64 Google Chrome 27.0.1453.94 ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 8% ````````````````````End of Log``````````````````````
  3. Most things look ok - but it does seem a bit sluggish. For instance when I open up an email message in outlook it takes quite a while to close the message. Will I need to delete any of the items that were downloaded?
  4. ogueKiller V8.5.4 [Mar 18 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version Started in : Normal mode User : Brian [Admin rights] Mode : Scan -- Date : 05/30/2013 14:30:29 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 5 ¤¤¤ [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST500DM002-1BD142 ATA Device +++++ --- User --- [MBR] 6c5611fcf0789594217c56a17e70976e [bSP] 005c715f5ce46766741df02f1b00bda3 : Windows 7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 476838 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[4]_S_05302013_02d1430.txt >> RKreport[1]_S_05292013_02d1424.txt ; RKreport[2]_S_05302013_02d0834.txt ; RKreport[3]_D_05302013_02d0909.txt ; RKreport[4]_S_05302013_02d1430.txt
  5. # AdwCleaner v2.301 - Logfile created 05/30/2013 at 14:23:59 # Updated 16/05/2013 by Xplode # Operating system : Windows 7 Professional Service Pack 1 (32 bits) # User : Brian - BRIAN0312 # Boot Mode : Normal # Running from : C:\Users\brian\Desktop\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** Folder Deleted : C:\ProgramData\APN ***** [Registry] ***** Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966 ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16483 [OK] Registry is clean. -\\ Google Chrome v27.0.1453.94 File : C:\Users\Setup\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. File : C:\Users\brian\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [1294 octets] - [30/05/2013 14:21:57]
  6. I am trying to dowload Adwcleaner but I get a message that it couldn't be downloaded - the publisher couldn't be verified. I'm not sure how to get by this?
  7. omboFix 13-05-30.02 - Brian 05/30/2013 11:24:16.1.4 - x86 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3488.2237 [GMT -5:00] Running from: c:\users\brian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OWCHR49Q\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5} SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\brian\Documents\pub245.tmp c:\users\brian\Documents\pub76.tmp c:\users\brian\g2mdlhlpx.exe c:\windows\system32\URTTemp c:\windows\system32\URTTemp\regtlib.exe . . ((((((((((((((((((((((((( Files Created from 2013-04-28 to 2013-05-30 ))))))))))))))))))))))))))))))) . . 2013-05-30 16:27 . 2013-05-30 16:27 -------- d-----w- c:\users\Setup\AppData\Local\temp 2013-05-30 14:41 . 2013-05-30 14:41 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{31B068FD-BBBB-4B61-8767-17CF33FC1EC2}\MpKslc56d428f.sys 2013-05-30 14:27 . 2013-05-30 14:27 60872 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{31B068FD-BBBB-4B61-8767-17CF33FC1EC2}\offreg.dll 2013-05-30 14:10 . 2013-05-30 14:58 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable) 2013-05-30 13:33 . 2013-05-30 13:33 15616 ----a-w- c:\windows\system32\drivers\TrueSight.sys 2013-05-29 15:46 . 2013-05-13 06:19 7016152 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{31B068FD-BBBB-4B61-8767-17CF33FC1EC2}\mpengine.dll 2013-05-29 13:35 . 2013-05-29 13:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2013-05-29 13:35 . 2013-04-04 19:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-05-28 21:55 . 2013-05-13 06:19 7016152 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-05-28 20:58 . 2013-05-28 20:58 -------- d-----w- c:\windows\ERUNT 2013-05-28 20:58 . 2013-05-28 20:58 -------- d-----w- C:\JRT 2013-05-28 19:56 . 2013-05-28 19:56 -------- d-----w- c:\users\brian\AppData\Roaming\Malwarebytes 2013-05-28 19:55 . 2013-05-28 19:55 -------- d-----w- c:\programdata\Malwarebytes 2013-05-28 19:55 . 2013-05-28 19:55 -------- d-----w- c:\users\brian\AppData\Local\Programs 2013-05-28 18:55 . 2013-05-28 19:14 -------- d-----w- c:\users\brian\AppData\Roaming\Hiyncu 2013-05-25 14:09 . 2013-05-28 21:06 -------- d-----w- c:\program files\GridinSoft Trojan Killer 2013-05-23 14:45 . 2013-05-23 14:45 -------- d-----w- c:\users\brian\AppData\Roaming\webex 2013-05-22 13:53 . 2013-05-22 13:53 -------- d-----w- c:\users\brian\AppData\Local\Citrix 2013-05-21 07:39 . 2013-05-21 07:39 724464 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5A55E483-5015-45CA-BFD8-406B421346C7}\gapaengine.dll 2013-05-16 08:03 . 2013-05-05 19:12 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2013-05-15 12:07 . 2013-04-10 03:14 2347520 ----a-w- c:\windows\system32\win32k.sys 2013-05-15 12:07 . 2013-04-10 05:18 728424 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys 2013-05-15 12:07 . 2013-04-10 05:18 218984 ----a-w- c:\windows\system32\drivers\dxgmms1.sys 2013-05-15 12:06 . 2013-02-27 05:05 101720 ----a-w- c:\windows\system32\consent.exe 2013-05-15 12:06 . 2013-02-27 04:49 1796096 ----a-w- c:\windows\system32\authui.dll 2013-05-15 12:06 . 2013-02-27 04:49 47104 ----a-w- c:\windows\system32\appinfo.dll 2013-05-02 16:42 . 2013-05-28 19:29 -------- d-----w- c:\programdata\WebEx . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-05-24 21:09 . 2011-03-28 23:36 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2013-05-14 21:11 . 2012-05-01 01:32 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-05-14 21:11 . 2012-03-13 01:02 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-05-02 07:06 . 2012-03-12 23:44 238872 ------w- c:\windows\system32\MpSigStub.exe 2013-04-24 08:02 . 2012-06-13 13:26 706640 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll 2013-04-12 13:45 . 2013-04-23 19:42 1211752 ----a-w- c:\windows\system32\drivers\ntfs.sys 2013-04-02 14:09 . 2013-04-02 14:09 4550656 ----a-w- c:\windows\system32\GPhotos.scr 2013-03-19 05:04 . 2013-04-10 13:45 3968856 ----a-w- c:\windows\system32\ntkrnlpa.exe 2013-03-19 05:04 . 2013-04-10 13:45 3913560 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-03-19 04:48 . 2013-04-10 13:45 38912 ----a-w- c:\windows\system32\csrsrv.dll 2013-03-19 02:49 . 2013-04-10 13:45 69632 ----a-w- c:\windows\system32\smss.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Speech Recognition"="c:\windows\Speech\Common\sapisvr.exe" [2009-07-14 51712] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-11-18 11483752] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-07 421736] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 947152] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-20 144664] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-20 180504] "Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-20 187672] "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1313640] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-01-07 1797488] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Rand McNally Dock.lnk - c:\program files\Rand McNally\RNDDock\StartupLauncher.bat [2012-12-19 25] Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 74308] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cixitec] 2013-05-26 02:10 17920 ----a-w- c:\windows\System32\config\systemprofile\AppData\Local\cixitec.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [x] R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [x] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [x] R3 SQLAgent$JJKA_KDS;SQLAgent$JJKA_KDS;c:\program files\Microsoft SQL Server\MSSQL$JJKA_KDS\Binn\sqlagent.EXE [x] S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x] S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x] S2 MSSQL$JJKA_KDS;MSSQL$JJKA_KDS;c:\program files\Microsoft SQL Server\MSSQL$JJKA_KDS\Binn\sqlservr.exe [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] S3 MEI;Intel® Management Engine Interface ;c:\windows\system32\DRIVERS\HECI.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - MPKSLC56D428F . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-05-24 19:40 1165776 ----a-w- c:\program files\Google\Chrome\Application\27.0.1453.94\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-05-30 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-01 21:11] . 2013-05-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-05-01 01:34] . 2013-05-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-05-01 01:34] . . ------- Supplementary Scan ------- . uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uStart Page = hxxp://www.google.com/ uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s TCP: DhcpNameServer = 192.168.1.1 DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://72.236.138.36/activex/AMC.cab . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions] @Denied: (2) (LocalSystem) "{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8, 89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b "{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b, 27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc, 1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7 "{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07, 72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57 "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23, 94,30,02,d1,0f,f1,da,12,24,73,56,27,d2 "{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce, 9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d "{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b, ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3 "{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd, d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db, df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd "{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16, fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17 "{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9, b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration] @Denied: (2) (LocalSystem) "Timestamp"=hex:91,fb,6c,85,05,cf,cd,01 . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a8,71,b8,23,a1,d7,2e,41,92,65,c8,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a8,71,b8,23,a1,d7,2e,41,92,65,c8,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-05-30 11:28:43 ComboFix-quarantined-files.txt 2013-05-30 16:28 ComboFix2.txt 2011-06-02 16:32 ComboFix3.txt 2011-06-01 13:45 . Pre-Run: 448,121,384,960 bytes free Post-Run: 448,390,819,840 bytes free . - - End Of File - - 4794C002482C563F85D741C495CEE491
  8. alwarebytes Anti-Rootkit BETA 1.06.0.1003 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x86 Account is Administrative Internet Explorer version: 9.0.8112.16421 Java version: 1.6.0_32 File system is: NTFS Disk drives: C:\ DRIVE_FIXED CPU speed: 3.292000 GHz Memory total: 3657666560, free: 2444763136 Downloaded database version: v2013.05.30.04 Downloaded database version: v2013.05.22.01 Initializing... ------------ Kernel report ------------ 05/30/2013 09:10:18 ------------ Loaded modules ----------- \SystemRoot\system32\ntkrnlpa.exe \SystemRoot\system32\halmacpi.dll \SystemRoot\system32\kdcom.dll \SystemRoot\system32\mcupdate_GenuineIntel.dll \SystemRoot\system32\PSHED.dll \SystemRoot\system32\BOOTVID.dll \SystemRoot\system32\CLFS.SYS \SystemRoot\system32\CI.dll \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\system32\drivers\ACPI.sys \SystemRoot\system32\drivers\WMILIB.SYS \SystemRoot\system32\drivers\msisadrv.sys \SystemRoot\system32\drivers\pci.sys \SystemRoot\system32\drivers\vdrvroot.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\system32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\system32\drivers\pciide.sys \SystemRoot\system32\drivers\PCIIDEX.SYS \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\system32\drivers\atapi.sys \SystemRoot\system32\drivers\ataport.SYS \SystemRoot\system32\drivers\amdxata.sys \SystemRoot\system32\drivers\fltmgr.sys \SystemRoot\system32\drivers\fileinfo.sys \SystemRoot\system32\DRIVERS\MpFilter.sys \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\System32\Drivers\msrpc.sys \SystemRoot\System32\Drivers\ksecdd.sys \SystemRoot\System32\Drivers\cng.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\system32\drivers\vmstorfl.sys \SystemRoot\system32\drivers\volsnap.sys \SystemRoot\System32\Drivers\spldr.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\System32\drivers\hwpolicy.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\system32\drivers\disk.sys \SystemRoot\system32\drivers\CLASSPNP.SYS \SystemRoot\system32\DRIVERS\cdrom.sys \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\drivers\VIDEOPRT.SYS \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\system32\drivers\rdpencdd.sys \SystemRoot\system32\drivers\rdprefmp.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\system32\drivers\afd.sys \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\DRIVERS\wfplwf.sys \SystemRoot\system32\DRIVERS\pacer.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\serial.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\system32\DRIVERS\termdd.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\system32\DRIVERS\mssmbios.sys \SystemRoot\System32\drivers\discache.sys \SystemRoot\system32\drivers\csc.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\system32\DRIVERS\blbdrive.sys \SystemRoot\system32\DRIVERS\tunnel.sys \SystemRoot\system32\DRIVERS\igdkmd32.sys \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\dxgmms1.sys \SystemRoot\system32\DRIVERS\HECI.sys \SystemRoot\system32\drivers\usbehci.sys \SystemRoot\system32\drivers\USBPORT.SYS \SystemRoot\system32\DRIVERS\HDAudBus.sys \SystemRoot\system32\DRIVERS\Rt86win7.sys \SystemRoot\system32\DRIVERS\serenum.sys \SystemRoot\system32\DRIVERS\parport.sys \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys \SystemRoot\system32\DRIVERS\intelppm.sys \SystemRoot\system32\DRIVERS\CompositeBus.sys \SystemRoot\system32\DRIVERS\AgileVpn.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\rassstp.sys \SystemRoot\system32\DRIVERS\rdpbus.sys \SystemRoot\system32\DRIVERS\kbdclass.sys \SystemRoot\system32\DRIVERS\mouclass.sys \SystemRoot\system32\DRIVERS\swenum.sys \SystemRoot\system32\DRIVERS\ks.sys \SystemRoot\system32\DRIVERS\umbus.sys \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\drivers\RTKVHDA.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\system32\DRIVERS\udfs.sys \SystemRoot\system32\DRIVERS\usbccgp.sys \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\system32\DRIVERS\hidusb.sys \SystemRoot\system32\DRIVERS\HIDCLASS.SYS \SystemRoot\system32\DRIVERS\HIDPARSE.SYS \SystemRoot\system32\DRIVERS\kbdhid.sys \SystemRoot\system32\DRIVERS\mouhid.sys \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\Drivers\dump_dumpata.sys \SystemRoot\System32\Drivers\dump_atapi.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\system32\DRIVERS\monitor.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\System32\cdd.dll \SystemRoot\System32\ATMFD.DLL \SystemRoot\system32\drivers\luafv.sys \??\C:\Windows\system32\drivers\mbam.sys \SystemRoot\system32\drivers\WudfPf.sys \SystemRoot\system32\DRIVERS\lltdio.sys \SystemRoot\system32\DRIVERS\rspndr.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \SystemRoot\system32\DRIVERS\parvdm.sys \SystemRoot\system32\DRIVERS\NisDrvWFP.sys \SystemRoot\system32\drivers\peauth.sys \SystemRoot\System32\Drivers\secdrv.SYS \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\System32\drivers\tcpipreg.sys \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\System32\DRIVERS\srv.sys \SystemRoot\System32\drivers\rdpdr.sys \SystemRoot\system32\drivers\tdtcp.sys \SystemRoot\System32\DRIVERS\tssecsrv.sys \SystemRoot\System32\Drivers\RDPWD.SYS \SystemRoot\system32\DRIVERS\asyncmac.sys \??\C:\Users\brian\AppData\Local\Temp\mbr.sys \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{31B068FD-BBBB-4B61-8767-17CF33FC1EC2}\MpKslafae1bd2.sys \??\C:\Windows\system32\drivers\TrueSight.sys \SystemRoot\system32\DRIVERS\WSDPrint.sys \SystemRoot\system32\DRIVERS\WSDScan.sys \??\C:\Windows\system32\drivers\mbamchameleon.sys \??\C:\Windows\system32\drivers\mbamswissarmy.sys \Windows\System32\ntdll.dll \Windows\System32\smss.exe \Windows\System32\apisetschema.dll \Windows\System32\autochk.exe ----------- End ----------- Done! <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xffffffff86935030 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IdeDeviceP2T0L0-2\ Lower Device Object: 0xffffffff8643a908 Lower Device Driver Name: \00002370\ IRP handler 0 of \Driver\atapi points to an unknown module Unhooking enabled. <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xffffffff86935030 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IdeDeviceP2T0L0-2\ Lower Device Object: 0xffffffff8643a908 Lower Device Driver Name: \00002370\ Driver name found: atapi Initialization returned 0x0 Port sub-driver loaded: \??\C:\Windows\System32\drivers\ataport.sys (0x0) Load Function returned 0x0 <<<2>>> Device number: 0, partition: 2 Physical Sector Size: 512 Drive: 0, DevicePointer: 0xffffffff86935030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xffffffff86935d10, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xffffffff86935030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xffffffff863e5788, DeviceName: Unknown, DriverName: \Driver\ACPI\ DevicePointer: 0xffffffff8643a908, DeviceName: \Device\Ide\IdeDeviceP2T0L0-2\, DriverName: \00002370\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ Upper DeviceData: 0xffffffffb9fcd4d0, 0xffffffff86935030, 0xffffffff88a17048 Lower DeviceData: 0xffffffff89f30320, 0xffffffff8643a908, 0xffffffffc7ba6b78 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes <<<2>>> Device number: 0, partition: 2 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning drivers directory: C:\Windows\system32\drivers... <<<2>>> Device number: 0, partition: 2 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Done! Drive 0 Scanning MBR on drive 0... MBR buffers are not equal MBR is forged! [] Inspecting partition table: MBR Signature: 55AA Disk Signature: F8DC4F8C Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 2048 Numsec = 204800 Partition file system is NTFS Partition is bootable Partition 1 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 206848 Numsec = 976564224 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Replacement MBR for a drive 0 found MBR infection found on drive 0 Disk Size: 500107862016 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)... Done! Scan finished Creating System Restore point... Cleaning up... <<<2>>> Device number: 0, partition: 2 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes <<<2>>> Device number: 0, partition: 2 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Removal scheduling successful. System shutdown needed. System shutdown occurred ======================================= --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.06.0.1003 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x86 Account is Administrative Internet Explorer version: 9.0.8112.16421 Java version: 1.6.0_32 File system is: NTFS Disk drives: C:\ DRIVE_FIXED CPU speed: 3.292000 GHz Memory total: 3657666560, free: 2292305920 Initializing... ------------ Kernel report ------------ 05/30/2013 09:41:13 ------------ Loaded modules ----------- \SystemRoot\system32\ntkrnlpa.exe \SystemRoot\system32\halmacpi.dll \SystemRoot\system32\kdcom.dll \SystemRoot\system32\mcupdate_GenuineIntel.dll \SystemRoot\system32\PSHED.dll \SystemRoot\system32\BOOTVID.dll \SystemRoot\system32\CLFS.SYS \SystemRoot\system32\CI.dll \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\system32\drivers\ACPI.sys \SystemRoot\system32\drivers\WMILIB.SYS \SystemRoot\system32\drivers\msisadrv.sys \SystemRoot\system32\drivers\pci.sys \SystemRoot\system32\drivers\vdrvroot.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\system32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\system32\drivers\pciide.sys \SystemRoot\system32\drivers\PCIIDEX.SYS \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\system32\drivers\atapi.sys \SystemRoot\system32\drivers\ataport.SYS \SystemRoot\system32\drivers\amdxata.sys \SystemRoot\system32\drivers\fltmgr.sys \SystemRoot\system32\drivers\fileinfo.sys \SystemRoot\system32\DRIVERS\MpFilter.sys \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\System32\Drivers\msrpc.sys \SystemRoot\System32\Drivers\ksecdd.sys \SystemRoot\System32\Drivers\cng.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\system32\drivers\vmstorfl.sys \SystemRoot\system32\drivers\volsnap.sys \SystemRoot\System32\Drivers\spldr.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\System32\drivers\hwpolicy.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\system32\drivers\disk.sys \SystemRoot\system32\drivers\CLASSPNP.SYS \SystemRoot\system32\DRIVERS\cdrom.sys \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\drivers\VIDEOPRT.SYS \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\system32\drivers\rdpencdd.sys \SystemRoot\system32\drivers\rdprefmp.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\system32\drivers\afd.sys \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\DRIVERS\wfplwf.sys \SystemRoot\system32\DRIVERS\pacer.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\serial.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\system32\DRIVERS\termdd.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\system32\DRIVERS\mssmbios.sys \SystemRoot\System32\drivers\discache.sys \SystemRoot\system32\drivers\csc.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\system32\DRIVERS\blbdrive.sys \SystemRoot\system32\DRIVERS\tunnel.sys \SystemRoot\system32\DRIVERS\igdkmd32.sys \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\dxgmms1.sys \SystemRoot\system32\DRIVERS\HECI.sys \SystemRoot\system32\drivers\usbehci.sys \SystemRoot\system32\drivers\USBPORT.SYS \SystemRoot\system32\DRIVERS\HDAudBus.sys \SystemRoot\system32\DRIVERS\Rt86win7.sys \SystemRoot\system32\DRIVERS\serenum.sys \SystemRoot\system32\DRIVERS\parport.sys \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys \SystemRoot\system32\DRIVERS\intelppm.sys \SystemRoot\system32\DRIVERS\CompositeBus.sys \SystemRoot\system32\DRIVERS\AgileVpn.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\rassstp.sys \SystemRoot\system32\DRIVERS\rdpbus.sys \SystemRoot\system32\DRIVERS\kbdclass.sys \SystemRoot\system32\DRIVERS\mouclass.sys \SystemRoot\system32\DRIVERS\swenum.sys \SystemRoot\system32\DRIVERS\ks.sys \SystemRoot\system32\DRIVERS\umbus.sys \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\drivers\RTKVHDA.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\system32\DRIVERS\udfs.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\Drivers\dump_dumpata.sys \SystemRoot\System32\Drivers\dump_atapi.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\system32\DRIVERS\monitor.sys \SystemRoot\system32\DRIVERS\usbccgp.sys \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\system32\DRIVERS\hidusb.sys \SystemRoot\system32\DRIVERS\HIDCLASS.SYS \SystemRoot\system32\DRIVERS\HIDPARSE.SYS \SystemRoot\system32\DRIVERS\kbdhid.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\System32\cdd.dll \SystemRoot\system32\DRIVERS\mouhid.sys \SystemRoot\System32\ATMFD.DLL \SystemRoot\system32\drivers\luafv.sys \??\C:\Windows\system32\drivers\mbam.sys \SystemRoot\system32\drivers\WudfPf.sys \SystemRoot\system32\DRIVERS\lltdio.sys \SystemRoot\system32\DRIVERS\rspndr.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \SystemRoot\system32\DRIVERS\parvdm.sys \SystemRoot\system32\drivers\peauth.sys \SystemRoot\System32\Drivers\secdrv.SYS \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\System32\drivers\tcpipreg.sys \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\System32\DRIVERS\srv.sys \SystemRoot\system32\DRIVERS\NisDrvWFP.sys \SystemRoot\System32\drivers\rdpdr.sys \SystemRoot\system32\drivers\tdtcp.sys \SystemRoot\System32\DRIVERS\tssecsrv.sys \SystemRoot\System32\Drivers\RDPWD.SYS \SystemRoot\system32\DRIVERS\WSDPrint.sys \SystemRoot\system32\DRIVERS\WSDScan.sys \SystemRoot\system32\DRIVERS\asyncmac.sys \??\C:\Windows\system32\drivers\mbamchameleon.sys \??\C:\Windows\system32\drivers\mbamswissarmy.sys \Windows\System32\ntdll.dll \Windows\System32\smss.exe \Windows\System32\apisetschema.dll \Windows\System32\autochk.exe \Windows\System32\msvcrt.dll \Windows\System32\ole32.dll \Windows\System32\ws2_32.dll \Windows\System32\iertutil.dll \Windows\System32\urlmon.dll ----------- End ----------- Done! <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xffffffff865397c8 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IdeDeviceP2T0L0-2\ Lower Device Object: 0xffffffff8603a908 Lower Device Driver Name: \Driver\atapi\ <<<2>>> Device number: 0, partition: 2 Physical Sector Size: 512 Drive: 0, DevicePointer: 0xffffffff865397c8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xffffffff865394a8, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xffffffff865397c8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xffffffff86087930, DeviceName: Unknown, DriverName: \Driver\ACPI\ DevicePointer: 0xffffffff8603a908, DeviceName: \Device\Ide\IdeDeviceP2T0L0-2\, DriverName: \Driver\atapi\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes <<<2>>> Device number: 0, partition: 2 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning drivers directory: C:\Windows\system32\drivers... <<<2>>> Device number: 0, partition: 2 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Done! Drive 0 Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: F8DC4F8C Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 2048 Numsec = 204800 Partition file system is NTFS Partition is bootable Partition 1 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 206848 Numsec = 976564224 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 500107862016 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)... Done! Scan finished ======================================= Removal queue found; removal started Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam... Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_0_2048_i.mbam... Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam... Removal finished
  9. alwarebytes Anti-Rootkit BETA 1.06.0.1003 www.malwarebytes.org Database version: v2013.05.30.04 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 Brian :: BRIAN0312 [administrator] 5/30/2013 9:41:17 AM mbar-log-2013-05-30 (09-41-17).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P Scan options disabled: Deep Anti-Rootkit Scan | PUP Objects scanned: 307675 Time elapsed: 12 minute(s), Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) Physical Sectors Detected: 0 (No malicious items detected) (end)
  10. There is a bunch of new files found that say SOFTWARE\Microsoft\Windows\... in red?
  11. I just ran Rogue Killer again and got this - I'm not sure which ones to to check and delete? RogueKiller V8.5.4 [Mar 18 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version Started in : Normal mode User : Brian [Admin rights] Mode : Scan -- Date : 05/30/2013 08:34:17 | ARK || FAK || MBR | ¤¤¤ Bad processes : 1 ¤¤¤ [sVCHOST] svchost.exe -- C:\Windows\System32\svchost.exe [x] -> KILLED [TermProc] ¤¤¤ Registry Entries : 15 ¤¤¤ [RUN][sUSP PATH] HKCU\[...]\Run : {57CFE720-29F3-416C-9F43-EEBE892A0677} (rundll32 "C:\Users\brian\AppData\Local\RNDDock\{57CFE720-29F3-416C-9F43-EEBE892A0677}\wzxebrzg.dll",DllRegisterServer) [-] -> FOUND [RUN][sUSP PATH] HKLM\[...]\Run : TimeServer ("C:\Windows\system32\config\systemprofile\AppData\Roaming\Macromedia\WINDBE3.exe") [-] -> FOUND [RUN][sUSP PATH] HKUS\.DEFAULT[...]\Run : cixitec (rundll32 "C:\Windows\system32\config\systemprofile\AppData\Local\cixitec.dll",cixitec) [-] -> FOUND [RUN][sUSP PATH] HKUS\.DEFAULT[...]\Run : {57CFE720-29F3-416C-9F43-EEBE892A0677} (rundll32 "C:\Users\brian\AppData\Local\RNDDock\{57CFE720-29F3-416C-9F43-EEBE892A0677}\wzxebrzg.dll",DllRegisterServer) [-] -> FOUND [RUN][sUSP PATH] HKUS\S-1-5-19[...]\Run : {57CFE720-29F3-416C-9F43-EEBE892A0677} (rundll32 "C:\Users\brian\AppData\Local\RNDDock\{57CFE720-29F3-416C-9F43-EEBE892A0677}\wzxebrzg.dll",DllRegisterServer) [-] -> FOUND [RUN][sUSP PATH] HKUS\S-1-5-20[...]\Run : {57CFE720-29F3-416C-9F43-EEBE892A0677} (rundll32 "C:\Users\brian\AppData\Local\RNDDock\{57CFE720-29F3-416C-9F43-EEBE892A0677}\wzxebrzg.dll",DllRegisterServer) [-] -> FOUND [RUN][sUSP PATH] HKUS\S-1-5-21-839522115-861567501-1801674531-1107[...]\Run : {57CFE720-29F3-416C-9F43-EEBE892A0677} (rundll32 "C:\Users\brian\AppData\Local\RNDDock\{57CFE720-29F3-416C-9F43-EEBE892A0677}\wzxebrzg.dll",DllRegisterServer) [-] -> FOUND [RUN][sUSP PATH] HKUS\S-1-5-18[...]\Run : cixitec (rundll32 "C:\Windows\system32\config\systemprofile\AppData\Local\cixitec.dll",cixitec) [-] -> FOUND [RUN][sUSP PATH] HKUS\S-1-5-18[...]\Run : {57CFE720-29F3-416C-9F43-EEBE892A0677} (rundll32 "C:\Users\brian\AppData\Local\RNDDock\{57CFE720-29F3-416C-9F43-EEBE892A0677}\wzxebrzg.dll",DllRegisterServer) [-] -> FOUND [HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND [HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts
  12. Sorry here it is... gueKiller V8.5.4 [Mar 18 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version Started in : Normal mode User : Brian [Admin rights] Mode : Scan -- Date : 05/29/2013 14:24:56 | ARK || FAK || MBR | ¤¤¤ Bad processes : 3 ¤¤¤ [DLL] explorer.exe -- C:\Windows\explorer.exe : C:\Users\brian\AppData\Local\RNDDock\{57CFE720-29F3-416C-9F43-EEBE892A0677}\wzxebrzg.dll [x] -> UNLOADED [DLL] rundll32.exe -- C:\Windows\System32\rundll32.exe : C:\Users\brian\AppData\Local\RNDDock\{57CFE720-29F3-416C-9F43-EEBE892A0677}\wzxebrzg.dll [x] -> KILLED [TermProc] [sVCHOST] svchost.exe -- C:\Windows\System32\svchost.exe [x] -> KILLED [TermProc] ¤¤¤ Registry Entries : 15 ¤¤¤ [RUN][sUSP PATH] HKCU\[...]\Run : {57CFE720-29F3-416C-9F43-EEBE892A0677} (rundll32 "C:\Users\brian\AppData\Local\RNDDock\{57CFE720-29F3-416C-9F43-EEBE892A0677}\wzxebrzg.dll",DllRegisterServer) [-] -> FOUND [RUN][sUSP PATH] HKLM\[...]\Run : TimeServer ("C:\Windows\system32\config\systemprofile\AppData\Roaming\Macromedia\WINDBE3.exe") [-] -> FOUND [RUN][sUSP PATH] HKUS\.DEFAULT[...]\Run : cixitec (rundll32 "C:\Windows\system32\config\systemprofile\AppData\Local\cixitec.dll",cixitec) [-] -> FOUND [RUN][sUSP PATH] HKUS\.DEFAULT[...]\Run : {57CFE720-29F3-416C-9F43-EEBE892A0677} (rundll32 "C:\Users\brian\AppData\Local\RNDDock\{57CFE720-29F3-416C-9F43-EEBE892A0677}\wzxebrzg.dll",DllRegisterServer) [-] -> FOUND [RUN][sUSP PATH] HKUS\S-1-5-19[...]\Run : {57CFE720-29F3-416C-9F43-EEBE892A0677} (rundll32 "C:\Users\brian\AppData\Local\RNDDock\{57CFE720-29F3-416C-9F43-EEBE892A0677}\wzxebrzg.dll",DllRegisterServer) [-] -> FOUND [RUN][sUSP PATH] HKUS\S-1-5-20[...]\Run : {57CFE720-29F3-416C-9F43-EEBE892A0677} (rundll32 "C:\Users\brian\AppData\Local\RNDDock\{57CFE720-29F3-416C-9F43-EEBE892A0677}\wzxebrzg.dll",DllRegisterServer) [-] -> FOUND [RUN][sUSP PATH] HKUS\S-1-5-21-839522115-861567501-1801674531-1107[...]\Run : {57CFE720-29F3-416C-9F43-EEBE892A0677} (rundll32 "C:\Users\brian\AppData\Local\RNDDock\{57CFE720-29F3-416C-9F43-EEBE892A0677}\wzxebrzg.dll",DllRegisterServer) [-] -> FOUND [RUN][sUSP PATH] HKUS\S-1-5-18[...]\Run : cixitec (rundll32 "C:\Windows\system32\config\systemprofile\AppData\Local\cixitec.dll",cixitec) [-] -> FOUND [RUN][sUSP PATH] HKUS\S-1-5-18[...]\Run : {57CFE720-29F3-416C-9F43-EEBE892A0677} (rundll32 "C:\Users\brian\AppData\Local\RNDDock\{57CFE720-29F3-416C-9F43-EEBE892A0677}\wzxebrzg.dll",DllRegisterServer) [-] -> FOUND [HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND [HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST500DM002-1BD142 ATA Device +++++ --- User --- [MBR] 6c5611fcf0789594217c56a17e70976e [bSP] 005c715f5ce46766741df02f1b00bda3 : Windows 7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 476838 Mo User = LL1 ... OK! User != LL2 ... KO! --- LL2 --- [MBR] 8c9dfc4406ba0fb87a569681f57e4c94 [bSP] f8d39322194d6cb55d3612a553615d3e : Windows Vista/7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 476838 Mo Finished : << RKreport[1]_S_05292013_02d1424.txt >> RKreport[1]_S_05292013_02d1424.txt
  13. Time : 29/05/2013 14:24:46 -------------------------- [wzxebrzg.dll.vir] -> C:\Users\brian\AppData\Local\RNDDock\{57CFE720-29F3-416C-9F43-EEBE892A0677}\wzxebrzg.dll [wzxebrzg.dll.vir] -> C:\Users\brian\AppData\Local\RNDDock\{57CFE720-29F3-416C-9F43-EEBE892A0677}\wzxebrzg.dll [wzxebrzg.dll.vir] -> C:\Users\brian\AppData\Local\RNDDock\{57CFE720-29F3-416C-9F43-EEBE892A0677}\wzxebrzg.dll [WINDBE3.exe.vir] -> C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\WINDBE3.exe [cixitec.dll.vir] -> C:\Windows\system32\config\systemprofile\AppData\Local\cixitec.dll [wzxebrzg.dll.vir] -> C:\Users\brian\AppData\Local\RNDDock\{57CFE720-29F3-416C-9F43-EEBE892A0677}\wzxebrzg.dll [wzxebrzg.dll.vir] -> C:\Users\brian\AppData\Local\RNDDock\{57CFE720-29F3-416C-9F43-EEBE892A0677}\wzxebrzg.dll [wzxebrzg.dll.vir] -> C:\Users\brian\AppData\Local\RNDDock\{57CFE720-29F3-416C-9F43-EEBE892A0677}\wzxebrzg.dll [wzxebrzg.dll.vir] -> C:\Users\brian\AppData\Local\RNDDock\{57CFE720-29F3-416C-9F43-EEBE892A0677}\wzxebrzg.dll [cixitec.dll.vir] -> C:\Windows\system32\config\systemprofile\AppData\Local\cixitec.dll [wzxebrzg.dll.vir] -> C:\Users\brian\AppData\Local\RNDDock\{57CFE720-29F3-416C-9F43-EEBE892A0677}\wzxebrzg.dll
  14. Per the instructions I am posting my files here for review: DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 9.0.8112.16483 Run by Brian at 11:56:03 on 2013-05-29 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3488.2154 [GMT -5:00] . AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508} . ============== Running Processes ================ . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe c:\Program Files\Microsoft Security Client\MsMpEng.exe C:\Windows\System32\spoolsv.exe C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\system32\taskhost.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Windows\system32\Dwm.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Windows\Explorer.EXE C:\Program Files\Microsoft SQL Server\MSSQL$JJKA_KDS\Binn\sqlservr.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Microsoft\BingBar\SeaPort.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\Program Files\Microsoft Security Client\NisSrv.exe C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Microsoft IntelliType Pro\itype.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Windows\System32\rundll32.exe C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\mobsync.exe C:\Program Files\Rand McNally\RNDDock\RNDDock.exe C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\vssvc.exe C:\Windows\system32\NOTEPAD.EXE C:\Windows\system32\NOTEPAD.EXE C:\Windows\system32\DllHost.exe C:\Windows\system32\conhost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\System32\svchost.exe -k swprv . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ uSearch Bar = hxxp://www.google.com/ie uSearch Page = hxxp://www.google.com uDefault_Search_URL = hxxp://www.google.com/ie uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - c:\program files\windows live\companion\companioncore.dll BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [speech Recognition] "c:\windows\speech\common\sapisvr.exe" -SpeechUX -Startup uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background uRun: [{57CFE720-29F3-416C-9F43-EEBE892A0677}] rundll32 "c:\users\brian\appdata\local\rnddock\{57cfe720-29f3-416c-9f43-eebe892a0677}\wzxebrzg.dll",DllRegisterServer mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe" mRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe" mRun: [TimeServer] "c:\windows\system32\config\systemprofile\appdata\roaming\macromedia\WINDBE3.exe" dRun: [cixitec] rundll32 "c:\windows\system32\config\systemprofile\appdata\local\cixitec.dll",cixitec dRun: [{57CFE720-29F3-416C-9F43-EEBE892A0677}] rundll32 "c:\users\brian\appdata\local\rnddock\{57cfe720-29f3-416c-9f43-eebe892a0677}\wzxebrzg.dll",DllRegisterServer StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\randmc~1.lnk - c:\program files\rand mcnally\rnddock\StartupLauncher.bat StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\servic~1.lnk - c:\program files\microsoft sql server\80\tools\binn\sqlmangr.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-System: ConsentPromptBehaviorAdmin = dword:0 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 mPolicies-System: PromptOnSecureDesktop = dword:0 IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000 IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} . INFO: HKCU has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . . INFO: HKLM has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://72.236.138.36/activex/AMC.cab TCP: NameServer = 192.168.1.1 TCP: Interfaces\{B5D078A4-C4D7-40BC-8D3A-08671177B757} : DHCPNameServer = 192.168.1.1 Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll Notify: cixitec - c:\windows\system32\config\systemprofile\appdata\local\cixitec.dll Notify: igfxcui - igfxdev.dll SSODL: WebCheck - <orphaned> mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\27.0.1453.94\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome . ============= SERVICES / DRIVERS =============== . R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-1-20 195296] R1 MpKslafae1bd2;MpKslafae1bd2;c:\programdata\microsoft\microsoft antimalware\definition updates\{31b068fd-bbbb-4b61-8767-17cf33fc1ec2}\MpKslafae1bd2.sys [2013-5-29 29904] R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-5-29 418376] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-5-29 701512] R2 MSSQL$JJKA_KDS;MSSQL$JJKA_KDS;c:\program files\microsoft sql server\mssql$jjka_kds\binn\sqlservr.exe -sjjka_kds --> c:\program files\microsoft sql server\mssql$jjka_kds\binn\sqlservr.exe -sJJKA_KDS [?] R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 100328] R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files\intel\intel® management engine components\uns\UNS.exe [2012-3-12 2655768] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-5-29 22856] R3 MEI;Intel® Management Engine Interface ;c:\windows\system32\drivers\HECI.sys [2010-10-19 41088] R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2013-1-27 295232] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2012-3-12 414824] S1 tcbfjxmt;tcbfjxmt;c:\windows\system32\drivers\tcbfjxmt.sys [2013-5-29 43600] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888] S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-4-1 183560] S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2011-4-11 62464] S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2012-4-30 39272] S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2012-3-8 1492840] S3 SQLAgent$JJKA_KDS;SQLAgent$JJKA_KDS;c:\program files\microsoft sql server\mssql$jjka_kds\binn\sqlagent.exe -i jjka_kds --> c:\program files\microsoft sql server\mssql$jjka_kds\binn\sqlagent.EXE -i JJKA_KDS [?] S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992] S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224] S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264] S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2012-3-12 1343400] S3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\drivers\WSDScan.sys [2009-7-13 20480] S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040] . =============== Created Last 30 ================ . 2013-05-29 16:54:41 29904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{31b068fd-bbbb-4b61-8767-17cf33fc1ec2}\MpKslafae1bd2.sys 2013-05-29 16:10:16 43600 ----a-w- c:\windows\system32\drivers\tcbfjxmt.sys 2013-05-29 16:10:00 60872 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{31b068fd-bbbb-4b61-8767-17cf33fc1ec2}\offreg.dll 2013-05-29 15:46:50 7016152 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{31b068fd-bbbb-4b61-8767-17cf33fc1ec2}\mpengine.dll 2013-05-29 13:35:20 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-05-29 13:35:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2013-05-29 13:19:19 -------- d-----w- c:\users\brian\appdata\local\{A93BBF19-0762-44C0-BFDF-41E761F93126} 2013-05-28 21:55:53 7016152 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll 2013-05-28 20:58:04 -------- d-----w- c:\windows\ERUNT 2013-05-28 20:58:00 -------- d-----w- C:\JRT 2013-05-28 19:56:04 -------- d-----w- c:\users\brian\appdata\roaming\Malwarebytes 2013-05-28 19:55:59 -------- d-----w- c:\programdata\Malwarebytes 2013-05-28 19:55:46 -------- d-----w- c:\users\brian\appdata\local\Programs 2013-05-28 18:55:52 -------- d-----w- c:\users\brian\appdata\roaming\Hiyncu 2013-05-25 14:09:39 -------- d-----w- c:\program files\GridinSoft Trojan Killer 2013-05-23 14:45:43 -------- d-----w- c:\users\brian\appdata\roaming\webex 2013-05-22 13:53:04 -------- d-----w- c:\users\brian\appdata\local\Citrix 2013-05-21 07:39:32 724464 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{5a55e483-5015-45ca-bfd8-406b421346c7}\gapaengine.dll 2013-05-16 08:03:24 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2013-05-15 12:07:01 2347520 ----a-w- c:\windows\system32\win32k.sys 2013-05-15 12:07:00 728424 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys 2013-05-15 12:07:00 218984 ----a-w- c:\windows\system32\drivers\dxgmms1.sys 2013-05-15 12:06:57 47104 ----a-w- c:\windows\system32\appinfo.dll 2013-05-15 12:06:57 1796096 ----a-w- c:\windows\system32\authui.dll 2013-05-15 12:06:57 101720 ----a-w- c:\windows\system32\consent.exe 2013-05-02 16:42:01 -------- d-----w- c:\programdata\WebEx . ==================== Find3M ==================== . 2013-05-14 21:11:11 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-05-14 21:11:11 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-05-02 07:06:08 238872 ------w- c:\windows\system32\MpSigStub.exe 2013-04-12 13:45:29 1211752 ----a-w- c:\windows\system32\drivers\ntfs.sys 2013-04-04 22:11:34 1800704 ----a-w- c:\windows\system32\jscript9.dll 2013-04-04 22:02:59 1427968 ----a-w- c:\windows\system32\inetcpl.cpl 2013-04-04 22:02:17 1129472 ----a-w- c:\windows\system32\wininet.dll 2013-04-04 21:58:51 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2013-04-04 21:57:45 420864 ----a-w- c:\windows\system32\vbscript.dll 2013-04-02 14:09:52 4550656 ----a-w- c:\windows\system32\GPhotos.scr 2013-03-19 05:04:13 3968856 ----a-w- c:\windows\system32\ntkrnlpa.exe 2013-03-19 05:04:10 3913560 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-03-19 04:48:45 38912 ----a-w- c:\windows\system32\csrsrv.dll 2013-03-19 02:49:16 69632 ----a-w- c:\windows\system32\smss.exe . ============= FINISH: 11:56:10.78 ===============
  15. I am having a good deal of trouble. I downloaded malwarebytes and I am now getting a pop up: successfully blocked access to a potentially malicous website 46.249.61.94 - the last 2 digits change frequently. Type: Outgoing
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.