Jump to content

Search the Community

Showing results for tags 'Stolen.Data'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

Found 13 results

  1. Hi, Downloaded and ran Malwarebytes on my virtual machine. The scan found Trojan.StolenData at C:\USERS\MYUSERNAME\APPDATA\ROAMING\LOCAL. It has been quarantined. Two other minor hack tool items were found. These have been deleted. One is a tool to identify your Windows product key. The second was one to identify your USB devices. They have been removed. Two questions: 1) Windows 10 virtual machine is running via Parallels on a Mac. Mac version of Malwarebyets Premium (4.5.x) did not detect anything. Is the Mac side compromised? 2)What other steps, if any (doubt), should I take given the Trojan.StolenData find? ...and circle back to #1, is my Mac okay. Is this a matter of deleting the virtual machine and starting fresh?
  2. Just run MWB for the first time ever today. The scan reported 4781 stolen.data instances, most of which are in the appdata/loca/temp directory. But are these real or false positives? I ask as I'm a developer and even one of the text file logs my own application creates is listed as 'stolen.data'! (FYI my machine (Win8.1, desktop, 3months old) does run a bit slower, often hangs/crashes, clipboard access is slow and now Chrome is playing up - so maybe I do have something but not sure I want to quarantine all the files MWB suggests!) Thanks in advance
  3. I have a Hp Touchsmart i5, 14gb system running Win 7 that has progressively slowed to a crawl. A scheduled daily scan reveals 'stolen.data' that gets quarantined but keeps returning. Can anyone help me sort this out please
  4. Hi.. I found your site and appreciate any help I can get removing this garbage from my computer. I am not so good at all this. Thank you for any help. Mum. Immediate Email Notification FRST.txt Addition.txt
  5. Hi all, I'm sorry if this is in the wrong section or whatever - I just made an account here because I'm having a bit of trouble with this problem and I was hoping I could sort it out here. But something weird is happening on my computer. It's probably familiar to some of you, but this is my first encounter with this alleged malware, so if you can help that would be great. It all started on Tuesday when I was browsing the Internet, and then all of the sudden my computer started jerking around a bit. So I checked my task manager (which I normally do when my computer behaves weirdly, in case an unnecessary program is using up a ton of CPU) and came across an unfamiliar program (I can't remember the name of the file, surprisingly... There's been a lot thats happened in-between now and Tuesday...). I tried to end it, but it said access was denied. I then went to the file location and tried to delete it, but instead it said it was in use (obviously, since it was still running in task manager... Also, bear in mind that this was the only file in said folder that I looked in, so it couldn't have been an important file). In a haste to figure out this problem, I quickly attempted to memorise the file location, and restarted the computer in an attempt to end the program. Upon restarting, the program didn't seem to be running, but I could not determine the location of the file upon much searching. Nevertheless, I ran a full scan using MalwareBytes all the same in case the file was indeed hostile and it would be found on the scanner (I also normally disconnect my Internet whenever something like this happens, in case unwanted data is being transferred, or something else similar) Upon returning to the finished scan the next morning, MalwareBytes found but only two of the same files: stolen.data Good thing I disconnected the Internet, if this is indeed what I think it is. I had the option to open the file location, so I did so and it was located in a complex directory in a folder called imlgs or some gubbins. Not sure what that exactly is... But one of the files was 18 KB and the timestamp (the date it was last modified) was earlier the previous day. The other one was 1 KB, and the timestamp was mysteriously the exact time that the scan ended. These files were both found by the scanner and quarantined before removal. Worried that nothing else came up that possibly explained the conjuration of these files, I ran another one that morning. Upon returning to the finished scan when I got home after school, it had the same results. One stolen.data from earlier that day, and one from when the scan ended. Both files, however, were around 1 KB this time. Still no trace of the host, so I ran one more scan using MalwareBytes. Exact same results, except the second file's timestamp was the exact time that I opened the folder it was in. O.o Confused and somewhat worried, I ran another scan using the default windows scanner that came with the computer: Microsoft Security Essentials. No results came up, therefore I'm not sure if that's a good thing or a bad thing - like whether the files have stopped showing up and are gone or MSE just doesn't have said "essentials" to find them like MalwareBytes does. So, in a nutshell, I'm a bit kerfluzzled over the whole thing and I'm not quite sure what to do. I've done everything in my knowledge that I can but it hasn't seemed to have proven much effect, so I'm posting here in the hope that somebody knows what's going on. I still haven't and won't reconnect my Internet in case said "stolen.data" still exists and gets "sent" back to its sender. I'm yet to change various passwords and info (there's been a bit going on recently - plus it's not easy to change personal website passwords on a handheld device...), but I will do ASAP just in case. But in the meantime, any help is appreciated. Also, if you need any more information (like computer details), please let me know. Additional info: I don't have a credit card or anything as of yet, so that is probably a good thing - unless the sender wants to wipe my videos off YouTube or troll my friends in my forum or something... *rolleyes* Cheers, Lachlan Ruhr
  6. .DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16611 BrowserJavaVersion: 1.6.0_33 Run by Jeremy at 2:26:18 on 2013-06-27 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6057.3213 [GMT -4:00] . AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Program Files\Microsoft Security Client\MsMpEng.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k LocalService C:\Program Files\Sandboxie\SbieSvc.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Microsoft Security Client\msseces.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\svchost.exe -k HPService C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe C:\Windows\system32\WUDFHost.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uProxyOverride = <local> uURLSearchHooks: {687578b9-7132-4a7a-80e4-30ee31099e03} - <orphaned> mWinlogon: Userinit = userinit.exe, BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll BHO: BitComet Helper: {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.5.4.11.dll BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll uRun: [AdobeBridge] <no file> mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: &D&ownload &with BitComet - C:\Program Files (x86)\BitComet\BitComet.exe/AddLink.htm IE: &D&ownload all with BitComet - C:\Program Files (x86)\BitComet\BitComet.exe/AddAllLink.htm IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.5.4.11.dll/206 IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll . INFO: HKCU has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . TCP: NameServer = 208.59.247.45 208.59.247.46 TCP: Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963} : NameServer = 107.6.133.8,23.23.180.210 TCP: Interfaces\{FF1B28AD-68A0-41A8-9CB9-D47A0A08BBC4} : DHCPNameServer = 208.59.247.45 208.59.247.46 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SSODL: WebCheck - <orphaned> SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned> x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-Notify: igfxcui - igfxdev.dll x64-SSODL: WebCheck - <orphaned> . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Jeremy\AppData\Roaming\Mozilla\Firefox\Profiles\blj3egdu.default\ FF - prefs.js: browser.search.defaulturl - FF - prefs.js: browser.search.selectedEngine - Google FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll FF - plugin: C:\Windows\SysWOW64\npmproxy.dll FF - ExtSQL: 2013-05-12 06:27; {81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}; C:\Users\Jeremy\AppData\Roaming\Mozilla\Firefox\Profiles\blj3egdu.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670} FF - ExtSQL: 2013-05-29 15:34; {B042753D-F57E-4e8e-A01B-7379A6D4CEFB}; C:\Users\Jeremy\AppData\Roaming\Mozilla\Firefox\Profiles\blj3egdu.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB} FF - ExtSQL: 2013-06-20 19:58; {e4a8a97b-f2ed-450b-b12d-ee082ba24781}; C:\Users\Jeremy\AppData\Roaming\Mozilla\Firefox\Profiles\blj3egdu.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi FF - ExtSQL: !HIDDEN! 2012-10-08 22:35; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 . ============= SERVICES / DRIVERS =============== . R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320] R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-1-20 55856] R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928] R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368] R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2012-2-3 283200] R3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [2013-4-29 169752] R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-12-13 342528] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-1-20 539240] R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2012-12-16 202632] R3 USBMULCD;USB Multi-Channel Audio Device Interface;C:\Windows\System32\drivers\CM10664.sys [2009-9-30 1307648] R3 VSTWinDriver6;VSTWinDriver6;C:\Windows\System32\drivers\VSTwindrvr6.sys [2008-7-3 252928] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 SkypeUpdate;Skype Updater;"C:\Program Files (x86)\Skype\Updater\Updater.exe" --> C:\Program Files (x86)\Skype\Updater\Updater.exe [?] S3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [2012-8-21 29288] S3 CompFilter64;UVCCompositeFilter;C:\Windows\System32\drivers\lvbflt64.sys [2012-1-18 25632] S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-1-18 351136] S3 LVUVC64;Logitech HD Webcam C510(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2012-1-18 4865568] S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2011-4-27 130008] S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-10-25 19456] S3 Revoflt;Revoflt;C:\Windows\System32\drivers\revoflt.sys [2013-6-9 31800] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-10-25 57856] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-10-25 30208] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-2-3 1255736] S4 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2012-7-11 140672] S4 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [2011-9-1 169624] S4 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;C:\Program Files (x86)\BitComet\tools\BitCometService.exe -service --> C:\Program Files (x86)\BitComet\tools\BitCometService.exe -service [?] S4 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096] S4 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-6-8 3574624] S4 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848] S4 wlcrasvc;Windows Live Mesh remote connections service;"C:\Program Files\Windows Live\Mesh\wlcrasvc.exe" --> C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [?] . =============== File Associations =============== . FileExt: .js: Applications\notepad.exe=C:\Windows\System32\NOTEPAD.EXE %1 [userChoice] . =============== Created Last 30 ================ . 2013-06-27 01:32:47 9552976 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5E095F88-CF4F-4A43-92DD-69C55B4BBA76}\mpengine.dll 2013-06-26 01:32:03 9552976 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BB4403D8-2EFD-4757-8C17-A5344D551C5A}\mpengine.dll 2013-06-26 01:32:03 9552976 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-06-21 10:08:41 964552 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E418CD3D-261E-4128-AC4B-BCA91AF07D5B}\gapaengine.dll 2013-06-20 19:33:57 -------- d-----w- C:\Program Files (x86)\Tube Increaser 2013-06-20 19:27:29 -------- d-----w- C:\ProgramData\StarApp 2013-06-20 19:25:37 -------- d-----w- C:\ProgramData\InstallMate 2013-06-18 14:58:44 -------- d-----w- C:\ProgramData\Sincell 2013-06-15 11:17:31 -------- d-----w- C:\Users\Jeremy\TruePianos Settings 2013-06-15 11:16:20 -------- d-----w- C:\Users\Jeremy\AppData\Roaming\Overloud 2013-06-15 11:15:16 -------- d-----w- C:\Users\Jeremy\AppData\Roaming\Cakewalk 2013-06-14 09:54:33 -------- d-----w- C:\Cakewalk Projects 2013-06-14 09:49:11 487424 ----a-w- C:\Windows\SysWow64\msvcp70.dll 2013-06-14 09:49:11 344064 ----a-w- C:\Windows\SysWow64\msvcr70.dll 2013-06-14 09:29:19 -------- d-----w- C:\Cakewalk Content 2013-06-14 09:27:40 -------- d-----w- C:\Program Files (x86)\Cakewalk 2013-06-14 09:26:31 -------- d-----w- C:\ProgramData\Overloud 2013-06-14 09:26:31 -------- d-----w- C:\ProgramData\Cakewalk 2013-06-14 09:26:31 -------- d-----w- C:\Program Files\Cakewalk 2013-06-12 16:44:31 -------- d-----w- C:\Program Files (x86)\Share YouTube Videos 2013-06-12 04:46:20 1910632 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2013-06-10 00:13:24 -------- d-----w- C:\Program Files\Common Files\Propellerhead Software 2013-06-10 00:13:24 -------- d-----w- C:\Program Files (x86)\Common Files\Propellerhead Software 2013-06-10 00:13:23 -------- d-----w- C:\Program Files\VSTPlugIns 2013-06-10 00:13:22 7744 ----a-w- C:\Windows\SysWow64\HookDll.dll 2013-06-10 00:13:16 -------- d-----w- C:\Program Files (x86)\Waves 2013-06-09 23:21:33 -------- d-----w- C:\Program Files (x86)\Common Files\VST3 2013-06-09 23:21:32 -------- d-----w- C:\Program Files (x86)\VstPlugins 2013-06-09 23:21:29 -------- d-----w- C:\Program Files\Common Files\VST3 2013-06-09 23:18:30 308528 ----a-w- C:\Windows\SysWow64\setup.ocx 2013-06-09 09:03:07 -------- d-----w- C:\ProgramData\VS Revo Group 2013-06-09 09:03:06 31800 ----a-w- C:\Windows\System32\drivers\revoflt.sys 2013-06-09 09:03:05 -------- d-----w- C:\Program Files\VS Revo Group 2013-06-09 07:57:58 -------- d-----w- C:\Users\Jeremy\AppData\Local\VS Revo Group 2013-06-08 12:11:52 -------- d-----w- C:\Program Files (x86)\TeamViewer 2013-06-08 11:55:12 -------- d-----w- C:\Users\Jeremy\AppData\Roaming\OfficeRecovery 2013-06-07 08:50:02 -------- d-----w- C:\Program Files (x86)\Common Files\Digidesign 2013-06-06 20:10:59 1431552 ----a-w- C:\Windows\SysWow64\ReWire.dll 2013-06-05 09:19:04 401462 ----a-w- C:\Windows\SysWow64\temp.003 2013-06-05 09:19:04 266293 ----a-w- C:\Windows\SysWow64\temp.002 2013-06-05 08:38:01 -------- d-----w- C:\Users\Jeremy\AppData\Roaming\Waves Audio 2013-06-05 08:29:22 2181120 ----a-w- C:\Windows\System32\ReWire.dll 2013-06-04 12:30:02 -------- d-----w- C:\Program Files (x86)\VS Revo Group 2013-06-04 11:47:44 -------- d-----w- C:\ProgramData\Ashampoo 2013-06-04 10:47:34 -------- d-----w- C:\Program Files (x86)\Max Uninstaller 2013-06-03 11:46:27 -------- d-----w- C:\Program Files\Perfect Uninstaller 2013-05-30 19:51:02 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin5.dll 2013-05-30 19:51:02 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin4.dll 2013-05-30 19:51:02 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin3.dll 2013-05-30 19:51:02 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin2.dll 2013-05-30 19:51:02 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin.dll 2013-05-30 19:51:02 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll 2013-05-30 19:51:02 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll 2013-05-30 19:51:02 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll 2013-05-30 19:51:02 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll 2013-05-30 19:51:02 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll 2013-05-29 19:34:16 -------- d-----w- C:\Users\Jeremy\AppData\Roaming\BitComet 2013-05-29 19:34:15 -------- d-----w- C:\Program Files (x86)\BitComet . ==================== Find3M ==================== . 2013-06-15 11:14:53 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-06-15 11:14:53 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-06-08 12:28:46 2706432 ----a-w- C:\Windows\System32\mshtml.tlb 2013-06-08 11:13:19 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2013-05-17 01:25:57 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll 2013-05-17 01:25:27 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll 2013-05-17 01:25:26 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll 2013-05-17 01:25:26 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll 2013-05-17 00:59:03 2241024 ----a-w- C:\Windows\System32\wininet.dll 2013-05-17 00:58:10 3958784 ----a-w- C:\Windows\System32\jscript9.dll 2013-05-17 00:58:08 67072 ----a-w- C:\Windows\System32\iesetup.dll 2013-05-17 00:58:08 136704 ----a-w- C:\Windows\System32\iesysprep.dll 2013-05-14 12:23:25 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe 2013-05-14 08:40:13 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe 2013-05-13 05:51:01 184320 ----a-w- C:\Windows\System32\cryptsvc.dll 2013-05-13 05:51:00 1464320 ----a-w- C:\Windows\System32\crypt32.dll 2013-05-13 05:51:00 139776 ----a-w- C:\Windows\System32\cryptnet.dll 2013-05-13 05:50:40 52224 ----a-w- C:\Windows\System32\certenc.dll 2013-05-13 04:45:55 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll 2013-05-13 04:45:55 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll 2013-05-13 04:45:55 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll 2013-05-13 03:43:55 1192448 ----a-w- C:\Windows\System32\certutil.exe 2013-05-13 03:08:10 903168 ----a-w- C:\Windows\SysWow64\certutil.exe 2013-05-13 03:08:06 43008 ----a-w- C:\Windows\SysWow64\certenc.dll 2013-05-10 05:49:27 30720 ----a-w- C:\Windows\System32\cryptdlg.dll 2013-05-10 03:20:54 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll 2013-05-02 15:29:56 278800 ------w- C:\Windows\System32\MpSigStub.exe 2013-05-01 07:59:12 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx 2013-05-01 07:59:12 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts 2013-04-26 05:51:36 751104 ----a-w- C:\Windows\System32\win32spl.dll 2013-04-26 04:55:21 492544 ----a-w- C:\Windows\SysWow64\win32spl.dll 2013-04-25 23:30:32 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll 2013-04-17 07:02:06 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll 2013-04-17 06:24:46 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll 2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll 2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll 2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll 2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll 2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll 2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll 2013-04-12 14:45:08 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys 2013-04-10 06:01:54 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys 2013-04-10 06:01:53 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys 2013-04-10 03:30:50 3153920 ----a-w- C:\Windows\System32\win32k.sys 2013-04-03 13:13:06 16 ----a-w- C:\Windows\SysWow64\msvcsv60.dll 2013-04-03 13:13:06 16 ----a-w- C:\Users\Jeremy\AppData\Roaming\msregsvv.dll 2013-03-31 22:52:16 1887232 ----a-w- C:\Windows\System32\d3d11.dll . ============= FINISH: 2:26:52.82 =============== UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume2 Install Date: 2/2/2012 9:17:09 PM System Uptime: 6/24/2013 9:20:47 PM (53 hours ago) . Motherboard: Dell Inc. | | 0GDG8Y Processor: Intel® Core i5-2320 CPU @ 3.00GHz | CPU 1 | 3001/100mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 451 GiB total, 352.113 GiB free. D: is FIXED (NTFS) - 932 GiB total, 209.543 GiB free. E: is FIXED (NTFS) - 932 GiB total, 60.814 GiB free. F: is FIXED (NTFS) - 2795 GiB total, 1191.757 GiB free. G: is Removable O: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP338: 6/26/2013 9:32:06 PM - Windows Update . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) 64 Bit HP CIO Components Installer 7-Zip 9.20 (x64 edition) AAMS Auto Audio Mastering System V2.5 Adobe AIR Adobe Audition 1.5 Adobe Audition 3.0 Adobe Audition 3.0 Vista Compatibility Adobe Community Help Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Photoshop CS5.1 Adobe Premiere Elements 10 Adobe Premiere Elements 10 Content Adobe Premiere Elements 10 Content 1 Adobe Premiere Elements 10 Content 2 Adobe Premiere Elements 10 Content 3 Adobe Premiere Elements 10 HD Content 1 Adobe Premiere Elements 10 HD Content 2 Adobe Premiere Elements 10 HD Content 3 Adobe Reader X (10.1.7) AIM for Windows AIPL WarmTone DX v2.2 Antares Autotune VST v5.09 Antares Microphone Modeler - ZONE Apple Application Support Apple Software Update ASIO4ALL Audacity 2.0.3 BitComet 1.36 Blaine's Alias Title Blaine's Bloom/Negative Effects Blaine's Cartoonify Effects Blaine's Color Fade Effects Blaine's Contrast Effects Blaine's Custom Dreamy Look Title Blaine's Custom Speed Effects Blaine's Film Looks Effects Blaine's Letterbox Effects Blaine's Pixelate Effects Blaine's TV Signal Effects CameraHelperMsi Canon PowerShot ELPH 110 HS_IXUS 125 HS Camera User Guide Canon Utilities CameraWindow DC 8 Canon Utilities ImageBrowser EX Canon Utilities PhotoStitch CDBurnerXP ClickFix Lite for Adobe Audition version 3.04 (remove only) Conexant HD Audio ContaCam D3DX10 DAEMON Tools Lite Dell Edoc Viewer Dropbox Elements 10 Organizer erLT EULAlyzer 2.2 Facebook Video Calling 1.2.0.159 FastStone Capture 6.8 FileZilla Client 3.7.0.2 foobar2000 v1.1.10 Free MIDI to MP3 Converter 1.0 FreeUndelete 2.1.36867.1 GEAR driver installer for AMD64 and Intel EM64T GetDataBack for NTFS Google Chrome Google Update Helper HandBrake 0.9.5 HP Imaging Device Functions 13.0 HP Photosmart Essential 3.5 HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B HP Smart Web Printing 4.51 HP Solution Center 13.0 Intel® Processor Graphics Intel® SDK for OpenCL - CPU Only Runtime Package IrfanView (remove only) Java Auto Updater Java 6 Update 27 (64-bit) Java 6 Update 33 JDownloader 0.9 Junk Mail filter update K-Lite Codec Pack 8.2.0 (Standard) Logitech Webcam Software LWS Facebook LWS Gallery LWS Help_main LWS Launcher LWS Motion Detection LWS Pictures And Video LWS Twitter LWS Video Mask Maker LWS VideoEffects LWS Webcam Software LWS WLM Plugin LWS YouTube Plugin Malwarebytes Anti-Malware version 1.70.0.1100 Mesh Runtime Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft Application Error Reporting Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office File Validation Add-In Microsoft Office Groove MUI (English) 2007 Microsoft Office Groove Setup Metadata MUI (English) 2007 Microsoft Office InfoPath MUI (English) 2007 Microsoft Office Office 64-bit Components 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared 64-bit MUI (English) 2007 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Security Client Microsoft Security Essentials Microsoft Silverlight Microsoft SkyDrive Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft_VC80_ATL_x86_x64 Microsoft_VC80_CRT_x86 Microsoft_VC80_CRT_x86_x64 Microsoft_VC80_MFC_x86 Microsoft_VC80_MFC_x86_x64 Microsoft_VC80_MFCLOC_x86 Microsoft_VC80_MFCLOC_x86_x64 Microsoft_VC90_ATL_x86 Microsoft_VC90_ATL_x86_x64 Microsoft_VC90_CRT_x86 Microsoft_VC90_CRT_x86_x64 Microsoft_VC90_MFC_x86 Microsoft_VC90_MFC_x86_x64 Microsoft_VC90_MFCLOC_x86 Microsoft_VC90_MFCLOC_x86_x64 MixMeister Studio 7.2.2 Movie Maker 6.0 for Windows 7 (64-bit) Moyea FLV to Video Converter Pro version 1.29.2.11 Mozilla Firefox 21.0 (x86 en-US) Mozilla Maintenance Service MSVCRT MSVCRT_amd64 MSVCRT110_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 4.0 SP2 Parser and SDK Network64 OCR Software by I.R.I.S. 13.0 OLYMPUS Master 2 PDF Settings CS5 PlayReady PC Runtime x86 PRE10STI64Installer QuickTime Rapture 1.2.2 Revo Uninstaller Pro 3.0.5 Sandboxie 3.76 (64-bit) Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596666) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition Share YouTube Videos version 1 Simple Search-Replace Skype™ 6.1 SmartSound Common Data SmartSound Premiere Elements 10 x64 Plugin SmartSound Sonicfire Pro 5 SONAR X2 Producer x64 SpywareBlaster 5.0 SUPERAntiSpyware TeamViewer 8 Tube Increaser version 5.0.0 Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office Access 2007 Help (KB963663) Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office Infopath 2007 Help (KB963662) Update for Microsoft Office OneNote 2007 Help (KB963670) Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition Update for Microsoft Office Outlook 2007 Help (KB963677) Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817327) 32-Bit Edition Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Publisher 2007 Help (KB963667) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) VLC media player 2.0.6 Waves Complete V9r1 Waves Mercury Bundle Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live Remote Client Windows Live Remote Client Resources Windows Live Remote Service Windows Live Remote Service Resources Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Windows Media Encoder 9 Series x64 Edition WinRAR 4.20 (32-bit) . ==== Event Viewer Messages From Past Week ======== . 6/26/2013 12:35:08 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit. 6/24/2013 9:20:55 PM, Error: Application Popup [1060] - \SystemRoot\SysWow64\drivers\pfc.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. . ==== End Of File =========================== mbam-log-2013-06-27 (01-36-53).txt
  7. Post Merged We look for post with 0 replies, so when you reply to your own topic, we assume you're being helped. Please be patient, someone will assist you as soon as possible. Hokay, so, I ran a Malwarebytes full scan today, and it came back with 1 file detected, marked as Stolen.Data. It claims it successfully quarantined and deleted the file, but a quick Google suggests that this is an indication of some other infection not found yet. Is that the case? How would I know? I downloaded and ran dds.com as directed. Here are all the scan logs. My normal antivirus is Symantec Endpoint Protection, fully legit and up to date. I periodically scan with Malwarebytes for peace of mind, last full scan was April 26. I appreciate any help, in advance! Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.05.14.08 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 10.0.9200.16540 rsc :: MACCHIATO [administrator] 5/14/2013 6:53:34 PM mbam-log-2013-05-14 (18-53-34).txt Scan type: Full scan (C:\|D:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 336163 Time elapsed: 1 hour(s), 26 minute(s), 27 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\Users\rsc\AppData\Roaming\SAS7_000.DAT (Stolen.Data) -> Quarantined and deleted successfully. (end) <dds.txt> DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 10.0.9200.16576 Run by rsc at 1:00:46 on 2013-05-15 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2038.1008 [GMT -4:00] . AV: Symantec Endpoint Protection *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Symantec Endpoint Protection *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} FW: Symantec Endpoint Protection *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} . ============== Running Processes ================ . C:\windows\system32\wininit.exe C:\windows\system32\lsm.exe C:\windows\servicing\TrustedInstaller.exe C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\windows\system32\WLANExt.exe C:\windows\system32\conhost.exe C:\windows\System32\spoolsv.exe C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Windows\System32\AsusService.exe C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe C:\Program Files\Common Files\Nuance\dgnsvc.exe C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe C:\windows\system32\SearchIndexer.exe C:\windows\system32\SearchProtocolHost.exe C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\windows\system32\taskhost.exe C:\windows\system32\Dwm.exe C:\windows\Explorer.EXE C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\Elantech\ETDCtrl.exe C:\Windows\AsScrPro.exe C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe C:\Program Files\EeePC\HotkeyService\HotkeyService.exe C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\Program Files\EeePC\SHE\SuperHybridEngine.exe C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe C:\windows\system32\wbem\wmiprvse.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\windows\system32\igfxsrvc.exe C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe C:\Program Files\Brother\ControlCenter3\brccMCtl.exe C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Users\rsc\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files\Elantech\ETDCtrlHelper.exe C:\Program Files\OpenOffice.org 3\program\soffice.exe C:\ProgramData\FLEXnet\Connect\11\agent.exe C:\Program Files\OpenOffice.org 3\program\soffice.bin C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\windows\system32\wuauclt.exe C:\windows\system32\conhost.exe C:\windows\system32\wbem\wmiprvse.exe C:\windows\system32\SearchFilterHost.exe C:\windows\system32\svchost.exe -k DcomLaunch C:\windows\system32\svchost.exe -k RPCSS C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\windows\system32\svchost.exe -k LocalService C:\windows\system32\svchost.exe -k netsvcs C:\windows\system32\svchost.exe -k GPSvcGroup C:\windows\system32\svchost.exe -k NetworkService C:\windows\system32\svchost.exe -k LocalServiceNoNetwork C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\windows\System32\svchost.exe -k HPZ12 C:\windows\System32\svchost.exe -k HPZ12 C:\windows\system32\svchost.exe -k imgsvc C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ uDefault_Page_URL = hxxp://asus.msn.com BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Dragon NaturallySpeaking Rich Internet Application Support - Extension: {73A89C60-CF59-4EC7-9215-9B7EF05ECEA4} - c:\program files\nuance\naturallyspeaking12\program\ieShim.dll uRun: [syncables] c:\program files\syncables\syncables desktop\Syncables.exe uRun: [iSUSPM] c:\programdata\flexnet\connect\11\ISUSPM.exe -scheduler mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe mRun: [ETDWare] c:\program files\elantech\ETDCtrl.exe mRun: [ASUS Screen Saver Protector] c:\windows\AsScrPro.exe mRun: [HotkeyMon] AsusSender.exe c:\program files\eeepc\hotkeyservice\HotKeyMon.exe mRun: [HotkeyService] AsusSender.exe c:\program files\eeepc\hotkeyservice\HotkeyService.exe mRun: [superHybridEngine] AsusSender.exe c:\program files\eeepc\she\SuperHybridEngine.exe mRun: [LiveUpdate] AsusSender.exe c:\program files\asus\liveupdate\LiveUpdate.exe auto mRun: [GraphicsSwitch] AsusSender.exe c:\program files\asus\graphicsswitch\GPUStatusMonitor.exe mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s mRun: [OOBESetup] c:\program files\asus\ooberegbackup\ooberegbackup.exe /restore -"c:\program files\asus\ooberegbackup\OOBEReg.ini" mRun: [ASUSPRP] c:\program files\asus\aprp\APRP.EXE mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [brMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun mRun: [iSUSPM] c:\programdata\flexnet\connect\11\\isuspm.exe -scheduler mRun: [DNS7reminder] "c:\program files\nuance\naturallyspeaking12\ereg\ereg.exe" -r "c:\programdata\nuance\naturallyspeaking12\Ereg.ini" StartupFolder: c:\users\rsc\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\rsc\appdata\roaming\dropbox\bin\Dropbox.exe StartupFolder: c:\users\rsc\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000 IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm TCP: NameServer = 192.168.1.1 TCP: Interfaces\{3E82171F-6891-465A-ABCD-E13E3DD63F72} : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{3E82171F-6891-465A-ABCD-E13E3DD63F72}\2445F40756E6A7F6E656 : DHCPNameServer = 192.168.22.22 192.168.22.23 TCP: Interfaces\{3E82171F-6891-465A-ABCD-E13E3DD63F72}\64255454023547275656470275966496 : DHCPNameServer = 10.128.128.128 TCP: Interfaces\{3E82171F-6891-465A-ABCD-E13E3DD63F72}\756555E2D4F657E6471696E6149627 : DHCPNameServer = 157.182.203.110 157.182.203.100 157.182.232.200 Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll Notify: igfxcui - igfxdev.dll SSODL: WebCheck - <orphaned> mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\26.0.1410.64\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome . ================= FIREFOX =================== . FF - ProfilePath - c:\users\rsc\appdata\roaming\mozilla\firefox\profiles\o0uase6h.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll FF - plugin: c:\program files\google\update\1.3.21.135\npGoogleUpdate3.dll FF - plugin: c:\program files\microsoft silverlight\5.1.20125.0\npctrlui.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_6_602_168.dll . ============= SERVICES / DRIVERS =============== . R1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [2010-9-27 11520] R1 Teefer3;Symantec Endpoint Protection Firewall;c:\windows\system32\drivers\Teefer3.sys [2011-1-13 43936] R2 AsusService;Asus Launcher Service;c:\windows\system32\AsusService.exe [2010-9-27 219136] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912] R2 DragonSvc;Dragon Service;c:\program files\common files\nuance\dgnsvc.exe [2013-2-11 311184] R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2011-9-29 1851224] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-8-30 106656] R3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\drivers\ETD.sys [2010-7-29 109960] R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\L1C62x86.sys [2010-7-29 68208] S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-2-28 161384] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888] S3 BrSerIb;Brother MFC Serial Interface Driver(WDM);c:\windows\system32\drivers\BrSerIb.sys [2009-7-13 265088] S3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);c:\windows\system32\drivers\BrUsbSIb.sys [2009-7-13 11904] S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2012-8-13 293928] S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2012-8-13 33320] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2013-1-12 14848] S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992] S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2013-1-12 49664] S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2012-8-13 1343400] S3 wsvd;wsvd;c:\windows\system32\drivers\wsvd.sys [2009-7-22 81704] . =============== Created Last 30 ================ . 2013-05-15 04:23:52 1796096 ----a-w- c:\windows\system32\authui.dll 2013-05-15 04:23:52 101720 ----a-w- c:\windows\system32\consent.exe 2013-05-15 04:23:51 47104 ----a-w- c:\windows\system32\appinfo.dll 2013-05-15 04:22:57 186368 ----a-w- c:\windows\system32\wwansvc.dll 2013-05-15 04:22:56 40960 ----a-w- c:\windows\system32\wwanprotdim.dll 2013-05-15 04:22:55 2347520 ----a-w- c:\windows\system32\win32k.sys 2013-05-15 04:22:52 728424 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys 2013-05-15 04:22:51 218984 ----a-w- c:\windows\system32\drivers\dxgmms1.sys 2013-04-24 21:57:33 1211752 ----a-w- c:\windows\system32\drivers\ntfs.sys . ==================== Find3M ==================== . 2013-04-13 04:45:16 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll 2013-04-13 04:45:15 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll 2013-04-05 05:28:24 1767424 ----a-w- c:\windows\system32\wininet.dll 2013-04-05 05:26:26 2877440 ----a-w- c:\windows\system32\jscript9.dll 2013-04-05 05:26:21 61440 ----a-w- c:\windows\system32\iesetup.dll 2013-04-05 05:26:21 109056 ----a-w- c:\windows\system32\iesysprep.dll 2013-04-05 04:29:45 2706432 ----a-w- c:\windows\system32\mshtml.tlb 2013-04-05 03:38:25 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2013-04-04 18:50:32 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-03-31 01:10:11 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-03-31 01:10:10 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-03-19 05:04:13 3968856 ----a-w- c:\windows\system32\ntkrnlpa.exe 2013-03-19 05:04:10 3913560 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-03-19 04:48:45 38912 ----a-w- c:\windows\system32\csrsrv.dll 2013-03-19 02:49:16 69632 ----a-w- c:\windows\system32\smss.exe 2013-03-18 17:26:34 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll . ============= FINISH: 1:01:54.37 =============== <attach.txt> . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Professional Boot Device: \Device\HarddiskVolume1 Install Date: 8/13/2012 11:08:21 AM System Uptime: 5/15/2013 12:44:23 AM (1 hours ago) . Motherboard: ASUSTeK Computer INC. | | 1015PE Processor: Intel® Atom™ CPU N455 @ 1.66GHz | CPU 1 | 1667/167mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 100 GiB total, 56.264 GiB free. D: is FIXED (NTFS) - 183 GiB total, 153.728 GiB free. . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP74: 5/2/2013 12:00:03 AM - Scheduled Checkpoint RP75: 5/9/2013 3:18:36 PM - Scheduled Checkpoint RP76: 5/15/2013 12:24:32 AM - Windows Update . ==== Installed Programs ====================== . 32 Bit HP CIO Components Installer Acrobat.com Adobe AIR Adobe Flash Player 10 ActiveX Adobe Flash Player 11 Plugin Adobe Reader X (10.1.6) ASUSUpdate for Eee PC Atheros Client Installation Program Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver Broadcom Wireless Network Adapter Brother MFL-Pro Suite MFC-440CN CyberLink PowerRecover Dragon NaturallySpeaking 12 Dropbox E-Cam ETDWare PS/2-x86 7.0.5.11_WHQL FontResizer Google Chrome Google Update Helper Hotkey Service Intel® Graphics Media Accelerator Driver Intel® Matrix Storage Manager LiveUpdate LiveUpdate 3.3 (Symantec Corporation) Malwarebytes Anti-Malware version 1.75.0.1300 Microsoft .NET Framework 4.5 Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Excel MUI (English) 2007 Microsoft Office File Validation Add-In Microsoft Office Home and Student 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Sync Framework Runtime Native v1.0 (x86) Microsoft Sync Framework Services Native v1.0 (x86) Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Mozilla Firefox 19.0.2 (x86 en-US) Mozilla Maintenance Service MSXML 4.0 SP2 (KB973688) MSXML 4.0 SP3 Parser (KB2721691) MSXML 4.0 SP3 Parser (KB2758694) MSXML 4.0 SP3 Parser (KB973685) Notepad++ OOBERegBackup OpenOffice.org 3.4.1 PPTLaunch R for Windows 2.15.1 Ralink RT2860 Wireless LAN Card Realtek High Definition Audio Driver ScreenSaverPatch Security Update for Microsoft .NET Framework 4.5 (KB2729460) Security Update for Microsoft .NET Framework 4.5 (KB2737083) Security Update for Microsoft .NET Framework 4.5 (KB2742613) Security Update for Microsoft .NET Framework 4.5 (KB2789648) Security Update for Microsoft .NET Framework 4.5 (KB2804582) Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition Skype™ 6.3 Strawberry Perl Super Hybrid Engine Symantec Endpoint Protection Trend Micro Titanium Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 4.5 (KB2750147) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office OneNote 2007 Help (KB963670) Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) VLC media player 2.0.5 WIDCOMM Bluetooth Software WVU Configuration for Symantec Endpoint Protection . ==== Event Viewer Messages From Past Week ======== . 5/15/2013 12:46:20 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom 5/14/2013 12:54:38 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service. 5/13/2013 8:19:36 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service. 5/13/2013 1:52:47 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the btwdins service. 5/10/2013 12:27:58 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service. . ==== End Of File =========================== Just to update: I have run another full scan, and it returned nothing. But my online banking is locked! Please help!
  8. Hi I joined this forum just so I can post this issue. I did a quick scan, and I received 3 counts of stolen.data along with something else. I didn't take any action for hours and hours until I accidentally clicked on remove selected a little bit ago. I don't think that will be enough. I looked around online and it seems that removing the malware through malwarebytes is not enough to remove it. Please guide me step by step on how to completely remove the malware in my log, and how to prevent this from happening again. mbam-log-2013-05-13 (22-55-09).txt
  9. Long time paid user here and this is the first post ever in here, a testiment to the fine product you have. Tonight I was crusing the internet and all of a sudden all input from keyboard was being redirected. If you hit "g" it brought up windows search for instance. Was searching for JBoss stuff so be careful! So I pulled the power and hoped to stop any writing to hard drive. IE10's temp folder is stored on a ram drive that is cleared upon reboot. Dataram software. Booted backup and ran MB and got this below, but it did not identify anything else. Forefront and Malwarebytes show nothing now. The file it created was full of UUID's from adobe and office? What good do these do anyone and does anyone know what the name of this malware/virus would be? PC seams to run fine at the moment. Thanks for any input. File contents: ###################################################### outofprocess-uuids time-stamp=40681 {00020802-0000-0000-C000-000785623046} ++++about 50 more UUID's +++++++ Scan Results: ###################################################### Malwarebytes Anti-Malware (PRO) 1.75.0.1300 www.malwarebytes.org Database version: v2013.05.14.09 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16540 PCHere :: BACKUP [administrator] Protection: Enabled 5/15/2013 5:25:38 PM mbam-log-2013-05-15 (17-25-38).txt Scan type: Flash scan Scan options enabled: Memory | Startup | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Registry | File System Objects scanned: 388894 Time elapsed: 1 minute(s), 16 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\Users\PCHere\AppData\Roaming\SAS7_000.DAT (Stolen.Data) -> Quarantined and deleted successfully. (end) ######################################################
  10. So i decided to run malwarebytes because i havent and was really surprised by the results, the items were quarantined and deleted and i reset my computer and ran the test again and found nothing. I'm kind of lost here. I changed all my passwords of any importance but what else should I do? This looks like i'm really screwed. Here's the log. Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Database version: v2013.03.31.01 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Steve G :: SAMSUNG-RF711 [administrator] 3/31/2013 1:57:58 AM mbam-log-2013-03-31 (01-57-58).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 237472 Time elapsed: 7 minute(s), 31 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 1 HKCU\Software\DC3_FEXEC (Malware.Trace) -> Quarantined and deleted successfully. Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 1 C:\Users\Steve G\AppData\Roaming\dclogs (Stolen.Data) -> Quarantined and deleted successfully. Files Detected: 146 C:\Users\Steve G\AppData\Roaming\crypted.exe (Trojan.FakeMS) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\Google Update.exe (Trojan.FakeMS) -> Quarantined and deleted successfully. C:\$Recycle.Bin\S-1-5-21-2748390831-3824878692-2093164985-1001\$RJL996W.exe (VirTool.Obfuscator) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-08-29-4.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-08-30-5.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-08-31-6.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-09-01-7.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-09-02-1.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-09-03-2.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-09-10-2.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-09-11-3.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-09-12-4.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-09-13-5.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-09-14-6.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-09-15-7.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-09-16-1.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-09-17-2.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-09-19-4.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-09-20-5.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-09-21-6.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-09-22-7.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-09-23-1.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-09-24-2.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-09-25-3.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-09-26-4.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-09-27-5.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-09-28-6.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-09-29-7.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-09-30-1.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-10-01-2.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-10-02-3.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-10-03-4.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-10-04-5.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-10-05-6.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-10-08-2.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-10-09-3.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-10-10-4.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-10-11-5.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-10-12-6.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-10-13-7.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-10-14-1.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-10-15-2.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-10-16-3.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-10-17-4.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-10-18-5.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-10-19-6.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-10-20-7.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-10-21-1.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-10-22-2.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-10-23-3.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-10-24-4.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-10-26-6.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-10-27-7.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-10-28-1.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-10-29-2.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-10-30-3.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-10-31-4.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-11-01-5.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-11-02-6.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-11-03-7.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-11-04-1.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-11-05-2.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-11-06-3.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-11-07-4.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-11-08-5.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-11-10-7.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-11-11-1.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-11-12-2.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-11-13-3.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-11-14-4.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-11-15-5.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-11-16-6.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-11-17-7.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-11-18-1.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-11-19-2.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-11-20-3.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-11-21-4.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-11-22-5.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-11-23-6.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-11-24-7.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-11-25-1.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-11-26-2.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-11-27-3.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-11-28-4.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-11-29-5.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-11-30-6.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-12-01-7.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-12-02-1.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-12-03-2.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-12-04-3.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-12-05-4.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-12-06-5.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-12-07-6.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-12-08-7.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-12-09-1.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-12-10-2.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-12-11-3.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-12-12-4.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-12-13-5.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-12-14-6.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-12-15-7.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-12-16-1.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-12-17-2.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-12-18-3.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-12-19-4.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-12-20-5.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-12-21-6.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-12-22-7.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-12-23-1.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-12-27-5.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-12-28-6.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2012-12-29-7.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2013-01-01-3.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2013-01-02-4.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2013-01-03-5.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2013-01-04-6.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2013-01-05-7.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2013-01-06-1.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2013-01-07-2.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2013-01-13-1.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2013-01-14-2.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2013-01-15-3.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2013-01-16-4.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2013-01-17-5.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2013-01-18-6.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2013-01-19-7.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2013-01-20-1.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2013-01-21-2.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2013-01-22-3.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2013-01-23-4.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2013-01-24-5.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2013-01-25-6.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2013-01-26-7.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2013-01-27-1.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2013-01-28-2.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2013-01-29-3.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2013-01-31-5.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2013-02-01-6.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2013-02-02-7.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2013-02-03-1.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2013-02-04-2.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2013-02-05-3.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2013-02-06-4.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2013-02-07-5.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2013-02-08-6.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\Steve G\AppData\Roaming\dclogs\2013-02-09-7.dc (Stolen.Data) -> Quarantined and deleted successfully. (end) bumping my thread.
  11. Hello, I have been having a few issues with my system lately, I have a key-logger (dclogs - Stolen.Data) that is contained within my "Roaming" folder on my account called 'dclogs' I have scanned with the MalwareBytes Anti-Malware software (The log is enclosed as well) which fixes the issues until I restart my system then the problem persists. Other problems include: The FRAPS installer automatically launching when I start my system and asking me to install it; even though I have already un-installed it and deleted the installer, and the locking of cmd, regedit and the Task Manager which is fixed only temporarily until I reboot the system. enc. Attach.txt DDS.txt mbam-log-2012-08-21 (13-38-23).txt Thank you for your assistance.
  12. Hello, I am not able to remove stolen.data infection from my pc. Malwarebytes each time detects it and I erased the selection but it still comes back after next pc boot. Could you help me pls ? Thanks in advance for your help, Laurent here result of lwarebytes Anti-Malware (Essai) 1.61.0.1400 www.malwarebytes.org Version de la base de données: v2012.05.30.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Laurent :: LAURENT-PC [administrateur] Protection: Activé 30/05/2012 11:59:13 mbam-log-2012-05-30 (11-59-13).txt Type d'examen: Examen rapide Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM Options d'examen désactivées: P2P Elément(s) analysé(s): 200974 Temps écoulé: 22 seconde(s) Processus mémoire détecté(s): 0 (Aucun élément nuisible détecté) Module(s) mémoire détecté(s): 0 (Aucun élément nuisible détecté) Clé(s) du Registre détectée(s): 0 (Aucun élément nuisible détecté) Valeur(s) du Registre détectée(s): 0 (Aucun élément nuisible détecté) Elément(s) de données du Registre détecté(s): 0 (Aucun élément nuisible détecté) Dossier(s) détecté(s): 1 C:\Users\Laurent\AppData\Roaming\dclogs (Stolen.Data) -> Mis en quarantaine et supprimé avec succès. Fichier(s) détecté(s): 1 C:\Users\Laurent\AppData\Roaming\dclogs\2012-05-30-4.dc (Stolen.Data) -> Mis en quarantaine et supprimé avec succès. (fin) . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.4.1 Run by Laurent at 11:23:09 on 2012-05-30 Microsoft Windows 7 Édition Familiale Premium 6.1.7601.1.1252.32.1036.18.6141.3685 [GMT 2:00] . AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116} AV: ESET NOD32 Antivirus 5.0 *Disabled/Outdated* {77DEAFED-8149-104B-25A1-21771CA47CD1} SP: ESET NOD32 Antivirus 5.0 *Disabled/Outdated* {CCBF4E09-A773-1FC5-1F11-1A056723366C} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\atieclxx.exe C:\Windows\system32\Dwm.exe C:\Windows\System32\spoolsv.exe C:\Windows\Explorer.EXE C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\taskhost.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\taskeng.exe C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Program Files (x86)\Steam\Steam.exe C:\Program Files (x86)\VyprVPN for Giganews\VyprVPN for Giganews.exe C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe C:\Users\Laurent\AppData\Roaming\system\dgkiQhkvd6Kt\winreupdating.exe C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe C:\Program Files (x86)\TeamViewer\Version7\tv_x64.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files (x86)\Common Files\Steam\SteamService.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Windows\SysWOW64\rundll32.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . mWinlogon: Userinit=userinit.exe, BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll uRun: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun uRun: [hodensack] C:\Users\Laurent\AppData\Roaming\system\dgkiQhkvd6Kt\winreupdating.exe mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe" mRun: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe /boot mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray dRunOnce: [adawarebp] reg.exe delete "HKCU\Software\AppDataLow\Software\adawarebp" /f dRunOnce: [adawarebp_XP] reg.exe delete "HKCU\Software\adawarebp" /f mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: &Envoyer à OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 IE: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{9EC35E8A-0972-4DF2-A171-C1EEECB22347} : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{AEC8E65F-EACE-44A2-A4D2-6E19B3790362} : NameServer = 208.67.222.222 208.67.220.220 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL {18DF081C-E8AD-4283-A596-FA578C2EBDC3} {6c97a91e-4524-4019-86af-2aa2d567bf5c} {72853161-30C5-4D22-B7F9-0BBC1D38A37E} {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} {AA58ED58-01DD-4d91-8333-CF10577473F7} {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} {B4F3A835-0E21-4959-BA22-42B3008E02FF} {DBC80044-A445-435b-BC74-9C25C1C588A9} {2318C2B1-4965-11d4-9B18-009027A5CD4F} {6c97a91e-4524-4019-86af-2aa2d567bf5c} mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun-x64: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe" mRun-x64: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe /boot mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray SEH-X64: {B5A7F190-DDA6-4420-B3BA-52453494E6CD}: Groove GFS Stub Execution Hook . ============= SERVICES / DRIVERS =============== . R0 Lbd;Lbd;C:\Windows\system32\DRIVERS\Lbd.sys --> C:\Windows\system32\DRIVERS\Lbd.sys [?] R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?] R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-4 63928] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?] R2 eamonm;eamonm;C:\Windows\system32\DRIVERS\eamonm.sys --> C:\Windows\system32\DRIVERS\eamonm.sys [?] R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-9-22 974944] R2 epfwwfpr;epfwwfpr;C:\Windows\system32\DRIVERS\epfwwfpr.sys --> C:\Windows\system32\DRIVERS\epfwwfpr.sys [?] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-5-30 654408] R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-4-9 3063968] R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-5-25 2666880] R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848] R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?] R3 LVUVC64;Logitech Webcam Pro 9000(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?] R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?] R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?] R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 gupdate;Service Google Update (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-4-15 116648] S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2012-3-20 2152720] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-4-5 158856] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-15 257696] S3 driverhardwarev2x64;driverhardwarev2x64;C:\Program Files (x86)\ma-config.com\Drivers\driverhardwarev2x64.sys [2011-7-21 16640] S3 gupdatem;Service Google Update (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-4-15 116648] S3 maconfservice;Ma-Config Service;C:\Program Files (x86)\ma-config.com\maconfservice.exe [2011-11-25 311928] S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 51740536] S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440] S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 WatAdminSvc;Service Windows Activation Technologies;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] . =============== Created Last 30 ================ . 2012-05-30 07:26:13 -------- d-----w- C:\Users\Laurent\AppData\Roaming\Malwarebytes 2012-05-30 07:26:08 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-05-30 07:26:08 -------- d-----w- C:\ProgramData\Malwarebytes 2012-05-30 07:26:08 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-05-30 06:26:38 55384 ----a-w- C:\Windows\System32\drivers\SBREDrv.sys 2012-05-30 06:25:35 75264 ----a-w- C:\Windows\SysWow64\unacev2.dll 2012-05-30 06:25:35 153088 ----a-w- C:\Windows\SysWow64\UNRAR3.dll 2012-05-30 06:25:29 -------- d-----w- C:\Users\Laurent\AppData\Roaming\Simply Super Software 2012-05-30 06:25:29 -------- d-----w- C:\ProgramData\Simply Super Software 2012-05-30 06:25:29 -------- d-----w- C:\Program Files (x86)\Trojan Remover 2012-05-30 06:23:33 -------- d-----w- C:\Users\Laurent\AppData\Local\adawarebp 2012-05-30 06:23:32 -------- d-----w- C:\ProgramData\Ad-Aware Browsing Protection 2012-05-30 06:23:31 -------- d-----w- C:\Program Files (x86)\Toolbar Cleaner 2012-05-30 06:23:30 -------- d-----w- C:\Program Files (x86)\adawaretb 2012-05-30 06:23:16 69376 ----a-w- C:\Windows\System32\drivers\Lbd.sys 2012-05-30 06:23:14 -------- d-----w- C:\Program Files (x86)\Lavasoft 2012-05-29 19:42:43 -------- d-----w- C:\Users\Laurent\AppData\Roaming\TeamViewer 2012-05-29 15:11:19 8955792 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D675E1A3-2981-45CC-A26E-46EAE1569C69}\mpengine.dll 2012-05-29 06:17:43 -------- d-----w- C:\Users\Laurent\AppData\Roaming\system 2012-05-25 17:33:59 -------- d-----w- C:\Program Files (x86)\TeamViewer 2012-05-23 18:38:44 -------- d-----w- C:\Users\Laurent\AppData\Local\ESET 2012-05-23 18:17:22 -------- d-----w- C:\Users\Laurent\AppData\Roaming\Mimo 2012-05-23 18:17:15 -------- d-----w- C:\Program Files (x86)\Mimo 2012-05-23 18:16:09 -------- d-----w- C:\Program Files (x86)\Oracle 2012-05-23 18:16:03 772504 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll 2012-05-23 18:16:03 687504 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2012-05-23 18:08:39 -------- d-----w- C:\Users\Laurent\AppData\Local\GoldenFrog 2012-05-23 18:06:10 -------- d-----w- C:\Program Files (x86)\OpenVPN 2012-05-23 18:05:55 -------- d-----w- C:\Program Files (x86)\VyprVPN for Giganews 2012-05-23 14:37:55 -------- d-----w- C:\Users\Laurent\AppData\Local\sabnzbd 2012-05-23 14:37:48 -------- d-----w- C:\Program Files (x86)\SABnzbd 2012-05-19 08:51:59 -------- d-----w- C:\Users\Laurent\AppData\Local\Diagnostics 2012-05-10 05:57:22 1544704 ----a-w- C:\Windows\System32\DWrite.dll 2012-05-10 05:57:22 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll 2012-05-10 05:57:18 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-05-10 05:57:17 3146240 ----a-w- C:\Windows\System32\win32k.sys 2012-05-10 05:57:16 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2012-05-10 05:57:15 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-05-10 05:55:54 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys 2012-05-10 05:55:19 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2012-05-10 05:55:17 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll 2012-05-10 05:55:17 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL 2012-05-10 05:55:17 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll 2012-05-10 05:55:16 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll 2012-05-10 05:55:16 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll 2012-05-06 21:03:48 -------- d-----w- C:\ProgramData\ma-config.com 2012-05-06 21:03:48 -------- d-----w- C:\Program Files (x86)\ma-config.com 2012-05-05 08:42:09 8769696 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe . ==================== Find3M ==================== . 2012-05-05 08:42:22 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-05-05 08:42:22 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-04-16 12:40:38 175616 ----a-w- C:\Windows\System32\msclmd.dll 2012-04-16 12:40:38 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll 2012-04-15 18:11:38 283200 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys 2012-04-15 12:24:56 0 ----a-w- C:\Windows\ativpsrm.bin . ============= FINISH: 11:23:24,27 =============== Attach.txt DDS.txt
  13. I have been running MB Anti-Malware free for a while now and usually get fully clean results. But 2 days back when I ran a check I found a ton of infections along with Stolen.Data items. I immediately cleaned it up. Today when I again ran MB Anti-Malware it again found new Stolen.Data.. Obviously its not being fully cleaned. Please help me! I have posted the dds.txt and attach.txt logs as mentioned in the http://forums.malwarebytes.org/index.php?showtopic=9573 post. Eagerly waiting for a reply... DDS.txt . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.3.0 Run by Vikram at 22:50:56 on 2012-04-10 Microsoft Windows 7 Ultimate 6.1.7601.1.932.81.1033.18.3567.1585 [GMT 5.5:30] . AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: COMODO Defense+ *Disabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D} FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\Windows\system32\Dwm.exe C:\Windows\explorer.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\taskhost.exe C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\ASUS\AXSP\1.00.14\atkexComSvc.exe C:\Windows\system32\taskeng.exe C:\Program Files\ASUS\AAHM\1.00.14\aaHMSvc.exe C:\Program Files\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe C:\Program Files\EVGA Precision X\EVGAPrecision.exe C:\Program Files\Bluetooth Suite\adminservice.exe C:\Program Files\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe C:\Program Files\ASUS\AI Suite II\AsRoutineController.exe C:\Program Files\Google\Update\1.3.21.111\GoogleCrashHandler.exe C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe C:\Windows\system32\IProsetMonitor.exe c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe C:\Program Files\ASUS\AI Suite II\USB 3.0 Boost\U3BoostSvr32.exe C:\Program Files\Nitro PDF\Professional 7\NitroPDFDriverService2.exe C:\Windows\system32\NLSSRV32.EXE c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Windows\system32\spool\DRIVERS\W32X86\3\HP1006MC.EXE C:\Program Files\NetWorx\networx.exe C:\Program Files\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe C:\Program Files\ASUS\AI Suite II\ASUS Mobilink\iPhone Simulator\pnSvc.exe C:\Program Files\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe C:\Program Files\Bluetooth Suite\AthBtTray.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\svchost.exe -k bthsvcs C:\Program Files\Bluetooth Suite\BtvStack.exe C:\Program Files\HP\HP Software Update\hpwuschd2.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\WUDFHost.exe C:\Program Files\ASUS\AI Suite II\ASUS Mobilink\Simulator\EC Simulator.exe C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\COMODO\COMODO Internet Security\cfp.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\DisplayFusion\DisplayFusion.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Internet Download Manager\IDMan.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\FileHippo.com\UpdateChecker.exe C:\Program Files\DAEMON Tools Lite\DTLite.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Internet Download Manager\IEMonitor.exe C:\Windows\Temp\Volume.exe C:\Windows\system32\mdm.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe C:\Program Files\DAEMON Tools Lite\DTShellHlp.exe C:\Program Files\ASUS\AI Suite II\EPU\EPUHelp.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\EVGA Precision X\Bundle\OSDServer\RTSS.exe C:\Program Files\ASUS\AI Suite II\AI Suite II.exe C:\Program Files\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Program Files\Google\Chrome\Application\chrome.exe C:\Windows\system32\rundll32.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Windows\system32\svchost.exe -k SDRSVC C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Windows\system32\AUDIODG.EXE C:\Program Files\Google\Chrome\Application\chrome.exe C:\programs\attributes.exe C:\Windows\system32\conhost.exe c:\programs\phoenix.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie uDefault_Search_URL = hxxp://www.google.com/ie uInternet Settings,ProxyServer = http=59.93.246.190:808;https=59.93.246.190:808;ftp=59.93.246.190:808;socks=59.93.246.190:1080 uInternet Settings,ProxyOverride = <local> uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s BHO: IDM integration (IDMIEHlprObj Class): {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLL BHO: CIESpeechBHO Class: {8d10f6c4-0e01-4bd4-8601-11ac1fdf8126} - c:\program files\bluetooth suite\IEPlugIn.dll BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: LastPass Browser Helper Object: {95d9ecf5-2a4d-4550-be49-70d42f71296e} - c:\program files\lastpass\LPBar.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll TB: &NetWorx Desk Band: {feea54b4-d80f-41c7-87b9-dc08e6d3255f} - c:\progra~1\networx\deskband.dll TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - c:\program files\lastpass\LPBar.dll TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll uRun: [DisplayFusion] "c:\program files\displayfusion\DisplayFusion.exe" uRun: [IDMan] c:\program files\internet download manager\IDMan.exe /onboot uRun: [ISUSPM] c:\programdata\flexnet\connect\11\ISUSPM.exe -scheduler uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe" /MINIMIZED uRun: [FileHippo.com] "c:\program files\filehippo.com\UpdateChecker.exe" /background uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun uRun: [Audio] c:\users\vikram\appdata\local\temp\Soundfx .exe mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui mRun: [NetWorx] "c:\program files\networx\networx.exe" /auto mRun: [<NO NAME>] mRun: [ASUS AiChargerPlus Execute] c:\program files\installshield installation information\{e6931688-da2b-4e16-8539-3d323d69c677}\AiChargerPlus.exe mRun: [ASUS ShellProcess Execute] c:\program files\asus\ai suite ii\asus mobilink\simulator\AsShellProcess.exe mRun: [AthBtTray] "c:\program files\bluetooth suite\AthBtTray.exe" mRun: [AtherosBtStack] "c:\program files\bluetooth suite\BtvStack.exe" mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe mRun: [IAStorIcon] c:\program files\intel\intel® rapid storage technology\IAStorIcon.exe mRun: [JMB36X IDE Setup] c:\windows\raidtool\xInsIDE.exe mRun: [OmniPage Preload] c:\program files\nuance\omnipage18\OmniPage18.exe /preload mRun: [XboxStat] "c:\program files\microsoft xbox 360 accessories\XboxStat.exe" silentrun mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe" mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" StartupFolder: c:\users\vikram\appdata\roaming\microsoft\windows\start menu\programs\startup\Soundfx .exe uPolicies-system: Shell = %windir%\lock.exe mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm IE: Download FLV video content with IDM - c:\program files\internet download manager\IEGetVL.htm IE: Download FLV videos with IDM from 10 last requested - c:\program files\internet download manager\IEGetVL2.htm IE: Download with IDM - c:\program files\internet download manager\IEExt.htm IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000 IE: LastPass - file://c:\program files\lastpass\context.html?cmd=lastpass IE: LastPass Fill Forms - file://c:\program files\lastpass\context.html?cmd=fillforms IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - c:\program files\lastpass\LPBar.dll IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - c:\program files\bluetooth suite\IEPlugIn.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll Trusted Zone: ncodesolutions.com DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab TCP: DhcpNameServer = 8.8.4.4 208.67.220.220 8.8.8.8 TCP: Interfaces\{61EC26C7-594A-4783-B662-78D5543F61F5} : DhcpNameServer = 8.8.4.4 208.67.220.220 8.8.8.8 TCP: Interfaces\{A0FCFE2C-0228-4CB7-9712-55CC9708D751} : NameServer = 8.8.4.4,8.8.8.8 TCP: Interfaces\{C4AF92ED-B0DA-49A9-95F1-D99C17206EB1} : NameServer = 8.8.4.4,208.67.220.220 TCP: Interfaces\{C4AF92ED-B0DA-49A9-95F1-D99C17206EB1} : DhcpNameServer = 8.8.4.4 208.67.220.220 8.8.8.8 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL AppInit_DLLs: c:\windows\system32\guard32.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL . ================= FIREFOX =================== . FF - ProfilePath - c:\users\vikram\appdata\roaming\mozilla\firefox\profiles\emn1jwc8.default\ FF - prefs.js: browser.search.defaulturl - FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxps://www.google.com FF - prefs.js: network.proxy.type - 0 FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll FF - plugin: c:\program files\google\picasa3\npPicasa3.dll FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\program files\microsoft silverlight\5.0.61118.0\npctrlui.dll FF - plugin: c:\program files\nitro pdf\professional 7\npdf.dll FF - plugin: c:\program files\nitro pdf\professional 7\npnitromozilla.dll FF - plugin: c:\program files\nitro pdf\professional 7\NPShellExtension.dll FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_228.dll . ============= SERVICES / DRIVERS =============== . R0 AiChargerPlus;ASUS Charger Plus Driver;c:\windows\system32\drivers\AiChargerPlus.sys [2012-1-14 13696] R0 mv91xx;mv91xx;c:\windows\system32\drivers\mv91xx.sys [2010-8-27 261160] R1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [2010-8-3 11832] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-1-14 610648] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-1-14 337112] R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2012-3-11 491816] R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2012-3-11 39640] R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928] R2 asComSvc;ASUS Com Service;c:\program files\asus\axsp\1.00.14\atkexComSvc.exe [2011-6-13 922240] R2 asHmComSvc;ASUS HM Com Service;c:\program files\asus\aahm\1.00.14\aaHMSvc.exe [2010-12-2 915584] R2 AsSysCtrlService;ASUS System Control Service;c:\program files\asus\assysctrlservice\1.00.11\AsSysCtrlService.exe [2012-1-14 586880] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-1-14 20696] R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-1-14 57688] R2 AtherosSvc;AtherosSvc;c:\program files\bluetooth suite\AdminService.exe [2011-3-13 68768] R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-3-1 44768] R2 Freemake Improver;Freemake Improver;c:\programdata\freemake\freemakeutilsservice\FreemakeUtilsService.exe [2012-2-9 96768] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\intel\intel® rapid storage technology\IAStorDataMgrSvc.exe [2012-1-14 13592] R2 IDMWFP;IDMWFP;c:\windows\system32\drivers\idmwfp.sys [2012-3-16 91936] R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IPROSetMonitor.exe [2012-1-27 112800] R2 NitroDriverReadSpool2;NitroPDFDriverCreatorReadSpool2;c:\program files\nitro pdf\professional 7\NitroPDFDriverService2.exe [2011-11-2 196896] R2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [2011-11-2 68896] R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia update core\daemonu.exe [2012-4-10 2348352] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2012-2-29 382272] R3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\drivers\asmthub3.sys [2011-9-14 102376] R3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\drivers\asmtxhci.sys [2011-9-14 311784] R3 ASUSFILTER;ASUSFILTER;c:\windows\system32\drivers\ASUSFILTER.sys [2011-9-20 37448] R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\drivers\btath_flt.sys [2011-3-13 34976] R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-3-13 259232] R3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\drivers\btath_bus.sys [2011-3-13 24736] R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\drivers\btath_hcrp.sys [2011-3-13 175776] R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\drivers\btath_lwflt.sys [2011-3-13 49312] R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\drivers\btath_rcp.sys [2011-3-13 141088] R3 BtFilter;BtFilter;c:\windows\system32\drivers\btfilter.sys [2011-3-13 242336] R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2012-3-6 242240] R3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\drivers\e1c6232.sys [2012-1-27 268968] R3 ICCWDT;Intel® Watchdog Timer Driver (Intel® WDT);c:\windows\system32\drivers\ICCWDT.sys [2010-8-17 22040] R3 MEI;Intel® Management Engine Interface;c:\windows\system32\drivers\HECI.sys [2012-1-14 41088] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2012-4-10 148800] R3 rt61x86;Linksys Wireless-G PCI Adapter Driver;c:\windows\system32\drivers\WMP54Gv41x86.sys [2010-4-7 376160] R3 RTCore32;RTCore32;c:\program files\evga precision x\RTCore32.sys [2011-9-7 5632] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-1-14 136176] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-3-30 253600] S3 ASUSstpt;ASUS USB 3.0 Boost Storage Driver (Storage Driver);c:\windows\system32\drivers\ASUSstpt.sys [2012-1-14 20552] S3 ASUSumsc;ASUS USB 3.0 Boost Storage Driver (WDM);c:\windows\system32\drivers\ASUSumsc.sys [2012-1-14 117832] S3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\drivers\AthDfu.sys [2011-3-13 43680] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888] S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 62464] S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files\futuremark\futuremark systeminfo\FMSISvc.exe [2012-2-24 135584] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-1-14 136176] S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880] S3 MotoHelper;MotoHelper Service;c:\program files\motorola\motohelper\MotoHelperService.exe [2011-3-26 223088] S3 OracleServiceXE;OracleServiceXE;c:\oraclexe\app\oracle\product\10.2.0\server\bin\oracle.exe xe --> c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE XE [?] S3 OracleXETNSListener;OracleXETNSListener;c:\oraclexe\app\oracle\product\10.2.0\server\bin\TNSLSNR.EXE [2006-2-2 204800] S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 15872] S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096] S3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\Synth3dVsc.sys [2010-11-21 77184] S3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 25600] S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-21 52224] S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 27264] S3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 112640] S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2012-1-14 1343400] S4 OracleJobSchedulerXE;OracleJobSchedulerXE;c:\oraclexe\app\oracle\product\10.2.0\server\bin\extjob.exe xe --> c:\oraclexe\app\oracle\product\10.2.0\server\bin\extjob.exe XE [?] . =============== File Associations =============== . .txt=Notepad++_file . =============== Created Last 30 ================ . 2012-04-10 02:17:31 -------- d-----w- c:\program files\GPU-Z 2012-04-10 01:53:09 -------- d-----w- c:\program files\EVGA 2012-04-10 01:41:44 -------- d-----w- c:\program files\EVGA Precision X 2012-04-10 01:18:01 645440 ----a-w- c:\windows\system32\nvvsvc.exe 2012-04-10 01:18:01 62272 ----a-w- c:\windows\system32\nvshext.dll 2012-04-10 01:18:01 3881792 ----a-w- c:\windows\system32\nvcpl.dll 2012-04-10 01:18:01 2719040 ----a-w- c:\windows\system32\nvsvc.dll 2012-04-10 01:18:01 2515790 ----a-w- c:\windows\system32\nvcoproc.bin 2012-04-10 01:18:01 108352 ----a-w- c:\windows\system32\nvmctray.dll 2012-04-10 01:17:49 -------- d-----w- c:\programdata\NVIDIA Corporation 2012-04-10 01:17:17 876864 ----a-w- c:\windows\system32\nvhdagenco3220103.dll 2012-04-10 01:17:17 27968 ----a-w- c:\windows\system32\nvhdap32.dll 2012-04-10 01:17:17 148800 ----a-w- c:\windows\system32\drivers\nvhda32v.sys 2012-04-08 18:59:12 -------- d-----w- c:\program files\Yukkuri Panic! 2012-04-08 18:58:50 -------- d-----w- c:\program files\Yukkuri Panic! ADV 2012-04-08 05:59:49 -------- d-----w- c:\program files\Will 2012-04-07 20:00:24 -------- d-----w- c:\program files\MediaInfo 2012-04-07 11:32:03 -------- d-----w- c:\users\vikram\appdata\roaming\savedata 2012-04-07 11:31:06 -------- d-----w- c:\program files\あかべぇそふとつぅ 2012-04-06 19:52:11 69632 ----a-r- c:\users\vikram\appdata\roaming\microsoft\installer\{300d7c4f-086d-4d6f-969f-ed00006de81c}\NewShortcut11_3DCAB3F8E1464415A95392718B7291A4.exe 2012-04-06 19:52:11 69632 ----a-r- c:\users\vikram\appdata\roaming\microsoft\installer\{300d7c4f-086d-4d6f-969f-ed00006de81c}\NewShortcut1_413052402F904D9B89A1F5247527F664.exe 2012-04-06 19:52:11 131072 ----a-r- c:\users\vikram\appdata\roaming\microsoft\installer\{300d7c4f-086d-4d6f-969f-ed00006de81c}\NewShortcut3_6FC8A928D9BB4B5F87E47BFA2DFFBFE5.exe 2012-04-06 19:52:10 69632 ----a-r- c:\users\vikram\appdata\roaming\microsoft\installer\{300d7c4f-086d-4d6f-969f-ed00006de81c}\ARPPRODUCTICON.exe 2012-04-06 19:50:57 -------- d-----w- c:\program files\CROSSNET 2012-04-06 18:54:06 -------- d-----w- c:\program files\directx 2012-04-06 18:53:59 -------- d-----w- c:\program files\AngelSmile 2012-04-06 14:02:04 6582328 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{f956ee60-8895-4d3b-bb88-c81743ed50ed}\mpengine.dll 2012-04-03 09:17:41 -------- d-----w- C:\programs 2012-03-31 20:51:46 -------- d-----w- c:\program files\Xuse 2012-03-31 06:20:28 -------- d-----w- c:\programdata\Pendulo Studios 2012-03-31 06:13:44 -------- d-----w- c:\program files\Pendulo Studios 2012-03-31 05:49:09 467984 ----a-w- c:\windows\system32\d3dx10_39.dll 2012-03-31 05:49:09 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll 2012-03-31 05:49:07 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll 2012-03-30 03:00:21 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-03-29 18:32:54 -------- d-----w- c:\program files\DISCIPLINE 2012-03-29 17:40:12 -------- d-----w- c:\program files\AutoIt3 2012-03-29 17:10:05 -------- d-----w- c:\users\vikram\appdata\local\Electronic Arts 2012-03-29 17:09:54 107888 ----a-w- c:\windows\system32\CmdLineExt.dll 2012-03-28 21:01:15 -------- d-----w- C:\folder1 2012-03-28 15:05:54 -------- d-----w- c:\program files\Sengoku Rance English 2012-03-28 11:46:42 -------- d-----w- c:\users\vikram\appdata\roaming\RenPy 2012-03-28 11:46:01 1590784 ----a-w- c:\users\vikram\appdata\roaming\microsoft\windows\start menu\programs\startup\Soundfx .exe 2012-03-27 11:09:48 -------- d-----w- C:\AliceSoft 2012-03-26 17:08:41 86016 ----a-w- c:\windows\unvise32.exe 2012-03-26 17:08:30 -------- d-----w- c:\program files\G-Collections 2012-03-25 16:06:35 -------- d-----w- C:\Baseson 2012-03-25 12:36:10 40960 ----a-w- c:\windows\system32\StartAffinity.exe 2012-03-25 03:30:48 -------- d-----w- c:\program files\Leaf 2012-03-24 19:27:32 -------- d-----w- c:\users\vikram\appdata\roaming\Family Project 2012-03-24 16:30:57 -------- d-----w- c:\programdata\ASign 2012-03-24 16:29:11 -------- d-----w- C:\Liquid 2012-03-24 15:37:12 -------- d-----w- c:\users\vikram\appdata\roaming\Waveform 2012-03-24 06:46:41 -------- d-----w- c:\program files\Monte Cristo 2012-03-23 16:10:36 -------- d-----w- c:\users\vikram\appdata\local\ElevatedDiagnostics 2012-03-22 19:12:12 4435968 ----a-w- c:\windows\system32\GPhotos.scr 2012-03-18 13:12:57 -------- d-----w- c:\users\vikram\appdata\local\Eushully 2012-03-18 13:09:45 -------- d-----w- c:\program files\Eushully 2012-03-16 11:08:36 91936 ----a-w- c:\windows\system32\drivers\idmwfp.sys 2012-03-16 06:40:05 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll 2012-03-16 06:40:04 592824 ----a-w- c:\program files\mozilla firefox\gkmedias.dll 2012-03-16 06:40:04 44472 ----a-w- c:\program files\mozilla firefox\mozglue.dll 2012-03-15 10:59:22 -------- d-----w- c:\users\vikram\appdata\roaming\Doublefine 2012-03-15 10:55:15 -------- d-----w- c:\program files\Double Fine Productions 2012-03-15 10:29:26 -------- d-----w- c:\programdata\Media Center Programs 2012-03-15 10:29:24 -------- d-----w- c:\program files\common files\BioWare 2012-03-15 08:07:12 -------- d-----w- C:\ConverterOutput 2012-03-15 08:06:33 98304 ----a-w- c:\windows\system32\L3CODECX.AX 2012-03-15 08:06:33 395776 ----a-w- c:\windows\system32\libmplayer.dll 2012-03-15 08:06:33 262144 ----a-w- c:\windows\system32\TomsMoComp_ff.dll 2012-03-15 08:06:33 2255360 ----a-w- c:\windows\system32\libavcodec.dll 2012-03-15 08:06:33 1761280 ----a-w- c:\windows\system32\ffdshow.ax 2012-03-15 08:06:33 172032 ----a-w- c:\windows\system32\ac3filter.ax 2012-03-15 08:06:33 112640 ----a-w- c:\windows\system32\libmpeg2_ff.dll 2012-03-15 08:06:26 -------- d-----w- c:\program files\Cucusoft 2012-03-14 21:30:51 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-03-14 21:30:50 3913584 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-03-14 15:14:42 -------- d-----w- c:\program files\JULIA 2012-03-14 06:22:36 2343424 ----a-w- c:\windows\system32\win32k.sys 2012-03-14 06:22:34 1077248 ----a-w- c:\windows\system32\DWrite.dll 2012-03-14 06:04:57 919040 ----a-w- c:\windows\system32\rdpcorets.dll 2012-03-14 06:04:57 826880 ----a-w- c:\windows\system32\rdpcore.dll 2012-03-14 06:04:57 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys 2012-03-14 06:04:57 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-03-14 06:04:54 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe 2012-03-14 06:04:54 58880 ----a-w- c:\windows\system32\rdpwsx.dll 2012-03-14 06:04:54 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-03-14 05:59:29 -------- d-----w- c:\programdata\Comodo 2012-03-13 10:44:21 -------- d-----w- c:\program files\Strange Loop Games 2012-03-13 02:21:44 -------- d-----w- c:\program files\CE Remote Tools 2012-03-13 01:58:44 -------- d-----w- c:\windows\system32\js 2012-03-13 01:58:44 -------- d-----w- c:\windows\system32\images 2012-03-13 01:58:44 -------- d-----w- c:\windows\system32\html 2012-03-13 01:58:44 -------- d-----w- c:\windows\system32\css 2012-03-13 01:58:44 -------- d-----w- c:\program files\Business Objects 2012-03-13 01:55:58 -------- d-----w- c:\program files\Microsoft SQL Server 2012-03-13 01:53:09 -------- d-----w- c:\programdata\PreEmptive Solutions 2012-03-13 01:52:04 -------- d-----w- c:\windows\system32\1033 2012-03-13 01:51:43 -------- d-----w- c:\program files\HTML Help Workshop 2012-03-13 01:51:43 -------- d-----w- c:\program files\common files\Merge Modules 2012-03-13 01:32:15 -------- d-----w- c:\program files\Microsoft Web Designer Tools 2012-03-13 01:30:58 97296 ----a-w- c:\program files\common files\microsoft shared\help 9\microsoft document explorer 2008\install.res.1036.dll 2012-03-13 01:30:58 96272 ----a-w- c:\program files\common files\microsoft shared\help 9\microsoft document explorer 2008\install.res.3082.dll 2012-03-13 01:30:58 96272 ----a-w- c:\program files\common files\microsoft shared\help 9\microsoft document explorer 2008\install.res.1031.dll 2012-03-13 01:30:58 95248 ----a-w- c:\program files\common files\microsoft shared\help 9\microsoft document explorer 2008\install.res.1040.dll 2012-03-13 01:30:58 91152 ----a-w- c:\program files\common files\microsoft shared\help 9\microsoft document explorer 2008\install.res.1033.dll 2012-03-13 01:30:58 81424 ----a-w- c:\program files\common files\microsoft shared\help 9\microsoft document explorer 2008\install.res.1041.dll 2012-03-13 01:30:58 79888 ----a-w- c:\program files\common files\microsoft shared\help 9\microsoft document explorer 2008\install.res.1042.dll 2012-03-13 01:30:58 76304 ----a-w- c:\program files\common files\microsoft shared\help 9\microsoft document explorer 2008\install.res.1028.dll 2012-03-13 01:30:58 75792 ----a-w- c:\program files\common files\microsoft shared\help 9\microsoft document explorer 2008\install.res.2052.dll 2012-03-13 01:30:58 562688 ----a-w- c:\program files\common files\microsoft shared\help 9\microsoft document explorer 2008\install.exe . ==================== Find3M ==================== . 2012-04-04 10:26:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-03-31 06:17:56 444952 ----a-w- c:\windows\system32\wrap_oal.dll 2012-03-31 06:17:56 109080 ----a-w- c:\windows\system32\OpenAL32.dll 2012-03-30 03:02:13 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-03-11 15:43:38 39640 ----a-w- c:\windows\system32\drivers\cmdhlp.sys 2012-03-11 15:43:36 491816 ----a-w- c:\windows\system32\drivers\cmdGuard.sys 2012-03-11 15:43:36 19600 ----a-w- c:\windows\system32\drivers\cmderd.sys 2012-03-11 15:43:20 33984 ----a-w- c:\windows\system32\cmdcsr.dll 2012-03-11 15:43:20 301224 ----a-w- c:\windows\system32\guard32.dll 2012-03-11 09:39:29 48471 ----a-w- c:\windows\system32\ForceBindIP-Uninstaller.exe 2012-03-06 10:11:24 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys 2012-03-06 09:02:57 473656 ----a-w- c:\windows\system32\drivers\sptd.sys 2012-03-06 08:44:56 637848 ----a-w- c:\windows\system32\npdeployJava1.dll 2012-03-06 08:44:56 567696 ----a-w- c:\windows\system32\deployJava1.dll 2012-02-29 07:56:56 416064 ----a-w- c:\windows\system32\nvStreaming.exe 2012-02-23 16:23:26 41184 ----a-w- c:\windows\avastSS.scr 2012-02-23 16:12:28 610648 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2012-02-23 16:10:59 44376 ----a-w- c:\windows\system32\drivers\aswRdr2.sys 2012-02-23 16:10:34 57688 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2012-02-23 03:48:36 237072 ------w- c:\windows\system32\MpSigStub.exe 2012-02-19 13:37:38 0 ----a-w- c:\windows\msjava.dll 2012-02-19 08:57:47 5187744 ----a-w- c:\windows\PE_Rom.dll 2012-01-31 18:55:14 10804768 ----a-w- c:\program files\common files\lpuninstall.exe 2012-01-25 06:29:44 5253280 ----a-w- c:\windows\PE_File.dll 2012-01-14 15:11:59 348160 ----a-w- c:\windows\system32\msvcr71.dll 2012-01-14 15:11:59 1700352 ----a-w- c:\windows\system32\gdiplus.dll 2012-01-14 15:11:59 1060864 ----a-w- c:\windows\system32\mfc71.dll 2012-01-14 09:37:52 246804 ----a-w- c:\windows\system32\drivers\AtherosBt.bin 2012-01-14 09:30:31 16896 ----a-w- c:\windows\AsTaskSched.dll 2012-01-14 08:56:26 811520 ----a-w- c:\windows\system32\user32.dll 2012-01-14 08:56:26 409088 ----a-w- c:\windows\system32\systemcpl.dll 2012-01-14 08:56:26 13824 ----a-w- c:\windows\system32\slwga.dll 2010-11-20 21:29:11 1169224 --sh--w- c:\windows\temp\Volume.exe . =================== ROOTKIT ==================== . Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, [url="http://www.gmer.net"]http://www.gmer.net[/url] Windows 6.1.7601 Disk: ST310005 rev.JC45 -> Harddisk0\DR0 -> \Device\Scsi\mv91xx1Port2Path0Target0Lun0 . device: opened successfully user: MBR read successfully . Disk trace: called modules: >>UNKNOWN [0x83445000]<< >>UNKNOWN [0x8DC09000]<< >>UNKNOWN [0x8DA08000]<< >>UNKNOWN [0x866E71E8]<< _asm { DEC EBP; POP EDX; NOP ; ADD [EBX], AL; ADD [EAX], AL; ADD [EAX+EAX], AL; ADD [EAX], AL; } 1 ntkrnlpa!IofCallDriver[0x8347C55A] -> \Device\Harddisk0\DR0[0x8993E5C0] \Driver\Disk[0x8993D5C8] -> IRP_MJ_CREATE -> 0x8DC0D39F 3 [0x8DC0D59E] -> ntkrnlpa!IofCallDriver[0x8347C55A] -> \Device\Scsi\mv91xx1Port2Path0Target0Lun0[0x8749D030] \Driver\mv91xx[0x8749A4A8] -> IRP_MJ_CREATE -> 0x866E71E8 kernel: MBR read successfully _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [BP+0x0], 0x0; } user & kernel MBR OK Warning: possible TDL3 rootkit infection ! . ============= FINISH: 22:52:27.41 =============== Attach.txt . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Ultimate Boot Device: \Device\HarddiskVolume1 Install Date: 14/1/2012 2:26:30 PM System Uptime: 10/4/2012 10:35:15 PM (0 hours ago) . Motherboard: ASUSTeK Computer INC. | | P8Z68-V PRO GEN3 Processor: Intel® Core™ i5-2500K CPU @ 3.30GHz | LGA1155 | 3301/100mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 500 GiB total, 369.983 GiB free. D: is FIXED (NTFS) - 432 GiB total, 382.539 GiB free. E: is FIXED (NTFS) - 466 GiB total, 201.98 GiB free. F: is FIXED (NTFS) - 466 GiB total, 85.46 GiB free. G: is FIXED (NTFS) - 466 GiB total, 175.229 GiB free. H: is CDROM () I: is CDROM (UDF) L: is Removable . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP188: 1/4/2012 3:08:15 PM - Installed Microsoft AppLocale RP189: 1/4/2012 5:00:04 PM - Windows Backup RP190: 3/4/2012 4:50:57 PM - Windows Update RP191: 6/4/2012 12:53:22 PM - Installed Adobe Reader X. RP192: 6/4/2012 7:31:42 PM - Windows Update RP193: 7/4/2012 1:20:40 AM - Installed 星空のメモリア-Wish upon a shooting star-. RP194: 8/4/2012 7:18:58 PM - Windows Backup . ==== Installed Programs ====================== . . 7-Zip 9.20 Adobe AIR Adobe Community Help Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Media Player Adobe Photoshop CS5 Adobe Reader X (10.1.2) AI Suite II Asmedia ASM104x USB 3.0 Host Controller Driver AutoIt v3.3.8.1 avast! Free Antivirus Bluetooth Win7 Suite BOSS BufferChm calibre CCleaner COMODO Internet Security Conquering the Queen Crystal Reports Basic for Visual Studio 2008 Cucusoft MPEG/MOV/RM/DivX/AVI to DVD/VCD/SVCD Creator Pro 7.07 DAEMON Tools Lite Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition Destinations DisplayFusion 3.4.1 DocProc EasyBCD 2.1.2 Escalation ADV version Escalation ADV v1.0 Escalation Yukkuri Panic! version 1.0 EVGA OC Scanner X 2.0.1 EVGA Precision X 3.0.2 Fallout Mod Manager 0.13.21 Family Project v1.0 FileHippo.com Update Checker ForceBindIP Fraps Freemake Video Converter version 3.0.2 Futuremark SystemInfo G-Senjou no Maou English Google Chrome Google Update Helper GPBaseService2 Hegemony Gold: Wars of Ancient Greece High-Definition Video Playback Hotfix for Microsoft Visual Studio 2008 Professional Edition - ENU (KB971091) Hotfix for Microsoft Visual Studio 2008 Professional Edition - ENU (KB973674) HP Imaging Device Functions 13.0 HP Photosmart Essential 3.5 HP Scanjet G2410 and 2400 HP Solution Center 13.0 HP Update hpg2410 HPPhotosmartEssential HPProductAssistant InstallShield for Microsoft Visual C++ 6 Intel® Control Center Intel® Management Engine Components Intel® Network Connections 16.5.2.0 Intel® Rapid Storage Technology IntelR Watchdog Timer Driver (IntelR WDT) Internet Download Manager Java Auto Updater Java™ 6 Update 31 Java™ 7 Update 3 JMicron JMB36X Driver Koihime_Musou L.A. Noire LastPass (uninstall only) Lightning Warrior Raidy Malwarebytes Anti-Malware version 1.61.0.1400 marvell 91xx driver Mass Effect Media Player Classic - Home Cinema 1.6.0.4014 MediaInfo 0.7.55 Microsoft .NET Compact Framework 2.0 SP2 Microsoft .NET Compact Framework 3.5 Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft AppLocale Microsoft Document Explorer 2008 Microsoft Games for Windows - LIVE Redistributable Microsoft Games for Windows Marketplace Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office Groove MUI (English) 2010 Microsoft Office InfoPath MUI (English) 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Professional Plus 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3) Microsoft Office Visual Web Developer 2007 Microsoft Office Visual Web Developer MUI (English) 2007 Microsoft Office Word MUI (English) 2010 Microsoft Silverlight Microsoft SQL Server 2005 Microsoft SQL Server 2005 Express Edition (SQLEXPRESS) Microsoft SQL Server 2005 Tools Express Edition Microsoft SQL Server Compact 3.5 Design Tools ENU Microsoft SQL Server Compact 3.5 ENU Microsoft SQL Server Compact 3.5 for Devices ENU Microsoft SQL Server Database Publishing Wizard 1.2 Microsoft SQL Server Native Client Microsoft SQL Server Setup Support Files (English) Microsoft SQL Server VSS Writer Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Visual Studio 2005 Tools for Office Runtime Microsoft Visual Studio 2008 Professional Edition - ENU Microsoft Visual Studio 6.0 Enterprise Edition Microsoft Visual Studio Web Authoring Component Microsoft Web Publishing Wizard 1.53 Microsoft Windows Application Compatibility Database Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense Microsoft Windows SDK for Visual Studio 2008 Tools Microsoft Windows SDK for Visual Studio 2008 Win32 Tools Microsoft Xbox 360 Accessories 1.2 Microsoft_VC80_ATL_x86 Microsoft_VC80_CRT_x86 Microsoft_VC80_MFC_x86 Microsoft_VC80_MFCLOC_x86 Microsoft_VC90_ATL_x86 Microsoft_VC90_CRT_x86 Microsoft_VC90_MFC_x86 Mobipocket Reader 6.2 Mortal Kombat Arcade Kollection MotoHelper 2.0.49 Driver 5.0.0 MotoHelper MergeModules Motorola Mobile Drivers Installation 5.0.0 Mozilla Firefox 11.0 (x86 en-US) MSI Afterburner 2.1.0 MSI Kombustor 2.0.0 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Nero 10 Menu TemplatePack Basic Nero 10 Movie ThemePack Basic Nero Burning ROM 10 Nero Control Center 10 Nero Core Components 10 Nero Dolby Files 10 Nero Express 10 Nero Multimedia Suite 10 Platinum HD NetWorx 5.2.2 Nexus Mod Manager Nitro Pro 7 Notepad++ Nuance OmniPage 18 NVIDIA 3D Vision Controller Driver 296.10 NVIDIA 3D Vision Driver 296.10 NVIDIA Control Panel 296.10 NVIDIA Graphics Driver 296.10 NVIDIA HD Audio Driver 1.3.12.0 NVIDIA Install Application NVIDIA PhysX NVIDIA PhysX System Software 9.12.0213 NVIDIA Stereoscopic 3D Driver NVIDIA Update 1.7.11 NVIDIA Update Components OCR Software by I.R.I.S. 13.0 OpenAL Oracle Data Provider for .NET Help Oracle Database 10g Express Edition PDF Settings CS5 Picasa 3 Pidgin Rayman Origins Realtek High Definition Audio Driver ReNamer Rockstar Games Social Club Scan Security Update for 2007 Microsoft Office System (KB2288621) Security Update for 2007 Microsoft Office System (KB2584063) Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553091) Security Update for Microsoft Office 2010 (KB2553096) Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition Security Update for Microsoft Office system 2007 (972581) Security Update for Microsoft Office system 2007 (KB974234) Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition Security Update for Microsoft SharePoint Workspace 2010 (KB2566445) Security Update for Microsoft Visio Viewer 2010 (KB2597170) 32-Bit Edition Sengoku Rance English v1.01 SolutionCenter Steam System Requirements Lab CYRI Tally 9 TechPowerUp GPU-Z TeraCopy 2.27 Update for 2007 Microsoft Office System (KB2284654) Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office 2007 System (KB2539530) Update for Microsoft Office 2010 (KB2494150) Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553092) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition Update for Microsoft Outlook Social Connector (KB2583935) Update for Microsoft Visual Studio 2008 Professional Edition - ENU (KB972221) Utawarerumono English v1.1 VC Runtimes MSI Visual Studio 2005 Tools for Office Second Edition Runtime Visual Studio Tools for the Office system 3.0 Runtime WebM Project Directshow Filters WebReg Windows Live ID Sign-in Assistant WinRAR 4.11 (32-bit) WMP 12 Playback Pack Xuse 永遠のアセリア - この大地の果てで - (Remove Only) μTorrent 星空のメモリア-Wish upon a shooting star- 神採りアルケミーマイスター 神採りアルケミーマイスター Append01 神採りアルケミーマイスター Append02 神採りアルケミーマイスター Ver2.00 Update . ==== Event Viewer Messages From Past Week ======== . 7/4/2012 12:44:13 AM, Error: Microsoft-Windows-SharedAccess_NAT [34001] - The ICS_IPV6 failed to configure IPv6 stack. 7/4/2012 12:05:48 AM, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error. 5/4/2012 11:58:46 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the ASUS HM Com Service service to connect. 5/4/2012 11:58:46 AM, Error: Service Control Manager [7000] - The ASUS HM Com Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 10/4/2012 6:43:57 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Freemake Improver service to connect. 10/4/2012 6:43:57 AM, Error: Service Control Manager [7000] - The Freemake Improver service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 10/4/2012 5:25:45 AM, Error: Microsoft-Windows-DistributedCOM [10001] - Unable to start a DCOM Server: {F87B28F1-DA9A-4F35-8EC0-800EFCF26B83} as /. The error: "5" Happened while starting this command: C:\Windows\System32\slui.exe -Embedding . ==== End Of File ===========================
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.