Jump to content

Elei

Members
  • Posts

    7
  • Joined

  • Last visited

Reputation

0 Neutral
  1. All done! Thank you very much, good friend! I really can't thank you enough for helping me out You are a gentleman and a scholar!
  2. It seems to be all good, there are no more alerts coming up from AVG and my pc doesn't randomly restart a few minutes after I turn it on, which is helpful haha
  3. Alright, that's all done. Is there anything else that I need to take care of?
  4. Hey Maniac, Here is the ESET Scan text file - C:\Program Files (x86)\Liquid Entertainment\Battle Realms\PatchFX.exe a variant of Win32/HackTool.Patcher.AK application cleaned by deleting - quarantined C:\Users\Daniel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\6b0c8aaf-7e76d37e Java/Exploit.Agent.NUY trojan cleaned by deleting - quarantined C:\Users\Daniel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\705d3dbe-7bcbfaf9 multiple threats cleaned by deleting - quarantined
  5. G'day Maniac, Here is the ComboFix.txt log ComboFix 13-06-30.01 - Daniel 02/07/2013 0:54.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.8189.6085 [GMT 9.5:30] Running from: c:\users\Daniel\Desktop\ComboFix.exe AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9} SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\Install.exe c:\users\Daniel\AppData\Local\assembly\tmp c:\users\Daniel\AppData\Roaming\.# c:\users\Daniel\OggLengthPatch.exe c:\windows\assembly\GAC_32\Desktop.ini c:\windows\assembly\GAC_64\Desktop.ini . . ((((((((((((((((((((((((( Files Created from 2013-06-01 to 2013-07-01 ))))))))))))))))))))))))))))))) . . 2013-07-01 15:32 . 2013-07-01 15:32 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2013-07-01 15:32 . 2013-07-01 15:32 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-07-01 03:43 . 2013-07-01 03:43 -------- d-----w- c:\users\Daniel\AppData\Roaming\Malwarebytes 2013-07-01 03:43 . 2013-07-01 03:43 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2013-07-01 03:43 . 2013-07-01 03:43 -------- d-----w- c:\programdata\Malwarebytes 2013-07-01 03:43 . 2013-04-04 05:20 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-07-01 03:43 . 2013-07-01 03:43 -------- d-----w- c:\users\Daniel\AppData\Local\Programs 2013-06-21 11:29 . 2013-06-21 11:29 -------- d-----w- C:\found.000 2013-06-17 06:28 . 2013-06-17 06:28 -------- d-----w- C:\Riot Games 2013-06-17 05:27 . 2013-06-17 05:27 -------- d--h--w- c:\programdata\CanonBJ 2013-06-17 05:27 . 2009-07-14 01:40 84992 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNBPP4.DLL 2013-06-12 07:53 . 2013-05-17 01:25 2877440 ----a-w- c:\windows\SysWow64\jscript9.dll 2013-06-12 07:49 . 2013-05-10 05:49 30720 ----a-w- c:\windows\system32\cryptdlg.dll 2013-06-10 13:05 . 2013-06-10 13:05 -------- d-----w- c:\program files\iPod 2013-06-10 13:05 . 2013-06-10 13:05 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-06-10 13:05 . 2013-06-10 13:05 -------- d-----w- c:\program files\iTunes 2013-06-10 13:05 . 2013-06-10 13:05 -------- d-----w- c:\program files (x86)\iTunes . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-06-17 05:12 . 2012-04-10 13:24 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-06-17 05:12 . 2011-05-17 02:53 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-06-12 07:54 . 2010-05-12 05:44 75825640 ----a-w- c:\windows\system32\MRT.exe 2013-05-10 14:44 . 2010-06-24 01:03 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2013-04-30 18:29 . 2013-04-30 18:29 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx 2013-04-30 18:29 . 2013-04-30 18:29 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts 2013-04-13 05:49 . 2013-05-16 17:01 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2013-04-13 05:49 . 2013-05-16 17:01 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2013-04-13 05:49 . 2013-05-16 17:01 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll 2013-04-13 05:49 . 2013-05-16 17:01 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll 2013-04-13 04:45 . 2013-05-16 17:01 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll 2013-04-13 04:45 . 2013-05-16 17:01 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll 2013-04-12 14:45 . 2013-04-24 08:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys 2013-04-10 06:01 . 2013-05-16 17:01 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys 2013-04-10 06:01 . 2013-05-16 17:01 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys 2013-04-10 03:30 . 2013-05-16 17:01 3153920 ----a-w- c:\windows\system32\win32k.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Steam"="c:\program files (x86)\Steam\steam.exe" [2013-06-06 1641896] "Facebook Update"="c:\users\Daniel\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-12 138096] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720] "AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2013-04-28 4408368] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576] "DivXMediaServer"="c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" [2013-04-15 450560] "DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2013-02-13 1263952] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-04-30 421888] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-05-31 152392] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer] @="Service" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS;c:\windows\SYSNATIVE\drivers\BVRPMPR5a64.SYS [x] R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe;c:\program files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [x] R3 dump_wmimmc;dump_wmimmc;c:\gpotato\LunaPlus\GameGuard\dump_wmimmc.sys;c:\gpotato\LunaPlus\GameGuard\dump_wmimmc.sys [x] R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x] R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena\safedrv.sys;c:\program files (x86)\Garena\safedrv.sys [x] R3 lvpepf64;Volume Adapter;c:\windows\system32\DRIVERS\lv302a64.sys;c:\windows\SYSNATIVE\DRIVERS\lv302a64.sys [x] R3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys;c:\windows\SYSNATIVE\drivers\LVUSBS64.sys [x] R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys;c:\windows\SYSNATIVE\DRIVERS\MijXfilt.sys [x] R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x] R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x] R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R3 X6va001;X6va001;c:\users\Daniel\AppData\Local\Temp\0011F18.tmp;c:\users\Daniel\AppData\Local\Temp\0011F18.tmp [x] R3 xsherlock;xsherlock;c:\windows\system32\xsherlock.xem;c:\windows\SYSNATIVE\xsherlock.xem [x] S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x] S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x] S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x] S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x] S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x] S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x] S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x] S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x] S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [x] S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [x] S2 regi;regi;c:\windows\system32\drivers\regi.sys;c:\windows\SYSNATIVE\drivers\regi.sys [x] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-06-21 12:45 1165776 ----a-w- c:\program files (x86)\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-07-01 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 05:12] . 2013-06-30 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1322259289-533710869-2981285128-1000Core.job - c:\users\Daniel\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-07-18 17:28] . 2013-07-01 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1322259289-533710869-2981285128-1000UA.job - c:\users\Daniel\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-07-18 17:28] . 2013-07-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-01 14:24] . 2013-07-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-01 14:24] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000 Trusted Zone: clonewarsadventures.com Trusted Zone: freerealms.com Trusted Zone: soe.com Trusted Zone: sony.com TCP: DhcpNameServer = 192.168.0.1 FF - ProfilePath - c:\users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\l3kgibdz.default\ FF - prefs.js: browser.startup.homepage - www.google.com . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKCU-Run-PlayNC Launcher - (no file) Wow6432Node-HKCU-Run-RGSC - c:\program files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe Wow6432Node-HKLM-Run-avast5 - c:\program files\Alwil Software\Avast5\avastUI.exe SafeBoot-59153671.sys HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start AddRemove-Adobe Shockwave Player - c:\windows\System32\Macromed\SHOCKW~1\UNWISE.EXE AddRemove-Battlelog Web Plugins - c:\program files (x86)\Battlelog Web Plugins\uninstall.exe AddRemove-DFO - c:\program files (x86)\Steam\steamapps\common\DFO\dfolauncher.exe AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe AddRemove-ReturnFire - c:\program files (x86)\Return Fire\UnInst.exe AddRemove-{ECCA8FE7-767A-4C8A-9DAA-BAB60F877C41} - c:\users\Daniel\AppData\Local\{0E8E33D8-193A-414A-A909-0F101A142D26}\setup.exe . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va001] "ImagePath"="\??\c:\users\Daniel\AppData\Local\Temp\0011F18.tmp" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\xsherlock] "ImagePath"="c:\windows\system32\xsherlock.xem" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-1322259289-533710869-2981285128-1000\Software\SecuROM\License information*] "datasecu"=hex:02,a2,41,22,63,5d,64,6b,93,14,6e,dd,b1,3a,4e,9f,bb,f3,4a,aa,3f, 79,6d,0a,e0,64,22,5c,b7,45,f7,e2,80,d2,bb,5a,c2,51,3b,62,f0,4a,b1,e0,62,05,\ "rkeysecu"=hex:79,6b,45,d1,4d,29,98,77,c7,bc,1b,78,69,2f,02,4a . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\windows\SysWOW64\PnkBstrA.exe c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe . ************************************************************************** . Completion time: 2013-07-02 01:11:02 - machine was rebooted ComboFix-quarantined-files.txt 2013-07-01 15:41 . Pre-Run: 451,307,749,376 bytes free Post-Run: 462,824,386,560 bytes free . - - End Of File - - 90721ECE7D3680800832AD5B2BC7EA24 A36C5E4F47E84449FF07ED3517B43A31
  6. G'day Maniac, thanks for taking the time to help me out, I really appreciate it I've followed the steps that you outlined and here are the logs you requested - (As a side note, I've tried to post my TDSSKiller Log multiple times but it just hangs indefinitely, so I've needed to attach it instead, if that's alright) Malwarebytes' Anti-Malware Log Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.07.01.04 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16618 Daniel :: DANIEL-PC [administrator] 1/07/2013 11:32:57 PM mbam-log-2013-07-01 (23-32-57).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 248673 Time elapsed: 5 minute(s), 9 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) DDS Log DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16611 BrowserJavaVersion: 1.6.0_37 Run by Daniel at 23:40:55 on 2013-07-01 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.8189.6105 [GMT 9.5:30] . AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664} . ============== Running Processes =============== . C:\PROGRA~2\AVG\AVG2013\avgrsa.exe C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\taskhost.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe C:\Windows\SysWOW64\PnkBstrA.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe C:\Program Files (x86)\AVG\AVG2013\avgemca.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files (x86)\AVG\AVG2013\avgui.exe C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Windows\system32\NOTEPAD.EXE C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe C:\Windows\system32\taskeng.exe C:\Windows\notepad.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . mWinlogon: Userinit = userinit.exe, BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll uRun: [PlayNC Launcher] <no file> mRun: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:0 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableLUA = dword:0 mPolicies-System: EnableUIADesktopToggle = dword:0 mPolicies-System: PromptOnSecureDesktop = dword:0 IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Trusted Zone: clonewarsadventures.com Trusted Zone: freerealms.com Trusted Zone: soe.com Trusted Zone: sony.com TCP: NameServer = 192.168.0.1 TCP: Interfaces\{87B613F3-A2B2-4BC5-A77E-42471A3DA45E} : DHCPNameServer = 198.142.0.51 61.88.88.88 TCP: Interfaces\{8D842EDC-AC1E-4769-8113-0A6EA88DA158} : DHCPNameServer = 192.168.0.1 TCP: Interfaces\{8D842EDC-AC1E-4769-8113-0A6EA88DA158}\4435C4D22373330324 : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{8D842EDC-AC1E-4769-8113-0A6EA88DA158}\77962756C6563737 : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{8D842EDC-AC1E-4769-8113-0A6EA88DA158}\77C616E6D21607 : DHCPNameServer = 192.168.1.254 TCP: Interfaces\{8D842EDC-AC1E-4769-8113-0A6EA88DA158}\8456E6E656373797F544F4F5E4F445F5553554 : DHCPNameServer = 139.130.4.4 TCP: Interfaces\{8D842EDC-AC1E-4769-8113-0A6EA88DA158}\F40545553514549323535423 : DHCPNameServer = 10.1.1.1 TCP: Interfaces\{AD742DBF-619B-4D01-8FB2-B8F042A66F23} : DHCPNameServer = 192.168.0.1 TCP: Interfaces\{E800F988-F63F-410A-9674-543E9A25A9AA} : DHCPNameServer = 198.142.0.51 61.88.88.88 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll SSODL: WebCheck - <orphaned> mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL x64-Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned> x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-SSODL: WebCheck - <orphaned> . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\l3kgibdz.default\ FF - prefs.js: browser.startup.homepage - www.google.com FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypchub.dll FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll FF - plugin: C:\Users\Daniel\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll FF - plugin: C:\Windows\Downloaded Program Files\npsoe.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll FF - plugin: C:\Windows\SysWOW64\npmproxy.dll . ============= SERVICES / DRIVERS =============== . P2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-6-28 8704] R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-2-8 71480] R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-2-8 311096] R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-2-8 116536] R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-2-8 45880] R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-3-29 246072] R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-2-8 206136] R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-3-21 240952] R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2013-5-14 4937264] R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2013-4-18 283136] R2 regi;regi;C:\Windows\System32\drivers\regi.sys [2010-5-25 14112] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-2-9 383264] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-3-1 187392] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944] S3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;C:\Windows\System32\drivers\BVRPMPR5a64.SYS [2011-12-27 35840] S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe [2010-11-13 25832] S3 lvpepf64;Volume Adapter;C:\Windows\System32\drivers\lv302a64.sys [2007-5-9 16032] S3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\System32\drivers\LVUSBS64.sys [2007-5-9 50208] S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\System32\drivers\MijXfilt.sys [2012-9-7 117520] S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2011-5-10 22528] S3 npggsvc;nProtect GameGuard Service;C:\Windows\System32\GameMon.des -service --> C:\Windows\System32\GameMon.des -service [?] S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-3-13 19456] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-3-13 57856] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-5-12 1255736] S3 xsherlock;xsherlock;C:\Windows\System32\xsherlock.xem --> C:\Windows\System32\xsherlock.xem [?] . =============== Created Last 30 ================ . 2013-07-01 03:43:54 -------- d-----w- C:\Users\Daniel\AppData\Roaming\Malwarebytes 2013-07-01 03:43:44 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys 2013-07-01 03:43:44 -------- d-----w- C:\ProgramData\Malwarebytes 2013-07-01 03:43:44 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-07-01 03:43:32 -------- d-----w- C:\Users\Daniel\AppData\Local\Programs 2013-06-21 11:29:29 -------- d-sh--w- C:\found.000 2013-06-17 06:28:37 -------- d-----w- C:\Riot Games 2013-06-17 05:27:02 84992 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\CNBPP4.DLL 2013-06-12 07:53:59 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll 2013-06-12 07:49:40 30720 ----a-w- C:\Windows\System32\cryptdlg.dll 2013-06-10 13:05:04 -------- d-----w- C:\Program Files\iPod 2013-06-10 13:05:03 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-06-10 13:05:03 -------- d-----w- C:\Program Files\iTunes 2013-06-10 13:05:03 -------- d-----w- C:\Program Files (x86)\iTunes . ==================== Find3M ==================== . 2013-06-17 05:12:39 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-06-17 05:12:39 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-06-08 12:28:46 2706432 ----a-w- C:\Windows\System32\mshtml.tlb 2013-06-08 11:13:19 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2013-05-17 01:25:57 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll 2013-05-17 01:25:26 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll 2013-05-17 01:25:26 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll 2013-05-17 00:59:03 2241024 ----a-w- C:\Windows\System32\wininet.dll 2013-05-17 00:58:10 3958784 ----a-w- C:\Windows\System32\jscript9.dll 2013-05-17 00:58:08 67072 ----a-w- C:\Windows\System32\iesetup.dll 2013-05-17 00:58:08 136704 ----a-w- C:\Windows\System32\iesysprep.dll 2013-05-14 12:23:25 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe 2013-05-14 08:40:13 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe 2013-05-13 05:51:01 184320 ----a-w- C:\Windows\System32\cryptsvc.dll 2013-05-13 05:51:00 1464320 ----a-w- C:\Windows\System32\crypt32.dll 2013-05-13 05:51:00 139776 ----a-w- C:\Windows\System32\cryptnet.dll 2013-05-13 05:50:40 52224 ----a-w- C:\Windows\System32\certenc.dll 2013-05-13 04:45:55 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll 2013-05-13 04:45:55 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll 2013-05-13 04:45:55 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll 2013-05-13 03:43:55 1192448 ----a-w- C:\Windows\System32\certutil.exe 2013-05-13 03:08:10 903168 ----a-w- C:\Windows\SysWow64\certutil.exe 2013-05-13 03:08:06 43008 ----a-w- C:\Windows\SysWow64\certenc.dll 2013-05-10 03:20:54 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll 2013-05-08 06:39:01 1910632 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2013-04-30 18:29:12 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx 2013-04-30 18:29:12 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts 2013-04-26 05:51:36 751104 ----a-w- C:\Windows\System32\win32spl.dll 2013-04-26 04:55:21 492544 ----a-w- C:\Windows\SysWow64\win32spl.dll 2013-04-25 23:30:32 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll 2013-04-17 07:02:06 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll 2013-04-17 06:24:46 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll 2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll 2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll 2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll 2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll 2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll 2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll 2013-04-12 14:45:08 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys 2013-04-10 06:01:54 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys 2013-04-10 06:01:53 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys 2013-04-10 03:30:50 3153920 ----a-w- C:\Windows\System32\win32k.sys . ============= FINISH: 23:41:36.42 =============== TDSSKiller Log.txt
  7. Good afternoon guys, It seems I've been hit by AJGE and I'm unsure how to rectify the situation. I've scanned using my own antivirus (AVG) and Malwarebytes, and neither have detected anything, so I've come onto your forums in search of answers, if you would be so kind as to provide them I have read the pinned post and done both dds and attach scans and will attach the .txt files to this post. Any help would be greatly appreciated! Thank you dds.txt attach.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.