Jump to content

asr878

Members
 View Profile  See their activity

  • Posts

    9

  • Joined

  • Last visited

Reputation

0 Neutral
  1. asr878
    I have installed Malwarebytes Anti-Exploit 0.09.5.0250 today & it is blocking some of my programs. Here is my log. mbae-default.log
  2. asr878

    Thanks MrC, all clear after your expert help.

  3. asr878
    Results of screen317's Security Check version 0.99.72 Windows 7 Service Pack 1 x86 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! McAfee Anti-Virus and Anti-Spyware WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.75.0.1300 CCleaner Adobe Reader XI Google Chrome 28.0.1500.72 Google Chrome 28.0.1500.95 ````````Process Check: objlist.exe by Laurent```````` `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0% ````````````````````End of Log``````````````````````
  4. asr878
    # AdwCleaner v3.000 - Report created 23/08/2013 at 02:40:08 # Updated 20/08/2013 by Xplode # Operating System : Windows 7 Home Premium Service Pack 1 (32 bits) # Username : Andy - KINGERIC # Running from : C:\Users\Andy\Desktop\AdwCleaner.exe # Option : Scan ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Found C:\Users\Syl\AppData\LocalLow\Conduit ***** [ Shortcuts ] ***** ***** [ Registry ] ***** ***** [ Browsers ] ***** -\\ Internet Explorer v10.0.9200.16660 -\\ Google Chrome v28.0.1500.95 [ File : C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [671 octets] - [23/08/2013 02:40:08] ########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [730 octets] ##########
  5. asr878
    ComboFix 13-08-22.01 - Andy 23/08/2013 1:49.4.1 - x86 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.1919.892 [GMT 1:00] Running from: c:\users\Andy\Desktop\ComboFix.exe Command switches used :: c:\users\Andy\Desktop\CFScript.txt AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892} FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9} SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . FILE :: "c:\windows\System32\drivers\dbruke.sys" . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_gotixvt . . ((((((((((((((((((((((((( Files Created from 2013-07-23 to 2013-08-23 ))))))))))))))))))))))))))))))) . . 2013-08-23 00:59 . 2013-08-23 00:59 -------- d-----w- c:\users\Syl\AppData\Local\temp 2013-08-23 00:59 . 2013-08-23 00:59 -------- d-----w- c:\users\Shaun\AppData\Local\temp 2013-08-23 00:59 . 2013-08-23 00:59 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-08-23 00:01 . 2013-08-23 01:07 -------- d-----w- c:\users\Andy\AppData\Local\temp 2013-08-22 17:07 . 2013-08-22 17:07 31560 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2013-08-21 23:11 . 2013-08-21 23:11 -------- d-----w- c:\windows\ERUNT 2013-08-14 18:51 . 2013-07-09 04:46 1166848 ----a-w- c:\windows\system32\crypt32.dll 2013-08-14 18:51 . 2013-07-09 04:52 175104 ----a-w- c:\windows\system32\wintrust.dll 2013-08-14 18:51 . 2013-07-09 04:46 140288 ----a-w- c:\windows\system32\cryptsvc.dll 2013-08-14 18:51 . 2013-07-09 04:46 103936 ----a-w- c:\windows\system32\cryptnet.dll 2013-08-14 18:50 . 2013-07-09 04:50 652800 ----a-w- c:\windows\system32\rpcrt4.dll 2013-08-14 18:50 . 2013-07-09 05:03 3968960 ----a-w- c:\windows\system32\ntkrnlpa.exe 2013-08-14 18:50 . 2013-07-09 05:03 3913664 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-08-14 18:50 . 2013-07-09 04:53 1289096 ----a-w- c:\windows\system32\ntdll.dll 2013-08-14 18:50 . 2013-07-06 05:05 1293760 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-08-14 18:50 . 2013-07-25 08:57 1620992 ----a-w- c:\windows\system32\WMVDECOD.DLL 2013-08-14 18:50 . 2013-07-19 01:41 2048 ----a-w- c:\windows\system32\tzres.dll 2013-08-14 18:50 . 2013-06-15 03:38 31232 ----a-w- c:\windows\system32\drivers\tssecsrv.sys 2013-07-27 21:54 . 2013-08-21 15:46 -------- d-----w- c:\users\Andy\AppData\Local\DoNotTrackPlus 2013-07-27 13:23 . 2013-07-27 13:23 -------- d-----w- c:\program files\DoNotTrackPlus 2013-07-26 23:58 . 2013-07-26 23:58 -------- d-sh--w- C:\$$PendingFiles . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-08-07 13:35 . 2012-04-02 14:50 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-08-07 13:35 . 2011-05-15 13:37 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-06-05 03:05 . 2013-07-09 22:45 2347520 ----a-w- c:\windows\system32\win32k.sys 2013-06-04 04:53 . 2013-07-09 22:45 509440 ----a-w- c:\windows\system32\qedit.dll 2013-05-31 14:53 . 2011-08-22 00:08 209016 ----a-w- c:\windows\system32\drivers\keyscrambler.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\Andy\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\Andy\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\Andy\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Akamai NetSession Interface"="c:\users\Andy\AppData\Local\Akamai\netsession_win.exe" [2013-06-05 4489472] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-12-18 39408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-21 61440] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-10-28 7862816] "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2013-03-13 1278064] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Exif Launcher 2.lnk - c:\program files\FinePixViewer\QuickDCF2.exe [2010-11-12 294912] NETGEAR WNDA3100v2 Smart Wizard.lnk - c:\program files\NETGEAR\WNDA3100v2\WNDA3100v2.exe [2012-1-15 4559840] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Exif Launcher 2.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Exif Launcher 2.lnk backup=c:\windows\pss\Exif Launcher 2.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Kodak EasyShare software.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Kodak EasyShare software.lnk backup=c:\windows\pss\Kodak EasyShare software.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^KODAK Software Updater.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\KODAK Software Updater.lnk backup=c:\windows\pss\KODAK Software Updater.lnk.CommonStartup backupExtension=.CommonStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KeyScrambler] 2013-07-14 04:25 508048 ----a-w- c:\program files\KeyScrambler\KeyScrambler.exe . R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-01-08 161536] R2 WSWNDA3100;WSWNDA3100;c:\program files\NETGEAR\WNDA3100v2\WifiSvc.exe [2010-08-19 272864] R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2011-06-09 13224] R3 gUSBSTOi;gUSBSTOi;c:\users\Andy\AppData\Local\Temp\gUSBSTOi.sys [x] R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2013-08-22 31560] R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2013-02-19 92632] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848] R3 RTL8187;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\DRIVERS\wg111v2.sys [2007-12-26 288768] R3 Sony PC Companion;Sony PC Companion;c:\program files\Sony\Sony PC Companion\PCCService.exe [2012-01-18 155320] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 49664] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-13 1343400] R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2010-12-24 25704] R3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [2010-12-24 25704] R3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [2010-12-24 25704] R3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [2010-12-24 25704] R3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [2010-12-24 25704] S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2013-02-19 210608] S0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\DRIVERS\scmndisp.sys [2007-01-19 21728] S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x] S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992] S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2009-01-23 203280] S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2012-08-31 167784] S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 167784] S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2013-02-19 169320] S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2013-02-19 172416] S3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\DRIVERS\bcmwlhigh6.sys [2011-04-19 1092160] S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2013-02-19 60920] S3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2012-04-20 146872] S3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2013-05-31 209016] S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2013-02-19 363080] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-08-21 189440] . . --- Other Services/Drivers In Memory --- . *Deregistered* - mfeavfk01 . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Akamai REG_MULTI_SZ Akamai . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-07-31 19:38 1173456 ----a-w- c:\program files\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-08-23 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 13:35] . 2013-08-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-09-14 18:30] . 2013-08-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-09-14 18:30] . . ------- Supplementary Scan ------- . uInternet Settings,ProxyOverride = localhost;<local> IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.0.1 . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai] "ServiceDll"="c:\program files\common files\akamai/netsession_win_8fa3539.dll" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-2875714226-2004656313-3746281624-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.Email.1" . [HKEY_USERS\S-1-5-21-2875714226-2004656313-3746281624-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Microsoft\DbgagD\1*] "value"="?\0c\05\02\0e \11É" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'Explorer.exe'(3932) c:\program files\McAfee\SiteAdvisor\saHook.dll c:\users\Andy\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\system32\Ati2evxx.exe c:\windows\system32\WLANExt.exe c:\windows\system32\conhost.exe c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe c:\windows\System32\bgsvcgen.exe c:\windows\system32\rundll32.exe c:\windows\system32\ScsiAccess.EXE c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\program files\Common Files\McAfee\SystemCore\mcshield.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\program files\Common Files\McAfee\SystemCore\mfefire.exe c:\windows\System32\WUDFHost.exe c:\windows\system32\taskhost.exe c:\windows\system32\conhost.exe c:\progra~1\mcafee.com\agent\mcagent.exe c:\program files\Windows Media Player\wmpnetwk.exe . ************************************************************************** . Completion time: 2013-08-23 02:11:11 - machine was rebooted ComboFix-quarantined-files.txt 2013-08-23 01:11 ComboFix2.txt 2013-08-23 00:01 . Pre-Run: 242,100,936,704 bytes free Post-Run: 241,621,880,832 bytes free . - - End Of File - - 1747DDD51F0243CE18F0B05A9219F4E5 A36C5E4F47E84449FF07ED3517B43A31
  6. asr878
    ComboFix 13-08-22.01 - Andy 23/08/2013 0:47.3.1 - x86 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.1919.1197 [GMT 1:00] Running from: c:\users\Andy\Desktop\ComboFix.exe AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892} FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9} SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\PFRO.log . . ((((((((((((((((((((((((( Files Created from 2013-07-22 to 2013-08-22 ))))))))))))))))))))))))))))))) . . 2013-08-22 21:11 . 2013-08-22 22:37 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable) 2013-08-22 17:07 . 2013-08-22 17:07 31560 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2013-08-21 23:11 . 2013-08-21 23:11 -------- d-----w- c:\windows\ERUNT 2013-08-14 18:51 . 2013-07-09 04:46 1166848 ----a-w- c:\windows\system32\crypt32.dll 2013-08-14 18:51 . 2013-07-09 04:52 175104 ----a-w- c:\windows\system32\wintrust.dll 2013-08-14 18:51 . 2013-07-09 04:46 140288 ----a-w- c:\windows\system32\cryptsvc.dll 2013-08-14 18:51 . 2013-07-09 04:46 103936 ----a-w- c:\windows\system32\cryptnet.dll 2013-08-14 18:50 . 2013-07-09 04:50 652800 ----a-w- c:\windows\system32\rpcrt4.dll 2013-08-14 18:50 . 2013-07-09 05:03 3968960 ----a-w- c:\windows\system32\ntkrnlpa.exe 2013-08-14 18:50 . 2013-07-09 05:03 3913664 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-08-14 18:50 . 2013-07-09 04:53 1289096 ----a-w- c:\windows\system32\ntdll.dll 2013-08-14 18:50 . 2013-07-06 05:05 1293760 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-08-14 18:50 . 2013-07-25 08:57 1620992 ----a-w- c:\windows\system32\WMVDECOD.DLL 2013-08-14 18:50 . 2013-07-19 01:41 2048 ----a-w- c:\windows\system32\tzres.dll 2013-08-14 18:50 . 2013-06-15 03:38 31232 ----a-w- c:\windows\system32\drivers\tssecsrv.sys 2013-07-27 21:54 . 2013-08-21 15:46 -------- d-----w- c:\users\Andy\AppData\Local\DoNotTrackPlus 2013-07-27 13:23 . 2013-07-27 13:23 -------- d-----w- c:\program files\DoNotTrackPlus 2013-07-26 23:58 . 2013-07-26 23:58 -------- d-sh--w- C:\$$PendingFiles . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-08-07 13:35 . 2012-04-02 14:50 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-08-07 13:35 . 2011-05-15 13:37 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-06-05 03:05 . 2013-07-09 22:45 2347520 ----a-w- c:\windows\system32\win32k.sys 2013-06-04 04:53 . 2013-07-09 22:45 509440 ----a-w- c:\windows\system32\qedit.dll 2013-05-31 14:53 . 2011-08-22 00:08 209016 ----a-w- c:\windows\system32\drivers\keyscrambler.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\Andy\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\Andy\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\Andy\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Akamai NetSession Interface"="c:\users\Andy\AppData\Local\Akamai\netsession_win.exe" [2013-06-05 4489472] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-12-18 39408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-21 61440] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-10-28 7862816] "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2013-03-13 1278064] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Exif Launcher 2.lnk - c:\program files\FinePixViewer\QuickDCF2.exe [2010-11-12 294912] NETGEAR WNDA3100v2 Smart Wizard.lnk - c:\program files\NETGEAR\WNDA3100v2\WNDA3100v2.exe [2012-1-15 4559840] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Exif Launcher 2.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Exif Launcher 2.lnk backup=c:\windows\pss\Exif Launcher 2.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Kodak EasyShare software.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Kodak EasyShare software.lnk backup=c:\windows\pss\Kodak EasyShare software.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^KODAK Software Updater.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\KODAK Software Updater.lnk backup=c:\windows\pss\KODAK Software Updater.lnk.CommonStartup backupExtension=.CommonStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KeyScrambler] 2013-07-14 04:25 508048 ----a-w- c:\program files\KeyScrambler\KeyScrambler.exe . R0 gotixvt;gotixvt;c:\windows\System32\drivers\dbruke.sys [x] R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-01-08 161536] R2 WSWNDA3100;WSWNDA3100;c:\program files\NETGEAR\WNDA3100v2\WifiSvc.exe [2010-08-19 272864] R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2011-06-09 13224] R3 gUSBSTOi;gUSBSTOi;c:\users\Andy\AppData\Local\Temp\gUSBSTOi.sys [x] R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2013-08-22 31560] R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2013-02-19 92632] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848] R3 RTL8187;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\DRIVERS\wg111v2.sys [2007-12-26 288768] R3 Sony PC Companion;Sony PC Companion;c:\program files\Sony\Sony PC Companion\PCCService.exe [2012-01-18 155320] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 49664] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-13 1343400] R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2010-12-24 25704] R3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [2010-12-24 25704] R3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [2010-12-24 25704] R3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [2010-12-24 25704] R3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [2010-12-24 25704] S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2013-02-19 210608] S0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\DRIVERS\scmndisp.sys [2007-01-19 21728] S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x] S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992] S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2009-01-23 203280] S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2012-08-31 167784] S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 167784] S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2013-02-19 169320] S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2013-02-19 172416] S3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\DRIVERS\bcmwlhigh6.sys [2011-04-19 1092160] S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2013-02-19 60920] S3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2012-04-20 146872] S3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2013-05-31 209016] S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2013-02-19 363080] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-08-21 189440] . . --- Other Services/Drivers In Memory --- . *Deregistered* - mfeavfk01 *Deregistered* - TrueSight . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Akamai REG_MULTI_SZ Akamai . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-07-31 19:38 1173456 ----a-w- c:\program files\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-08-22 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 13:35] . 2013-08-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-09-14 18:30] . 2013-08-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-09-14 18:30] . . ------- Supplementary Scan ------- . uInternet Settings,ProxyOverride = localhost;<local> IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.0.1 . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai] "ServiceDll"="c:\program files\common files\akamai/netsession_win_8fa3539.dll" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-2875714226-2004656313-3746281624-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.Email.1" . [HKEY_USERS\S-1-5-21-2875714226-2004656313-3746281624-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Microsoft\DbgagD\1*] "value"="?\0c\05\02\0e \11É" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-08-23 01:01:42 ComboFix-quarantined-files.txt 2013-08-23 00:01 . Pre-Run: 242,824,683,520 bytes free Post-Run: 242,422,992,896 bytes free . - - End Of File - - 73849653B1C6A40ACC2F87DBA8548F1B A36C5E4F47E84449FF07ED3517B43A31
  7. asr878
    RogueKiller V8.6.6 [Aug 19 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.adlice.com/forum/ Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version Started in : Normal mode User : Andy [Admin rights] Mode : Scan -- Date : 08/22/2013 23:52:53 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 2 ¤¤¤ [RUN][ZeroAccess] HKCU\[...]\Run : Google Update ("C:\Users\Andy\AppData\Local\Google\Desktop\Install\{939719a2-2974-6a3d-d6ed-3760038c52ac}\?��?��?��\?��?��?��\???ﯹ๛\{939719a2-2974-6a3d-d6ed-3760038c52ac}\GoogleUpdate.exe" >) -> FOUND [RUN][ZeroAccess] HKUS\S-1-5-21-2875714226-2004656313-3746281624-1000\[...]\Run : Google Update ("C:\Users\Andy\AppData\Local\Google\Desktop\Install\{939719a2-2974-6a3d-d6ed-3760038c52ac}\?��?��?��\?��?��?��\???ﯹ๛\{939719a2-2974-6a3d-d6ed-3760038c52ac}\GoogleUpdate.exe" >) -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤ [Address] IRP[iRP_MJ_CREATE] : C:\Windows\System32\drivers\mountmgr.sys -> HOOKED ([Address] Unknown @ 0x8597D1F8) [Address] IRP[iRP_MJ_CLOSE] : C:\Windows\System32\drivers\mountmgr.sys -> HOOKED ([Address] Unknown @ 0x8597D1F8) [Address] IRP[iRP_MJ_DEVICE_CONTROL] : C:\Windows\System32\drivers\mountmgr.sys -> HOOKED ([Address] Unknown @ 0x8597D1F8) [Address] IRP[iRP_MJ_INTERNAL_DEVICE_CONTROL] : C:\Windows\System32\drivers\mountmgr.sys -> HOOKED ([Address] Unknown @ 0x8597D1F8) [Address] IRP[iRP_MJ_POWER] : C:\Windows\System32\drivers\mountmgr.sys -> HOOKED ([Address] Unknown @ 0x8597D1F8) [Address] IRP[iRP_MJ_SYSTEM_CONTROL] : C:\Windows\System32\drivers\mountmgr.sys -> HOOKED ([Address] Unknown @ 0x8597D1F8) [Address] IRP[iRP_MJ_PNP] : C:\Windows\System32\drivers\mountmgr.sys -> HOOKED ([Address] Unknown @ 0x8597D1F8) ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ZeroAccess ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD3200AAJS-22L7A0 ATA Device +++++ --- User --- [MBR] 675329d7ddc2fa498f3d904d0469e426 [bSP] 53a89e206afd0252b1ccc1010e599632 : Windows 7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 5500 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 11266048 | Size: 299743 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[0]_S_08222013_235253.txt >> RKreport[0]_S_08222013_203339.txt;RKreport[0]_S_08222013_215738.txt
  8. asr878
    Malwarebytes Anti-Rootkit BETA 1.06.1.1005 www.malwarebytes.org Database version: v2013.08.22.09 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 10.0.9200.16660 Andy :: KINGERIC [administrator] 22/08/2013 23:05:03 mbar-log-2013-08-22 (23-05-03).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P Scan options disabled: PUP Kernel memory modifications detected. Deep Anti-Rootkit Scan engaged. Objects scanned: 269801 Time elapsed: 12 minute(s), 42 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 1 HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Google Update (Trojan.Zaccess) -> Data: -> Delete on reboot. Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) Physical Sectors Detected: 0 (No malicious items detected) (end) --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.06.1.1005 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x86 Account is Administrative Internet Explorer version: 10.0.9200.16660 File system is: NTFS Disk drives: C:\ DRIVE_FIXED CPU speed: 2.700000 GHz Memory total: 2012405760, free: 792567808 Downloaded database version: v2013.08.22.06 Initializing... ------------ Kernel report ------------ 08/22/2013 18:08:18 ------------ Loaded modules ----------- \SystemRoot\system32\ntkrnlpa.exe \SystemRoot\system32\halmacpi.dll \SystemRoot\system32\kdcom.dll \SystemRoot\system32\mcupdate_AuthenticAMD.dll \SystemRoot\system32\PSHED.dll \SystemRoot\system32\BOOTVID.dll \SystemRoot\system32\CLFS.SYS \SystemRoot\system32\CI.dll \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\System32\Drivers\sptd.sys \SystemRoot\system32\drivers\ACPI.sys \SystemRoot\system32\drivers\WMILIB.SYS \SystemRoot\system32\drivers\msisadrv.sys \SystemRoot\system32\drivers\vdrvroot.sys \SystemRoot\system32\drivers\pci.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\system32\DRIVERS\compbatt.sys \SystemRoot\system32\DRIVERS\BATTC.SYS \SystemRoot\system32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\system32\drivers\pciide.sys \SystemRoot\system32\drivers\PCIIDEX.SYS \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\system32\drivers\atapi.sys \SystemRoot\system32\drivers\ataport.SYS \SystemRoot\system32\drivers\amdxata.sys \SystemRoot\system32\drivers\fltmgr.sys \SystemRoot\system32\drivers\fileinfo.sys \SystemRoot\system32\drivers\mfehidk.sys \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\System32\Drivers\msrpc.sys \SystemRoot\System32\Drivers\ksecdd.sys \SystemRoot\System32\Drivers\cng.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\system32\drivers\mfewfpk.sys \SystemRoot\system32\DRIVERS\scmndisp.sys \SystemRoot\system32\drivers\volsnap.sys \SystemRoot\System32\Drivers\spldr.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\System32\drivers\hwpolicy.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\system32\DRIVERS\disk.sys \SystemRoot\system32\DRIVERS\CLASSPNP.SYS \SystemRoot\system32\DRIVERS\AtiPcie.sys \SystemRoot\system32\DRIVERS\cdrom.sys \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\drivers\VIDEOPRT.SYS \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\system32\drivers\rdpencdd.sys \SystemRoot\system32\drivers\rdprefmp.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\drivers\afd.sys \SystemRoot\system32\drivers\ws2ifsl.sys \SystemRoot\system32\DRIVERS\wfplwf.sys \SystemRoot\system32\DRIVERS\pacer.sys \SystemRoot\system32\DRIVERS\vwififlt.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\system32\drivers\termdd.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\system32\drivers\mssmbios.sys \SystemRoot\System32\drivers\discache.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\system32\DRIVERS\blbdrive.sys \SystemRoot\system32\DRIVERS\tunnel.sys \SystemRoot\system32\DRIVERS\amdppm.sys \SystemRoot\system32\DRIVERS\atikmdag.sys \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\dxgmms1.sys \SystemRoot\system32\DRIVERS\Rt86win7.sys \SystemRoot\system32\DRIVERS\usbohci.sys \SystemRoot\system32\DRIVERS\USBPORT.SYS \SystemRoot\system32\DRIVERS\usbehci.sys \SystemRoot\system32\drivers\HDAudBus.sys \SystemRoot\system32\DRIVERS\serial.sys \SystemRoot\system32\DRIVERS\serenum.sys \SystemRoot\system32\drivers\i8042prt.sys \SystemRoot\System32\drivers\keyscrambler.sys \SystemRoot\system32\drivers\kbdclass.sys \SystemRoot\system32\DRIVERS\parport.sys \SystemRoot\system32\drivers\CompositeBus.sys \SystemRoot\system32\DRIVERS\AgileVpn.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\rassstp.sys \SystemRoot\system32\DRIVERS\mouclass.sys \SystemRoot\system32\drivers\swenum.sys \SystemRoot\system32\drivers\ks.sys \SystemRoot\system32\drivers\umbus.sys \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\drivers\RTKVHDA.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\system32\drivers\mfeavfk.sys \SystemRoot\system32\drivers\mfefirek.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\Drivers\dump_dumpata.sys \SystemRoot\System32\Drivers\dump_atapi.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\system32\DRIVERS\monitor.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\system32\DRIVERS\hidusb.sys \SystemRoot\system32\DRIVERS\HIDCLASS.SYS \SystemRoot\system32\DRIVERS\HIDPARSE.SYS \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\system32\DRIVERS\mouhid.sys \SystemRoot\System32\ATMFD.DLL \SystemRoot\system32\DRIVERS\USBSTOR.SYS \SystemRoot\system32\drivers\luafv.sys \SystemRoot\system32\DRIVERS\RMCAST.sys \SystemRoot\system32\DRIVERS\lltdio.sys \SystemRoot\system32\DRIVERS\nwifi.sys \SystemRoot\system32\DRIVERS\ndisuio.sys \SystemRoot\system32\DRIVERS\rspndr.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\System32\DRIVERS\srv.sys \SystemRoot\system32\DRIVERS\parvdm.sys \SystemRoot\system32\drivers\peauth.sys \SystemRoot\System32\Drivers\secdrv.SYS \SystemRoot\System32\drivers\tcpipreg.sys \SystemRoot\system32\drivers\WudfPf.sys \SystemRoot\system32\DRIVERS\WUDFRd.sys \SystemRoot\system32\drivers\cfwids.sys \SystemRoot\system32\drivers\HipShieldK.sys \SystemRoot\system32\drivers\mfeapfk.sys \SystemRoot\System32\cdd.dll \SystemRoot\system32\DRIVERS\bcmwlhigh6.sys \SystemRoot\system32\DRIVERS\vwifibus.sys \SystemRoot\system32\DRIVERS\vwifimp.sys \??\C:\Windows\system32\drivers\mbamchameleon.sys \??\C:\Windows\system32\drivers\mbamswissarmy.sys \Windows\System32\ntdll.dll \Windows\System32\smss.exe \Windows\System32\apisetschema.dll \Windows\System32\autochk.exe \Windows\System32\gdi32.dll \Windows\System32\kernel32.dll \Windows\System32\difxapi.dll \Windows\System32\msctf.dll \Windows\System32\setupapi.dll \Windows\System32\oleaut32.dll \Windows\System32\nsi.dll \Windows\System32\clbcatq.dll \Windows\System32\imm32.dll \Windows\System32\shlwapi.dll \Windows\System32\imagehlp.dll \Windows\System32\psapi.dll \Windows\System32\comdlg32.dll \Windows\System32\urlmon.dll \Windows\System32\sechost.dll \Windows\System32\ole32.dll \Windows\System32\shell32.dll \Windows\System32\rpcrt4.dll \Windows\System32\usp10.dll \Windows\System32\lpk.dll \Windows\System32\normaliz.dll \Windows\System32\advapi32.dll \Windows\System32\iertutil.dll \Windows\System32\msvcrt.dll \Windows\System32\Wldap32.dll \Windows\System32\user32.dll \Windows\System32\wininet.dll \Windows\System32\ws2_32.dll \Windows\System32\wintrust.dll \Windows\System32\crypt32.dll \Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll \Windows\System32\KernelBase.dll \Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll \Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll \Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll \Windows\System32\cfgmgr32.dll \Windows\System32\devobj.dll \Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll \Windows\System32\comctl32.dll \Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll \Windows\System32\msasn1.dll ----------- End ----------- Done! <<<1>>> Upper Device Name: \Device\Harddisk4\DR4 Upper Device Object: 0xffffffff87457540 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\0000007a\ Lower Device Object: 0xffffffff8732c4f8 Lower Device Driver Name: \Driver\USBSTOR\ IRP handler 0 of \Driver\USBSTOR points to an unknown module Unhooking enabled. <<<1>>> Upper Device Name: \Device\Harddisk4\DR4 Upper Device Object: 0xffffffff87457540 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\0000007a\ Lower Device Object: 0xffffffff8732c4f8 Lower Device Driver Name: \Driver\USBSTOR\ Driver name found: USBSTOR Initialization returned 0x0 Load Function returned 0x0 <<<1>>> Upper Device Name: \Device\Harddisk3\DR3 Upper Device Object: 0xffffffff87456370 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\00000079\ Lower Device Object: 0xffffffff8738f030 Lower Device Driver Name: \Driver\USBSTOR\ Driver name found: USBSTOR <<<1>>> Upper Device Name: \Device\Harddisk2\DR2 Upper Device Object: 0xffffffff87456ac8 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\00000078\ Lower Device Object: 0xffffffff87334868 Lower Device Driver Name: \Driver\USBSTOR\ Driver name found: USBSTOR <<<1>>> Upper Device Name: \Device\Harddisk1\DR1 Upper Device Object: 0xffffffff874549d0 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\00000077\ Lower Device Object: 0xffffffff8732d8d0 Lower Device Driver Name: \Driver\USBSTOR\ Driver name found: USBSTOR <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xffffffff8635a030 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IdeDeviceP1T0L0-1\ Lower Device Object: 0xffffffff8635a908 Lower Device Driver Name: \Driver\atapi\ Driver name found: atapi Initialization returned 0x0 Port sub-driver loaded: \??\C:\Windows\System32\drivers\ataport.sys (0x0) Load Function returned 0x0 <<<2>>> Device number: 0, partition: 2 Physical Sector Size: 512 Drive: 0, DevicePointer: 0xffffffff8635a030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xffffffff863673b0, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xffffffff8635a030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xffffffff8633e910, DeviceName: Unknown, DriverName: \Driver\ACPI\ DevicePointer: 0xffffffff8635a908, DeviceName: \Device\Ide\IdeDeviceP1T0L0-1\, DriverName: \Driver\atapi\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ Upper DeviceData: 0xffffffff9ef48a08, 0xffffffff8635a030, 0xffffffffd066aac8 Lower DeviceData: 0xffffffffb8bb3e90, 0xffffffff8635a908, 0xffffffff85c0add0 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes <<<2>>> Device number: 0, partition: 2 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning drivers directory: C:\Windows\system32\drivers... <<<2>>> Device number: 0, partition: 2 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Done! Drive 0 Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: 1D751B21 Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 2048 Numsec = 11264000 Partition file system is NTFS Partition is bootable Partition 1 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 11266048 Numsec = 613873664 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 320072933376 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-2047-625122448-625142448)... Done! Physical Sector Size: 0 Drive: 1, DevicePointer: 0xffffffff874549d0, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xffffffff874546b0, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xffffffff874549d0, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\ DevicePointer: 0xffffffff8732d8d0, DeviceName: \Device\00000077\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Physical Sector Size: 0 Drive: 2, DevicePointer: 0xffffffff87456ac8, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xffffffff8732bd10, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xffffffff87456ac8, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\ DevicePointer: 0xffffffff87334868, DeviceName: \Device\00000078\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Physical Sector Size: 0 Drive: 3, DevicePointer: 0xffffffff87456370, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xffffffff87457020, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xffffffff87456370, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\ DevicePointer: 0xffffffff8738f030, DeviceName: \Device\00000079\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Physical Sector Size: 0 Drive: 4, DevicePointer: 0xffffffff87457540, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xffffffff87457d10, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xffffffff87457540, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\ DevicePointer: 0xffffffff8732c4f8, DeviceName: \Device\0000007a\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Infected: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Google Update --> [Trojan.Zaccess] Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\‮etadpug --> [Trojan.Zaccess] Infected: c:\Users\Andy\AppData\Local\Google\Desktop\Install\{939719a2-2974-6a3d-d6ed-3760038c52ac}\❤≸⋙ --> [Trojan.0Access] Infected: c:\Users\Andy\AppData\Local\Google\Desktop\Install\{939719a2-2974-6a3d-d6ed-3760038c52ac}\❤≸⋙\Ⱒ☠⍨ --> [Trojan.0Access] Infected: c:\Users\Andy\AppData\Local\Google\Desktop\Install\{939719a2-2974-6a3d-d6ed-3760038c52ac}\❤≸⋙\Ⱒ☠⍨\‮ﯹ๛ --> [Trojan.0Access] Infected: c:\Users\Andy\AppData\Local\Google\Desktop\Install\{939719a2-2974-6a3d-d6ed-3760038c52ac}\❤≸⋙\Ⱒ☠⍨\‮ﯹ๛\{939719a2-2974-6a3d-d6ed-3760038c52ac} --> [Trojan.0Access] Infected: c:\Users\Andy\AppData\Local\Google\Desktop\Install\{939719a2-2974-6a3d-d6ed-3760038c52ac}\❤≸⋙\Ⱒ☠⍨\‮ﯹ๛\{939719a2-2974-6a3d-d6ed-3760038c52ac}\@ --> [Trojan.0Access] Infected: c:\Users\Andy\AppData\Local\Google\Desktop\Install\{939719a2-2974-6a3d-d6ed-3760038c52ac}\❤≸⋙\Ⱒ☠⍨\‮ﯹ๛\{939719a2-2974-6a3d-d6ed-3760038c52ac}\L --> [Trojan.0Access] Infected: c:\Users\Andy\AppData\Local\Google\Desktop\Install\{939719a2-2974-6a3d-d6ed-3760038c52ac}\❤≸⋙\Ⱒ☠⍨\‮ﯹ๛\{939719a2-2974-6a3d-d6ed-3760038c52ac}\U --> [Trojan.0Access] Infected: c:\Users\Andy\AppData\Local\Google\Desktop\Install\{939719a2-2974-6a3d-d6ed-3760038c52ac} --> [Trojan.0Access] Infected: c:\program files\google\desktop\install\{939719a2-2974-6a3d-d6ed-3760038c52ac}\ --> [Trojan.0Access] Infected: c:\program files\google\desktop\install\{939719a2-2974-6a3d-d6ed-3760038c52ac}\ \... --> [Trojan.0Access] Infected: c:\program files\google\desktop\install\{939719a2-2974-6a3d-d6ed-3760038c52ac}\ \...\‮ﯹ๛ --> [Trojan.0Access] Infected: c:\program files\google\desktop\install\{939719a2-2974-6a3d-d6ed-3760038c52ac}\ \...\‮ﯹ๛\{939719a2-2974-6a3d-d6ed-3760038c52ac} --> [Trojan.0Access] Infected: c:\program files\google\desktop\install\{939719a2-2974-6a3d-d6ed-3760038c52ac}\ \...\‮ﯹ๛\{939719a2-2974-6a3d-d6ed-3760038c52ac}\@ --> [Trojan.0Access] Infected: c:\program files\google\desktop\install\{939719a2-2974-6a3d-d6ed-3760038c52ac}\ \...\‮ﯹ๛\{939719a2-2974-6a3d-d6ed-3760038c52ac}\l --> [Trojan.0Access] Infected: c:\program files\google\desktop\install\{939719a2-2974-6a3d-d6ed-3760038c52ac}\ \...\‮ﯹ๛\{939719a2-2974-6a3d-d6ed-3760038c52ac}\l\00000004.@ --> [Trojan.0Access] Infected: c:\program files\google\desktop\install\{939719a2-2974-6a3d-d6ed-3760038c52ac}\ \...\‮ﯹ๛\{939719a2-2974-6a3d-d6ed-3760038c52ac}\u --> [Trojan.0Access] Infected: c:\Program Files\Google\Desktop\Install\{939719a2-2974-6a3d-d6ed-3760038c52ac} --> [Trojan.0Access] Scan finished Creating System Restore point... Cleaning up... Executing an action fixdamage.exe... Success! Queuing an action fixdamage.exe Removal scheduling successful. System shutdown needed. System shutdown occurred ======================================= Removal queue found; removal started Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam... Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_0_2048_i.mbam... Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam... Removal finished --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.06.1.1005 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x86 Account is Administrative Internet Explorer version: 10.0.9200.16660 File system is: NTFS Disk drives: C:\ DRIVE_FIXED CPU speed: 2.700000 GHz Memory total: 2012405760, free: 1103814656 Downloaded database version: v2013.08.22.07 Downloaded database version: v2013.08.22.08 Downloaded database version: v2013.08.22.09 Initializing... ------------ Kernel report ------------ 08/22/2013 22:11:52 ------------ Loaded modules ----------- \SystemRoot\system32\ntkrnlpa.exe \SystemRoot\system32\halmacpi.dll \SystemRoot\system32\kdcom.dll \SystemRoot\system32\mcupdate_AuthenticAMD.dll \SystemRoot\system32\PSHED.dll \SystemRoot\system32\BOOTVID.dll \SystemRoot\system32\CLFS.SYS \SystemRoot\system32\CI.dll \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\System32\Drivers\sptd.sys \SystemRoot\system32\drivers\ACPI.sys \SystemRoot\system32\drivers\WMILIB.SYS \SystemRoot\system32\drivers\msisadrv.sys \SystemRoot\system32\drivers\vdrvroot.sys \SystemRoot\system32\drivers\pci.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\system32\DRIVERS\compbatt.sys \SystemRoot\system32\DRIVERS\BATTC.SYS \SystemRoot\system32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\system32\drivers\pciide.sys \SystemRoot\system32\drivers\PCIIDEX.SYS \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\system32\drivers\atapi.sys \SystemRoot\system32\drivers\ataport.SYS \SystemRoot\system32\drivers\amdxata.sys \SystemRoot\system32\drivers\fltmgr.sys \SystemRoot\system32\drivers\fileinfo.sys \SystemRoot\system32\drivers\mfehidk.sys \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\System32\Drivers\msrpc.sys \SystemRoot\System32\Drivers\ksecdd.sys \SystemRoot\System32\Drivers\cng.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\system32\drivers\mfewfpk.sys \SystemRoot\system32\DRIVERS\scmndisp.sys \SystemRoot\system32\drivers\volsnap.sys \SystemRoot\System32\Drivers\spldr.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\System32\drivers\hwpolicy.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\system32\DRIVERS\disk.sys \SystemRoot\system32\DRIVERS\CLASSPNP.SYS \SystemRoot\system32\DRIVERS\AtiPcie.sys \SystemRoot\system32\DRIVERS\cdrom.sys \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\drivers\VIDEOPRT.SYS \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\system32\drivers\rdpencdd.sys \SystemRoot\system32\drivers\rdprefmp.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\drivers\afd.sys \SystemRoot\system32\drivers\ws2ifsl.sys \SystemRoot\system32\DRIVERS\wfplwf.sys \SystemRoot\system32\DRIVERS\pacer.sys \SystemRoot\system32\DRIVERS\vwififlt.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\system32\drivers\termdd.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\system32\drivers\mssmbios.sys \SystemRoot\System32\drivers\discache.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\system32\DRIVERS\blbdrive.sys \SystemRoot\system32\DRIVERS\tunnel.sys \SystemRoot\system32\DRIVERS\amdppm.sys \SystemRoot\system32\DRIVERS\atikmdag.sys \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\dxgmms1.sys \SystemRoot\system32\DRIVERS\Rt86win7.sys \SystemRoot\system32\DRIVERS\usbohci.sys \SystemRoot\system32\DRIVERS\USBPORT.SYS \SystemRoot\system32\DRIVERS\usbehci.sys \SystemRoot\system32\drivers\HDAudBus.sys \SystemRoot\system32\DRIVERS\serial.sys \SystemRoot\system32\DRIVERS\serenum.sys \SystemRoot\system32\drivers\i8042prt.sys \SystemRoot\System32\drivers\keyscrambler.sys \SystemRoot\system32\drivers\kbdclass.sys \SystemRoot\system32\DRIVERS\parport.sys \SystemRoot\system32\drivers\CompositeBus.sys \SystemRoot\system32\DRIVERS\AgileVpn.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\rassstp.sys \SystemRoot\system32\DRIVERS\mouclass.sys \SystemRoot\system32\drivers\swenum.sys \SystemRoot\system32\drivers\ks.sys \SystemRoot\system32\drivers\umbus.sys \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\drivers\RTKVHDA.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\system32\drivers\mfeavfk.sys \SystemRoot\system32\drivers\mfefirek.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\system32\DRIVERS\monitor.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\Drivers\dump_dumpata.sys \SystemRoot\System32\Drivers\dump_atapi.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\System32\cdd.dll \SystemRoot\system32\DRIVERS\bcmwlhigh6.sys \SystemRoot\system32\DRIVERS\vwifibus.sys \SystemRoot\System32\ATMFD.DLL \SystemRoot\system32\DRIVERS\hidusb.sys \SystemRoot\system32\DRIVERS\HIDCLASS.SYS \SystemRoot\system32\DRIVERS\HIDPARSE.SYS \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\system32\DRIVERS\USBSTOR.SYS \SystemRoot\system32\DRIVERS\mouhid.sys \SystemRoot\system32\drivers\luafv.sys \SystemRoot\system32\DRIVERS\RMCAST.sys \SystemRoot\system32\DRIVERS\lltdio.sys \SystemRoot\system32\DRIVERS\nwifi.sys \SystemRoot\system32\DRIVERS\ndisuio.sys \SystemRoot\system32\DRIVERS\rspndr.sys \SystemRoot\system32\DRIVERS\vwifimp.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\System32\DRIVERS\srv.sys \SystemRoot\system32\DRIVERS\parvdm.sys \SystemRoot\system32\drivers\peauth.sys \SystemRoot\System32\Drivers\secdrv.SYS \SystemRoot\System32\drivers\tcpipreg.sys \SystemRoot\system32\drivers\WudfPf.sys \SystemRoot\system32\DRIVERS\WUDFRd.sys \SystemRoot\system32\drivers\cfwids.sys \SystemRoot\system32\drivers\HipShieldK.sys \SystemRoot\system32\drivers\mfeapfk.sys \??\C:\Users\Andy\AppData\Local\Temp\mbr.sys \??\C:\Windows\system32\TrueSight.sys \??\C:\Windows\system32\drivers\mbamchameleon.sys \??\C:\Windows\system32\drivers\mbamswissarmy.sys \Windows\System32\ntdll.dll \Windows\System32\smss.exe \Windows\System32\apisetschema.dll \Windows\System32\autochk.exe \Windows\System32\urlmon.dll \Windows\System32\nsi.dll \Windows\System32\clbcatq.dll \Windows\System32\shlwapi.dll \Windows\System32\gdi32.dll \Windows\System32\msctf.dll \Windows\System32\lpk.dll \Windows\System32\difxapi.dll \Windows\System32\imm32.dll \Windows\System32\oleaut32.dll \Windows\System32\user32.dll \Windows\System32\comdlg32.dll \Windows\System32\wininet.dll \Windows\System32\psapi.dll \Windows\System32\advapi32.dll \Windows\System32\usp10.dll \Windows\System32\rpcrt4.dll \Windows\System32\ws2_32.dll \Windows\System32\Wldap32.dll \Windows\System32\iertutil.dll \Windows\System32\sechost.dll \Windows\System32\ole32.dll \Windows\System32\normaliz.dll \Windows\System32\imagehlp.dll \Windows\System32\msvcrt.dll \Windows\System32\setupapi.dll \Windows\System32\kernel32.dll \Windows\System32\shell32.dll \Windows\System32\devobj.dll \Windows\System32\comctl32.dll \Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll \Windows\System32\crypt32.dll \Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll \Windows\System32\KernelBase.dll \Windows\System32\cfgmgr32.dll \Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll \Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll \Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll \Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll \Windows\System32\wintrust.dll \Windows\System32\msasn1.dll ----------- End ----------- Done! <<<1>>> Upper Device Name: \Device\Harddisk4\DR4 Upper Device Object: 0xffffffff876a1608 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\0000007a\ Lower Device Object: 0xffffffff8734f630 Lower Device Driver Name: \Driver\USBSTOR\ IRP handler 0 of \Driver\USBSTOR points to an unknown module Unhooking enabled. <<<1>>> Upper Device Name: \Device\Harddisk4\DR4 Upper Device Object: 0xffffffff876a1608 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\0000007a\ Lower Device Object: 0xffffffff8734f630 Lower Device Driver Name: \Driver\USBSTOR\ Driver name found: USBSTOR Initialization returned 0x0 Load Function returned 0x0 <<<1>>> Upper Device Name: \Device\Harddisk3\DR3 Upper Device Object: 0xffffffff876a1030 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\00000079\ Lower Device Object: 0xffffffff876a73b0 Lower Device Driver Name: \Driver\USBSTOR\ Driver name found: USBSTOR <<<1>>> Upper Device Name: \Device\Harddisk2\DR2 Upper Device Object: 0xffffffff87706ac8 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\00000078\ Lower Device Object: 0xffffffff876a5970 Lower Device Driver Name: \Driver\USBSTOR\ Driver name found: USBSTOR <<<1>>> Upper Device Name: \Device\Harddisk1\DR1 Upper Device Object: 0xffffffff87706030 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\00000077\ Lower Device Object: 0xffffffff8769e030 Lower Device Driver Name: \Driver\USBSTOR\ Driver name found: USBSTOR <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xffffffff8675a2a8 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IdeDeviceP1T0L0-1\ Lower Device Object: 0xffffffff8675a908 Lower Device Driver Name: \Driver\atapi\ Driver name found: atapi Initialization returned 0x0 Port sub-driver loaded: \??\C:\Windows\System32\drivers\ataport.sys (0x0) Load Function returned 0x0 <<<2>>> Device number: 0, partition: 2 Physical Sector Size: 512 Drive: 0, DevicePointer: 0xffffffff8675a2a8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xffffffff86789960, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xffffffff8675a2a8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xffffffff867475a8, DeviceName: Unknown, DriverName: \Driver\ACPI\ DevicePointer: 0xffffffff8675a908, DeviceName: \Device\Ide\IdeDeviceP1T0L0-1\, DriverName: \Driver\atapi\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ Upper DeviceData: 0xffffffffa5c23af8, 0xffffffff8675a2a8, 0xffffffff85fde4a0 Lower DeviceData: 0xffffffffab21b828, 0xffffffff8675a908, 0xffffffff85d7bc98 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes <<<2>>> Device number: 0, partition: 2 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning drivers directory: C:\Windows\system32\drivers... <<<2>>> Device number: 0, partition: 2 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Done! Drive 0 Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: 1D751B21 Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 2048 Numsec = 11264000 Partition file system is NTFS Partition is bootable Partition 1 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 11266048 Numsec = 613873664 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 320072933376 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-2047-625122448-625142448)... Done! Physical Sector Size: 0 Drive: 1, DevicePointer: 0xffffffff87706030, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xffffffff8769f470, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xffffffff87706030, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\ DevicePointer: 0xffffffff8769e030, DeviceName: \Device\00000077\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Physical Sector Size: 0 Drive: 2, DevicePointer: 0xffffffff87706ac8, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xffffffff877067a8, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xffffffff87706ac8, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\ DevicePointer: 0xffffffff876a5970, DeviceName: \Device\00000078\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Physical Sector Size: 0 Drive: 3, DevicePointer: 0xffffffff876a1030, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xffffffff876a67c8, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xffffffff876a1030, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\ DevicePointer: 0xffffffff876a73b0, DeviceName: \Device\00000079\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Physical Sector Size: 0 Drive: 4, DevicePointer: 0xffffffff876a1608, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xffffffff876a3020, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xffffffff876a1608, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\ DevicePointer: 0xffffffff8734f630, DeviceName: \Device\0000007a\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Infected: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Google Update --> [Trojan.Zaccess] Scan finished Creating System Restore point... Cleaning up... Executing an action fixdamage.exe... Success! Queuing an action fixdamage.exe Removal scheduling successful. System shutdown needed. System shutdown occurred ======================================= Removal queue found; removal started Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam... Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_0_2048_i.mbam... Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam... Removal finished --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.06.1.1005 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x86 Account is Administrative Internet Explorer version: 10.0.9200.16660 File system is: NTFS Disk drives: C:\ DRIVE_FIXED CPU speed: 2.700000 GHz Memory total: 2012405760, free: 1343418368 Initializing... ------------ Kernel report ------------ 08/22/2013 23:04:57 ------------ Loaded modules ----------- \SystemRoot\system32\ntkrnlpa.exe \SystemRoot\system32\halmacpi.dll \SystemRoot\system32\kdcom.dll \SystemRoot\system32\mcupdate_AuthenticAMD.dll \SystemRoot\system32\PSHED.dll \SystemRoot\system32\BOOTVID.dll \SystemRoot\system32\CLFS.SYS \SystemRoot\system32\CI.dll \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\System32\Drivers\sptd.sys \SystemRoot\system32\drivers\ACPI.sys \SystemRoot\system32\drivers\WMILIB.SYS \SystemRoot\system32\drivers\msisadrv.sys \SystemRoot\system32\drivers\vdrvroot.sys \SystemRoot\system32\drivers\pci.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\system32\DRIVERS\compbatt.sys \SystemRoot\system32\DRIVERS\BATTC.SYS \SystemRoot\system32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\system32\drivers\pciide.sys \SystemRoot\system32\drivers\PCIIDEX.SYS \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\system32\drivers\atapi.sys \SystemRoot\system32\drivers\ataport.SYS \SystemRoot\system32\drivers\amdxata.sys \SystemRoot\system32\drivers\fltmgr.sys \SystemRoot\system32\drivers\fileinfo.sys \SystemRoot\system32\drivers\mfehidk.sys \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\System32\Drivers\msrpc.sys \SystemRoot\System32\Drivers\ksecdd.sys \SystemRoot\System32\Drivers\cng.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\system32\drivers\mfewfpk.sys \SystemRoot\system32\DRIVERS\scmndisp.sys \SystemRoot\system32\drivers\volsnap.sys \SystemRoot\System32\Drivers\spldr.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\System32\drivers\hwpolicy.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\system32\DRIVERS\disk.sys \SystemRoot\system32\DRIVERS\CLASSPNP.SYS \SystemRoot\system32\DRIVERS\AtiPcie.sys \SystemRoot\system32\DRIVERS\cdrom.sys \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\drivers\VIDEOPRT.SYS \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\system32\drivers\rdpencdd.sys \SystemRoot\system32\drivers\rdprefmp.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\drivers\afd.sys \SystemRoot\system32\drivers\ws2ifsl.sys \SystemRoot\system32\DRIVERS\wfplwf.sys \SystemRoot\system32\DRIVERS\pacer.sys \SystemRoot\system32\DRIVERS\vwififlt.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\system32\drivers\termdd.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\system32\drivers\mssmbios.sys \SystemRoot\System32\drivers\discache.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\system32\DRIVERS\blbdrive.sys \SystemRoot\system32\DRIVERS\tunnel.sys \SystemRoot\system32\DRIVERS\amdppm.sys \SystemRoot\system32\DRIVERS\atikmdag.sys \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\dxgmms1.sys \SystemRoot\system32\DRIVERS\Rt86win7.sys \SystemRoot\system32\DRIVERS\usbohci.sys \SystemRoot\system32\DRIVERS\USBPORT.SYS \SystemRoot\system32\DRIVERS\usbehci.sys \SystemRoot\system32\drivers\HDAudBus.sys \SystemRoot\system32\DRIVERS\serial.sys \SystemRoot\system32\DRIVERS\serenum.sys \SystemRoot\system32\drivers\i8042prt.sys \SystemRoot\System32\drivers\keyscrambler.sys \SystemRoot\system32\drivers\kbdclass.sys \SystemRoot\system32\DRIVERS\parport.sys \SystemRoot\system32\drivers\CompositeBus.sys \SystemRoot\system32\DRIVERS\AgileVpn.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\rassstp.sys \SystemRoot\system32\DRIVERS\mouclass.sys \SystemRoot\system32\drivers\swenum.sys \SystemRoot\system32\drivers\ks.sys \SystemRoot\system32\drivers\umbus.sys \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\drivers\RTKVHDA.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\system32\drivers\mfeavfk.sys \SystemRoot\system32\drivers\mfefirek.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\Drivers\dump_dumpata.sys \SystemRoot\System32\Drivers\dump_atapi.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\system32\DRIVERS\monitor.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\System32\cdd.dll \SystemRoot\system32\DRIVERS\hidusb.sys \SystemRoot\system32\DRIVERS\HIDCLASS.SYS \SystemRoot\system32\DRIVERS\HIDPARSE.SYS \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\system32\DRIVERS\mouhid.sys \SystemRoot\system32\DRIVERS\bcmwlhigh6.sys \SystemRoot\system32\DRIVERS\vwifibus.sys \SystemRoot\System32\ATMFD.DLL \SystemRoot\system32\DRIVERS\USBSTOR.SYS \SystemRoot\system32\drivers\luafv.sys \SystemRoot\system32\DRIVERS\RMCAST.sys \SystemRoot\system32\DRIVERS\lltdio.sys \SystemRoot\system32\DRIVERS\nwifi.sys \SystemRoot\system32\DRIVERS\ndisuio.sys \SystemRoot\system32\DRIVERS\rspndr.sys \SystemRoot\system32\DRIVERS\vwifimp.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\System32\DRIVERS\srv.sys \SystemRoot\system32\DRIVERS\parvdm.sys \SystemRoot\system32\drivers\peauth.sys \SystemRoot\System32\Drivers\secdrv.SYS \SystemRoot\System32\drivers\tcpipreg.sys \SystemRoot\system32\drivers\WudfPf.sys \SystemRoot\system32\DRIVERS\WUDFRd.sys \SystemRoot\system32\drivers\cfwids.sys \SystemRoot\system32\drivers\HipShieldK.sys \SystemRoot\system32\drivers\mfeapfk.sys \??\C:\Windows\system32\drivers\mbamchameleon.sys \??\C:\Windows\system32\drivers\mbamswissarmy.sys \Windows\System32\ntdll.dll \Windows\System32\smss.exe \Windows\System32\apisetschema.dll \Windows\System32\autochk.exe \Windows\System32\normaliz.dll \Windows\System32\iertutil.dll \Windows\System32\urlmon.dll \Windows\System32\sechost.dll \Windows\System32\advapi32.dll \Windows\System32\ole32.dll \Windows\System32\comdlg32.dll \Windows\System32\user32.dll \Windows\System32\oleaut32.dll \Windows\System32\Wldap32.dll \Windows\System32\msvcrt.dll \Windows\System32\shlwapi.dll \Windows\System32\clbcatq.dll \Windows\System32\shell32.dll \Windows\System32\setupapi.dll \Windows\System32\nsi.dll \Windows\System32\ws2_32.dll \Windows\System32\wininet.dll \Windows\System32\imagehlp.dll \Windows\System32\imm32.dll \Windows\System32\difxapi.dll \Windows\System32\psapi.dll \Windows\System32\lpk.dll \Windows\System32\rpcrt4.dll \Windows\System32\kernel32.dll \Windows\System32\gdi32.dll \Windows\System32\msctf.dll \Windows\System32\usp10.dll \Windows\System32\comctl32.dll \Windows\System32\KernelBase.dll \Windows\System32\crypt32.dll \Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll \Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll \Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll \Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll \Windows\System32\cfgmgr32.dll \Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll \Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll \Windows\System32\wintrust.dll \Windows\System32\devobj.dll \Windows\System32\msasn1.dll ----------- End ----------- Done! <<<1>>> Upper Device Name: \Device\Harddisk4\DR4 Upper Device Object: 0xffffffff87664030 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\0000007c\ Lower Device Object: 0xffffffff87662030 Lower Device Driver Name: \Driver\USBSTOR\ IRP handler 0 of \Driver\USBSTOR points to an unknown module Unhooking enabled. <<<1>>> Upper Device Name: \Device\Harddisk4\DR4 Upper Device Object: 0xffffffff87664030 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\0000007c\ Lower Device Object: 0xffffffff87662030 Lower Device Driver Name: \Driver\USBSTOR\ Driver name found: USBSTOR Initialization returned 0x0 Load Function returned 0x0 <<<1>>> Upper Device Name: \Device\Harddisk3\DR3 Upper Device Object: 0xffffffff876597b8 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\0000007b\ Lower Device Object: 0xffffffff87662ca8 Lower Device Driver Name: \Driver\USBSTOR\ Driver name found: USBSTOR <<<1>>> Upper Device Name: \Device\Harddisk2\DR2 Upper Device Object: 0xffffffff87663030 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\0000007a\ Lower Device Object: 0xffffffff8765a208 Lower Device Driver Name: \Driver\USBSTOR\ Driver name found: USBSTOR <<<1>>> Upper Device Name: \Device\Harddisk1\DR1 Upper Device Object: 0xffffffff87662420 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\00000079\ Lower Device Object: 0xffffffff8765aca8 Lower Device Driver Name: \Driver\USBSTOR\ Driver name found: USBSTOR <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xffffffff86755030 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IdeDeviceP1T0L0-1\ Lower Device Object: 0xffffffff8675b030 Lower Device Driver Name: \Driver\atapi\ Driver name found: atapi Initialization returned 0x0 Port sub-driver loaded: \??\C:\Windows\System32\drivers\ataport.sys (0x0) Load Function returned 0x0 <<<2>>> Device number: 0, partition: 2 Physical Sector Size: 512 Drive: 0, DevicePointer: 0xffffffff86755030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xffffffff86755d10, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xffffffff86755030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xffffffff86756408, DeviceName: Unknown, DriverName: \Driver\ACPI\ DevicePointer: 0xffffffff8675b030, DeviceName: \Device\Ide\IdeDeviceP1T0L0-1\, DriverName: \Driver\atapi\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ Upper DeviceData: 0xffffffffa7265170, 0xffffffff86755030, 0xffffffff85f3f4a8 Lower DeviceData: 0xffffffffa6fb7ee0, 0xffffffff8675b030, 0xffffffff85ec3910 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes <<<2>>> Device number: 0, partition: 2 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning drivers directory: C:\Windows\system32\drivers... <<<2>>> Device number: 0, partition: 2 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Done! Drive 0 Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: 1D751B21 Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 2048 Numsec = 11264000 Partition file system is NTFS Partition is bootable Partition 1 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 11266048 Numsec = 613873664 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 320072933376 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-2047-625122448-625142448)... Done! Physical Sector Size: 0 Drive: 1, DevicePointer: 0xffffffff87662420, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xffffffff87659d10, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xffffffff87662420, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\ DevicePointer: 0xffffffff8765aca8, DeviceName: \Device\00000079\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Physical Sector Size: 0 Drive: 2, DevicePointer: 0xffffffff87663030, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xffffffff87663d10, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xffffffff87663030, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\ DevicePointer: 0xffffffff8765a208, DeviceName: \Device\0000007a\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Physical Sector Size: 0 Drive: 3, DevicePointer: 0xffffffff876597b8, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xffffffff87663a00, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xffffffff876597b8, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\ DevicePointer: 0xffffffff87662ca8, DeviceName: \Device\0000007b\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Physical Sector Size: 0 Drive: 4, DevicePointer: 0xffffffff87664030, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xffffffff876636f0, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xffffffff87664030, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\ DevicePointer: 0xffffffff87662030, DeviceName: \Device\0000007c\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Infected: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Google Update --> [Trojan.Zaccess] Scan finished Creating System Restore point... Cleaning up... Executing an action fixdamage.exe... Success! Queuing an action fixdamage.exe Removal scheduling successful. System shutdown needed. System shutdown occurred ======================================= Removal queue found; removal started Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam... Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_0_2048_i.mbam... Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam... Removal finished
  9. asr878
    DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 10.0.9200.16660 Run by Andy at 20:21:58 on 2013-08-22 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.1919.952 [GMT 1:00] . AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892} SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9} . ============== Running Processes ================ . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\Ati2evxx.exe C:\Windows\system32\WLANExt.exe C:\Windows\system32\conhost.exe C:\Windows\System32\spoolsv.exe C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Windows\System32\bgsvcgen.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe C:\Windows\system32\mfevtps.exe C:\Windows\system32\rundll32.exe C:\Windows\system32\ScsiAccess.EXE C:\Windows\system32\Ati2evxx.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe C:\Windows\System32\WUDFHost.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Users\Andy\AppData\Local\Akamai\netsession_win.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\FinePixViewer\QuickDCF2.exe C:\Program Files\NETGEAR\WNDA3100v2\WNDA3100v2.exe C:\Users\Andy\AppData\Local\Akamai\netsession_win.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe C:\Windows\Explorer.EXE C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Program Files\KeyScrambler\KeyScrambler.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\System32\svchost.exe -k Akamai C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation . ============== Pseudo HJT Report =============== . uProxyOverride = localhost;<local> uURLSearchHooks: {10853dc2-7a27-4e4f-a444-1518b76ab2ec} - <orphaned> BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20130822005011.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\program files\mcafee\siteadvisor\McIEPlg.dll TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\program files\mcafee\siteadvisor\McIEPlg.dll TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll uRun: [Akamai NetSession Interface] "c:\users\andy\appdata\local\akamai\netsession_win.exe" uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\exifla~1.lnk - c:\program files\finepixviewer\QuickDCF2.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wnda3100v2\WNDA3100v2.exe uPolicies-Explorer: NoDrives = dword:0 mPolicies-Explorer: NoDrives = dword:0 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} TCP: NameServer = 192.168.0.1 TCP: Interfaces\{37870FA6-39B9-4CAE-B80B-C64E84BCCD43} : DHCPNameServer = 192.168.0.1 TCP: Interfaces\{47E4EFF3-EF51-4F0F-A411-11AA5B40B090} : DHCPNameServer = 192.168.0.1 TCP: Interfaces\{5C463B69-8CD1-44A2-81CA-9C98AB3FC0A9} : DHCPNameServer = 192.168.0.1 TCP: Interfaces\{75EDAA3F-E551-4777-89F2-D5F35CB52FF8} : DHCPNameServer = 192.168.0.1 TCP: Interfaces\{99ADED97-69C8-4E34-83DA-5DC8E8809063} : DHCPNameServer = 192.168.0.1 TCP: Interfaces\{99ADED97-69C8-4E34-83DA-5DC8E8809063}\244564F4E4 : DHCPNameServer = 192.168.22.22 192.168.22.23 TCP: Interfaces\{99ADED97-69C8-4E34-83DA-5DC8E8809063}\2445F40756E6A7F6E656D284 : DHCPNameServer = 192.168.22.22 192.168.22.23 TCP: Interfaces\{99ADED97-69C8-4E34-83DA-5DC8E8809063}\35B4952313232323 : DHCPNameServer = 192.168.0.1 TCP: Interfaces\{99ADED97-69C8-4E34-83DA-5DC8E8809063}\E4457425F5F607261737638626E6D647638727B61757E6376663765707 : DHCPNameServer = 192.168.0.1 TCP: Interfaces\{F8C44634-261F-4EA2-8C8E-6E36556914FD} : DHCPNameServer = 192.168.0.1 Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\program files\mcafee\msc\McSnIePl.dll Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll SSODL: WebCheck - <orphaned> STS: {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - <orphaned> mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\28.0.1500.95\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome . ============= SERVICES / DRIVERS =============== . R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-10-13 565888] R0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-10-13 210608] R0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\drivers\SCMNdisP.sys [2012-1-15 21728] R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2009-7-14 20992] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2010-9-17 203280] R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2012-11-26 167784] R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2012-11-26 167784] R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2012-11-26 167784] R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-10-13 203840] R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-10-13 169320] R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-10-13 172416] R3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\drivers\bcmwlhigh6.sys [2011-4-19 1092160] R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-10-13 60920] R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2012-11-26 146872] R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2011-8-22 209016] R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-10-13 235264] R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-10-13 363080] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-12-1 189440] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-1-8 161536] S2 WSWNDA3100;WSWNDA3100;c:\program files\netgear\wnda3100v2\WifiSvc.exe [2012-1-15 272864] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888] S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2011-6-9 13224] S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2013-8-22 31560] S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-10-13 65928] S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-10-13 92632] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-12-18 14848] S3 RTL8187;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v2.sys [2007-12-26 288768] S3 Sony PC Companion;Sony PC Companion;c:\program files\sony\sony pc companion\PCCService.exe [2011-6-9 155320] S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2012-12-18 49664] S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-9-13 1343400] S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2011-6-9 25704] S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [2011-6-9 25704] S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [2011-6-9 25704] S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [2011-6-9 25704] S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [2011-6-9 25704] . =============== File Associations =============== . ShellExec: EasyShare.exe: Preview="c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe" . =============== Created Last 30 ================ . 2013-08-22 17:07:36 31560 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2013-08-21 23:11:46 -------- d-----w- c:\windows\ERUNT 2013-08-14 18:51:04 1166848 ----a-w- c:\windows\system32\crypt32.dll 2013-08-14 18:51:03 175104 ----a-w- c:\windows\system32\wintrust.dll 2013-08-14 18:51:03 140288 ----a-w- c:\windows\system32\cryptsvc.dll 2013-08-14 18:51:03 103936 ----a-w- c:\windows\system32\cryptnet.dll 2013-08-14 18:50:54 652800 ----a-w- c:\windows\system32\rpcrt4.dll 2013-08-14 18:50:50 3968960 ----a-w- c:\windows\system32\ntkrnlpa.exe 2013-08-14 18:50:50 3913664 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-08-14 18:50:50 1289096 ----a-w- c:\windows\system32\ntdll.dll 2013-08-14 18:50:46 1293760 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-08-14 18:50:44 1620992 ----a-w- c:\windows\system32\WMVDECOD.DLL 2013-08-14 18:50:23 2048 ----a-w- c:\windows\system32\tzres.dll 2013-08-14 18:50:14 31232 ----a-w- c:\windows\system32\drivers\tssecsrv.sys 2013-07-27 21:54:19 -------- d-----w- c:\users\andy\appdata\local\DoNotTrackPlus 2013-07-27 13:23:10 -------- d-----w- c:\program files\DoNotTrackPlus 2013-07-27 01:22:15 -------- d-sh--w- C:\$RECYCLE.BIN 2013-07-26 23:58:36 -------- d-sh--w- C:\$$PendingFiles 2013-07-26 20:23:58 -------- d-----w- c:\users\andy\appdata\local\temp . ==================== Find3M ==================== . 2013-08-07 13:35:00 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-08-07 13:35:00 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-07-26 03:13:24 1767936 ----a-w- c:\windows\system32\wininet.dll 2013-07-26 03:12:04 2877440 ----a-w- c:\windows\system32\jscript9.dll 2013-07-26 03:12:00 61440 ----a-w- c:\windows\system32\iesetup.dll 2013-07-26 03:12:00 109056 ----a-w- c:\windows\system32\iesysprep.dll 2013-07-26 02:49:14 2706432 ----a-w- c:\windows\system32\mshtml.tlb 2013-07-26 01:59:38 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2013-06-05 03:05:09 2347520 ----a-w- c:\windows\system32\win32k.sys 2013-06-04 04:53:07 509440 ----a-w- c:\windows\system32\qedit.dll 2013-05-31 14:53:18 209016 ----a-w- c:\windows\system32\drivers\keyscrambler.sys . ============= FINISH: 20:23:08.20 =============== DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 13/09/2010 12:47:51 System Uptime: 22/08/2013 19:01:02 (1 hours ago) . Motherboard: FOXCONN | | A74ML-K Processor: AMD Sempron 140 Processor | Socket 940 | 2700/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 293 GiB total, 226.609 GiB free. D: is CDROM () E: is Removable F: is Removable G: is Removable H: is Removable . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP568: 22/08/2013 13:42:04 - Removed Java 7 Update 5 RP569: 22/08/2013 18:22:55 - Malwarebytes Anti-Rootkit Restore Point . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) Adobe AIR Adobe Flash Player 11 ActiveX Adobe Reader XI (11.0.03) Adobe Shockwave Player 11.6 Advanced Uninstaller PRO - Version 11 Akamai NetSession Interface Akamai NetSession Interface Service aspi ATI Catalyst Install Manager Catalyst Control Center Core Implementation Catalyst Control Center Graphics Full Existing Catalyst Control Center Graphics Full New Catalyst Control Center Graphics Light Catalyst Control Center Graphics Previews Vista Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-core-static ccc-utility CCC Help English CCHelp CCleaner CCScore CM Scout Compatibility Pack for the 2007 Office system CoreAAC CR2 D3DX10 Do Not Track Me Add-on 2.2.9.515 Dropbox ESSAdpt ESSANUP ESSBrwr ESSCAM ESSCDBK ESScore ESSgui ESShelp ESSini ESSPCD ESSTUTOR ESSvpaht ESSvpot Exact Audio Copy 1.0beta3 F.lux FinePixViewer Resource FinePixViewer Ver.5.2 FUJIFILM USB Driver Google Chrome Google Toolbar for Internet Explorer Google Update Helper ImageMixer VCD2 LE for FinePix ImgBurn Internet TV for Windows Media Center Junk Mail filter update KeyScrambler Kodak EasyShare software KSU Malwarebytes Anti-Malware version 1.75.0.1300 McAfee Internet Security McAfee Virtual Technician Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft Games for Windows - LIVE Redistributable Microsoft Games for Windows Marketplace Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Excel MUI (English) 2007 Microsoft Office File Validation Add-In Microsoft Office Home and Student 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office PowerPoint Viewer 2007 (English) Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Suite Activation Assistant Microsoft Office Word MUI (English) 2007 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Works Microsoft_VC80_ATL_x86 Microsoft_VC80_CRT_x86 Microsoft_VC80_MFC_x86 Microsoft_VC80_MFCLOC_x86 Microsoft_VC90_ATL_x86 Microsoft_VC90_CRT_x86 Microsoft_VC90_MFC_x86 Microsoft_VC90_MFCLOC_x86 MP3 Rocket Mp3tag v2.56 MSVCRT MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) NETGEAR WNDA3100v2 wireless USB 2.0 adapter Notifier OGA Notifier 2.0.0048.0 OTtBP PCDLNCH PlayReady PC Runtime x86 QuickTime RadioSure RAW FILE CONVERTER LE Realtek Ethernet Controller Driver For Windows Vista and Later Realtek High Definition Audio Driver Samsung PC Studio Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576) Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393) Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628) Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2) Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition SFR SFR2 Shared C Run-time for x86 Skins Skype™ 6.1 Sony Ericsson Update Engine Sony PC Companion 2.10.079 Spotify Switch Sound File Converter swMSM Torrent Stream 2.0.4.1 UMPlayer 0.98 [Athlon] Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office OneNote 2007 Help (KB963670) Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) VLC media player 2.0.6 WavePad Sound Editor Win7z 1.10 Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Mail Windows Live Messenger Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live Sync Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Windows Media Center Add-in for Silverlight . ==== Event Viewer Messages From Past Week ======== . 22/08/2013 19:01:29, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: gotixvt 22/08/2013 18:59:38, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the McNASvc service. 22/08/2013 18:58:19, Error: Service Control Manager [7043] - The McAfee McShield service did not shut down properly after receiving a preshutdown control. 22/08/2013 18:57:55, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control. 22/08/2013 18:56:00, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Appinfo service. 22/08/2013 18:37:06, Error: Service Control Manager [7023] - 22/08/2013 15:06:43, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WinHttpAutoProxySvc service. 22/08/2013 15:06:43, Error: Service Control Manager [7000] - The WinHTTP Web Proxy Auto-Discovery Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 22/08/2013 00:21:49, Error: Service Control Manager [7038] - The upnphost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). 22/08/2013 00:21:49, Error: Service Control Manager [7000] - The UPnP Device Host service failed to start due to the following error: The service did not start due to a logon failure. 22/08/2013 00:21:49, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1069" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56} . ==== End Of File =========================== RogueKiller V8.6.6 [Aug 19 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.adlice.com/forum/ Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version Started in : Normal mode User : Andy [Admin rights] Mode : Scan -- Date : 08/22/2013 20:33:39 | ARK || FAK || MBR | ¤¤¤ Bad processes : 1 ¤¤¤ [ZeroAccess][sERVICE] ???etadpug -- "C:\Program Files\Google\Desktop\Install\{939719a2-2974-6a3d-d6ed-3760038c52ac}\ \...\???๛\{939719a2-2974-6a3d-d6ed-3760038c52ac}\GoogleUpdate.exe" < [x] -> STOPPED ¤¤¤ Registry Entries : 17 ¤¤¤ [RUN][ZeroAccess] HKCU\[...]\Run : Google Update ("C:\Users\Andy\AppData\Local\Google\Desktop\Install\{939719a2-2974-6a3d-d6ed-3760038c52ac}\???\???\???๛\{939719a2-2974-6a3d-d6ed-3760038c52ac}\GoogleUpdate.exe" >) -> FOUND [RUN][ZeroAccess] HKUS\S-1-5-21-2875714226-2004656313-3746281624-1000\[...]\Run : Google Update ("C:\Users\Andy\AppData\Local\Google\Desktop\Install\{939719a2-2974-6a3d-d6ed-3760038c52ac}\???\???\???๛\{939719a2-2974-6a3d-d6ed-3760038c52ac}\GoogleUpdate.exe" >) -> FOUND [sERVICE][ZeroAccess] HKLM\[...]\CCSet\[...]\Services : ???etadpug ("C:\Program Files\Google\Desktop\Install\{939719a2-2974-6a3d-d6ed-3760038c52ac}\ \...\???๛\{939719a2-2974-6a3d-d6ed-3760038c52ac}\GoogleUpdate.exe" < [x]) -> FOUND [sERVICE][ZeroAccess] HKLM\[...]\CS001\[...]\Services : ???etadpug ("C:\Program Files\Google\Desktop\Install\{939719a2-2974-6a3d-d6ed-3760038c52ac}\ \...\???๛\{939719a2-2974-6a3d-d6ed-3760038c52ac}\GoogleUpdate.exe" < [x]) -> FOUND [sERVICE][ZeroAccess] HKLM\[...]\CS002\[...]\Services : ???etadpug ("C:\Program Files\Google\Desktop\Install\{939719a2-2974-6a3d-d6ed-3760038c52ac}\ \...\???๛\{939719a2-2974-6a3d-d6ed-3760038c52ac}\GoogleUpdate.exe" < [x]) -> FOUND [HJ POL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND [HJ POL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND [HJ POL] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND [HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND [HJ SMENU] HKCU\[...]\Advanced : Start_TrackProgs (0) -> FOUND [HJ DESK] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND [HJ DESK] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND [HID SVC][Hidden from API] HKLM\[...]\CCSet\[...]\Services : . e () -> FOUND [HID SVC][Hidden from API] HKLM\[...]\CS001\[...]\Services : . e () -> FOUND [HID SVC][Hidden from API] HKLM\[...]\CS002\[...]\Services : . e () -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ [ZeroAccess][Folder] Install : C:\Users\Andy\AppData\Local\Google\Desktop\Install [-] --> FOUND [ZeroAccess][Folder] Install : C:\Program Files\Google\Desktop\Install [-] --> FOUND ¤¤¤ Driver : [LOADED] ¤¤¤ [Address] IRP[iRP_MJ_CREATE] : C:\Windows\System32\drivers\mountmgr.sys -> HOOKED ([Address] Unknown @ 0x8597D1F8) [Address] IRP[iRP_MJ_CLOSE] : C:\Windows\System32\drivers\mountmgr.sys -> HOOKED ([Address] Unknown @ 0x8597D1F8) [Address] IRP[iRP_MJ_DEVICE_CONTROL] : C:\Windows\System32\drivers\mountmgr.sys -> HOOKED ([Address] Unknown @ 0x8597D1F8) [Address] IRP[iRP_MJ_INTERNAL_DEVICE_CONTROL] : C:\Windows\System32\drivers\mountmgr.sys -> HOOKED ([Address] Unknown @ 0x8597D1F8) [Address] IRP[iRP_MJ_POWER] : C:\Windows\System32\drivers\mountmgr.sys -> HOOKED ([Address] Unknown @ 0x8597D1F8) [Address] IRP[iRP_MJ_SYSTEM_CONTROL] : C:\Windows\System32\drivers\mountmgr.sys -> HOOKED ([Address] Unknown @ 0x8597D1F8) [Address] IRP[iRP_MJ_PNP] : C:\Windows\System32\drivers\mountmgr.sys -> HOOKED ([Address] Unknown @ 0x8597D1F8) ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ZeroAccess ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD3200AAJS-22L7A0 ATA Device +++++ --- User --- [MBR] 675329d7ddc2fa498f3d904d0469e426 [bSP] 53a89e206afd0252b1ccc1010e599632 : Windows 7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 5500 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 11266048 | Size: 299743 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[0]_S_08222013_203339.txt >>
  10. asr878
    A quick scan using MBAM (free) found I have 2 Trojan.Zaccess registry infections & it can't remove them.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.