Jump to content

Recommended Posts

Hello, since a week my computer has been doing wierd.

My browser (google chrome) opens Mediashifting.com automaticly.

And when i try to search for something on google and i click it this happens:

http://imageshack.us/f/38/naamloos1p.png

This url comes in the url bar: http://95p.com/?search=test&subid=153&key=30a62a27dee9a8d77e32

I did all 3 scans that i can find on Malwarebytes.

But it finds nothing. Its very anoying and i dont know how to remove it.

I was chatting to some company and they told me its a new virus, they said they could remove it but they had to charge 70$...

I hope you can help me

Also, the Problem from mediashifting opening seems to not be happening anymore. but i still cant search the web, thie 95p.com thingy some in the url bar.

On my other thread they told me todo some scans:

DDS:

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 8.0.7600.16385

Run by Maxlem at 22:56:30 on 2012-01-02

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.32.1043.18.4078.2249 [GMT 1:00]

.

AV: McAfee Antivirus en antispyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: McAfee Antivirus en antispyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\conhost.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\mfevtps.exe

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe

C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE

C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE

C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe

C:\Windows\system32\WUDFHost.exe

C:\Program Files\Windows Media Player\WMPSideShowGadget.exe

C:\Program Files (x86)\Windows Media Player\wmplayer.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe

C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe

C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

C:\Program Files (x86)\Steam\steam.exe

C:\Users\Maxlem\AppData\Local\Google\Update\1.3.21.79\GoogleCrashHandler.exe

C:\Program Files (x86)\Origin\Origin.exe

C:\Program Files (x86)\ManyCam\Bin\ManyCam.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe

C:\Program Files\Logitech\GamePanel Software\Applets\LCDCountdown.exe

C:\Program Files\Logitech\GamePanel Software\Applets\LCDClock.exe

C:\Program Files\Logitech\GamePanel Software\Applets\LCDPop3.exe

C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe

C:\Program Files\Logitech\GamePanel Software\Applets\LCDRSS.exe

C:\Program Files\mcafee.com\agent\mcagent.exe

C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files (x86)\Common Files\Steam\SteamService.exe

C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\system32\wuauclt.exe

C:\Windows\system32\taskeng.exe

C:\Users\Maxlem\Downloads\rsclient.exe

C:\Users\Maxlem\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Maxlem\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Maxlem\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Maxlem\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Maxlem\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Users\Maxlem\AppData\Local\Google\Chrome\Application\chrome.exe

c:\PROGRA~1\mcafee.com\agent\mcupdate.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\vssvc.exe

C:\Windows\System32\svchost.exe -k swprv

C:\Windows\SysWOW64\NOTEPAD.EXE

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://eu.ask.com/?l=dis&o=102869&gct=hp

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

uURLSearchHooks: H - No File

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110807132606.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

uRun: [Google Update] "C:\Users\Maxlem\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

uRun: [KPeerNexonEU] C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe

uRun: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent

uRun: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart

uRun: [spyware Doctor with AntiVirus] C:\Users\Maxlem\Desktop\explorer.exe.exe -min

uRun: [ManyCam] "C:\Program Files (x86)\ManyCam\Bin\ManyCam.exe" /silent

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [shwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r

mRun: [updReg] C:\Windows\UpdReg.EXE

mRun: [Dell Registration] C:\Program Files (x86)\System Registration\prodreg.exe /boot

mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [<NO NAME>]

mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"

mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup

mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"

mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

LSP: mswsock.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

TCP: DhcpNameServer = 192.168.0.1

TCP: Interfaces\{5BD518F6-7BFB-4C61-9F50-EA0059956423} : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{5BD518F6-7BFB-4C61-9F50-EA0059956423}\254523536313F513 : DhcpNameServer = 192.168.16.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4

{18DF081C-E8AD-4283-A596-FA578C2EBDC3}

{27B4851A-3207-45A2-B947-BE8AFE6163AB}

{72853161-30C5-4D22-B7F9-0BBC1D38A37E}

{7DB2D5A0-7241-4E79-B68D-6309F01C5231}

{9030D464-4C02-4ABF-8ECC-5164760863C6}

{9FDDE16B-836F-4806-AB1F-1455CBEFF289}

{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

{B4F3A835-0E21-4959-BA22-42B3008E02FF}

{D4027C7F-154A-4066-A1AD-4243D8127440}

{DBC80044-A445-435b-BC74-9C25C1C588A9}

{D4027C7F-154A-4066-A1AD-4243D8127440}

mRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun-x64: [shwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe

mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun-x64: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r

mRun-x64: [updReg] C:\Windows\UpdReg.EXE

mRun-x64: [Dell Registration] C:\Program Files (x86)\System Registration\prodreg.exe /boot

mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [(standaard)]

mRun-x64: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"

mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup

mRun-x64: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun-x64: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"

mRunOnce-x64: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"

SEH-X64: {B5A7F190-DDA6-4420-B3BA-52453494E6CD}: Groove GFS Stub Execution Hook

.

============= SERVICES / DRIVERS ===============

.

R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]

R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]

R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]

R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-9-5 64952]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-4-26 13336]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-31 652872]

R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2010-3-10 355440]

R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2010-3-10 355440]

R2 McShield;McShield;C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe [2011-4-26 200056]

R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2011-4-26 245352]

R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]

R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-4-26 1692480]

R2 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-8-7 2337144]

R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2011-12-13 2984832]

R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]

R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]

R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]

R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]

R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\system32\drivers\LGBusEnum.sys --> C:\Windows\system32\drivers\LGBusEnum.sys [?]

R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\system32\drivers\LGVirHid.sys --> C:\Windows\system32\drivers\LGVirHid.sys [?]

R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;C:\Windows\system32\DRIVERS\ManyCam_x64.sys --> C:\Windows\system32\DRIVERS\ManyCam_x64.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]

R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]

R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\Dell Support Center\pcdsrvc_x64.pkms [2011-12-14 25072]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2010-3-10 355440]

S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]

S3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]

S3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]

S3 McAWFwk;McAfee Activation Service;C:\PROGRA~1\mcafee\msc\mcawfwk.exe [2011-4-26 220528]

S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S4 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2010-3-10 355440]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2012-01-02 13:48:50 -------- d-----w- C:\Users\Maxlem\AppData\Local\{6CF7D9DD-4EC7-4CFF-B28E-34D87B6A8BF0}

2012-01-02 13:48:38 -------- d-----w- C:\Users\Maxlem\AppData\Local\{C15CF903-0C15-41E1-9C4F-388FDCF53005}

2012-01-01 12:36:07 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F347EBF1-BFF8-48CE-A458-38EAC278717F}\offreg.dll

2012-01-01 12:34:39 -------- d-----w- C:\Users\Maxlem\AppData\Local\{1175BB13-ACE3-4D1B-B83D-273B55A9184D}

2012-01-01 12:34:28 -------- d-----w- C:\Users\Maxlem\AppData\Local\{3151CBAD-D0FB-4FBD-9562-6CC7AFDB8485}

2011-12-31 14:58:38 -------- d-----w- C:\Users\Maxlem\AppData\Roaming\ParetoLogic

2011-12-31 14:58:38 -------- d-----w- C:\Users\Maxlem\AppData\Roaming\DriverCure

2011-12-31 14:58:32 -------- d-----w- C:\Program Files (x86)\Common Files\ParetoLogic

2011-12-31 14:58:31 -------- d-----w- C:\ProgramData\ParetoLogic

2011-12-31 14:58:31 -------- d-----w- C:\Program Files (x86)\ParetoLogic

2011-12-31 12:19:45 8822856 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F347EBF1-BFF8-48CE-A458-38EAC278717F}\mpengine.dll

2011-12-31 12:19:45 270720 ------w- C:\Windows\System32\MpSigStub.exe

2011-12-31 12:04:25 -------- d-----w- C:\Users\Maxlem\AppData\Local\{CE7AFF96-F00F-4550-837B-0A1B924FBC76}

2011-12-31 12:04:14 -------- d-----w- C:\Users\Maxlem\AppData\Local\{6E135195-AF16-48B0-9E9F-097798C82551}

2011-12-31 00:04:46 -------- d-----w- C:\Users\Maxlem\AppData\Local\APN

2011-12-30 18:22:08 -------- d-----w- C:\Program Files (x86)\PC Tools Security

2011-12-30 18:15:58 -------- d-----w- C:\ProgramData\PC Tools

2011-12-30 12:24:09 -------- d-----w- C:\Users\Maxlem\AppData\Local\{9C46DE8D-DCAF-462E-99A7-C5C2C8340BB8}

2011-12-30 12:23:57 -------- d-----w- C:\Users\Maxlem\AppData\Local\{D196D721-5297-4F8B-A8B5-8C3042DCD312}

2011-12-29 12:16:58 -------- d-----w- C:\Users\Maxlem\AppData\Local\{5C5AAA62-CF89-487A-AA42-C930A17F0D96}

2011-12-29 12:16:47 -------- d-----w- C:\Users\Maxlem\AppData\Local\{53461CFD-8D3F-4033-96DD-92863B8A64BD}

2011-12-28 15:42:01 -------- d-----w- C:\Users\Maxlem\AppData\Local\Logitech

2011-12-28 15:34:33 -------- d-----w- C:\Users\Maxlem\AppData\Local\{74C7E940-64F4-4B13-8E99-FA22B2761D6D}

2011-12-28 15:34:22 -------- d-----w- C:\Users\Maxlem\AppData\Local\{4423B8AC-A3C4-42A9-94A9-4A8D9711CE4D}

2011-12-27 17:56:42 -------- d-----w- C:\Users\Maxlem\AppData\Local\{29942D6C-9A2D-4649-8D39-9BA36AA79A91}

2011-12-27 17:56:30 -------- d-----w- C:\Users\Maxlem\AppData\Local\{160B9C38-4A69-4346-899B-1BE692F612E5}

2011-12-27 12:37:49 -------- d-----w- C:\Users\Maxlem\AppData\Local\{09D05915-47A8-4030-BC99-CBF44213651B}

2011-12-27 12:37:38 -------- d-----w- C:\Users\Maxlem\AppData\Local\{57739A70-34BF-48D1-9902-C28EC4E40182}

2011-12-26 20:10:30 -------- d-----w- C:\Program Files (x86)\VideoLAN

2011-12-26 12:18:02 -------- d-----w- C:\Users\Maxlem\AppData\Local\{FB4239A2-E0A4-43BA-A301-BEF052CF0688}

2011-12-26 12:17:48 -------- d-----w- C:\Users\Maxlem\AppData\Local\{95F4B4E1-1332-403B-AF2B-0916863E1C24}

2011-12-25 11:13:57 -------- d-----w- C:\Users\Maxlem\AppData\Local\{867814FF-FD87-489A-BE52-7276D8D6E9BF}

2011-12-25 11:13:44 -------- d-----w- C:\Users\Maxlem\AppData\Local\{EF859766-662E-449D-AE4F-2053BB2D1670}

2011-12-24 12:46:16 -------- d-----w- C:\Users\Maxlem\AppData\Local\{B582D00C-23AA-4EED-905D-9F392F3AF05B}

2011-12-24 12:46:04 -------- d-----w- C:\Users\Maxlem\AppData\Local\{F9F01202-FCD7-42EB-BE65-804E5D749FE4}

2011-12-23 19:18:57 -------- d-----w- C:\Users\Maxlem\AppData\Local\ManyCam

2011-12-23 19:18:56 -------- d-----w- C:\Users\Maxlem\AppData\Roaming\ManyCam

2011-12-23 19:18:53 -------- d-----w- C:\Program Files (x86)\ManyCam

2011-12-23 10:53:57 -------- d-----w- C:\Users\Maxlem\AppData\Local\{B335402F-37D2-4A38-B42B-067F1473A888}

2011-12-23 10:53:43 -------- d-----w- C:\Users\Maxlem\AppData\Local\{49E36CB5-7991-4353-86BA-D17049C73919}

2011-12-22 16:53:59 -------- d-----w- C:\Users\Maxlem\AppData\Roaming\Malwarebytes

2011-12-22 16:53:43 -------- d-----w- C:\ProgramData\Malwarebytes

2011-12-22 16:53:40 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-12-22 16:53:40 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2011-12-22 10:49:33 -------- d-----w- C:\Users\Maxlem\AppData\Local\{A04A536B-4E72-4D7F-B6E8-D1A4C70E4132}

2011-12-22 10:49:21 -------- d-----w- C:\Users\Maxlem\AppData\Local\{989E619B-47ED-421A-9F4B-91CCE8CA8887}

2011-12-21 20:11:46 -------- d-----w- C:\Users\Maxlem\AppData\Local\{6AAB05F0-6B80-426C-BF9B-0198F9B4407B}

2011-12-21 20:11:35 -------- d-----w- C:\Users\Maxlem\AppData\Local\{7A02DAA3-4C65-4D89-9233-402BBC1181EB}

2011-12-21 12:52:57 -------- d-----w- C:\Users\Maxlem\AppData\Local\{D1229917-4C78-4FB2-9C3C-3175A6B3EACF}

2011-12-21 12:52:46 -------- d-----w- C:\Users\Maxlem\AppData\Local\{74A4B0D2-7282-4BCB-9F18-9589A8F86DED}

2011-12-20 17:15:04 -------- d-----w- C:\Users\Maxlem\AppData\Local\ElevatedDiagnostics

2011-12-20 12:30:52 -------- d-----w- C:\Users\Maxlem\AppData\Local\{6BE5235B-2A57-4881-8C7D-8C1E368BEFA7}

2011-12-20 12:30:40 -------- d-----w- C:\Users\Maxlem\AppData\Local\{1954B730-2DF2-4F95-A197-DDF512E868AF}

2011-12-20 10:12:34 -------- d-----w- C:\Users\Maxlem\AppData\Local\{A34D4B7B-E54C-4B6A-88A0-D267D212E3CD}

2011-12-20 10:12:23 -------- d-----w- C:\Users\Maxlem\AppData\Local\{F57CCABC-EB27-4AE8-BF80-C97E4F6C3F66}

2011-12-19 16:56:35 -------- d-----w- C:\Users\Maxlem\AppData\Local\{67B051BF-FBA4-4266-8727-A3B3EDF691D1}

2011-12-19 16:56:24 -------- d-----w- C:\Users\Maxlem\AppData\Local\{A2BE51C7-9561-49CC-89F6-6295BA00161A}

2011-12-19 11:15:22 -------- d-----w- C:\Users\Maxlem\AppData\Local\{C390673B-1183-4596-A718-1884C5412A4C}

2011-12-19 11:15:12 -------- d-----w- C:\Users\Maxlem\AppData\Local\{25722FE4-A09C-4404-8B89-75D020128F8C}

2011-12-18 10:27:42 -------- d-----w- C:\Users\Maxlem\AppData\Local\{105FB065-FEF6-4E50-9726-0F915A424710}

2011-12-18 10:27:29 -------- d-----w- C:\Users\Maxlem\AppData\Local\{B4D97DB5-BCC4-4679-B935-423B950FDD92}

2011-12-17 20:13:36 -------- d-----w- C:\Users\Maxlem\AppData\Local\{EEF74656-4FC1-457B-B1A0-725926E10B93}

2011-12-17 20:13:25 -------- d-----w- C:\Users\Maxlem\AppData\Local\{F6711DC5-09E8-4FCA-AE7F-80E021C899FE}

2011-12-17 11:08:45 -------- d-----w- C:\Users\Maxlem\AppData\Local\{57C17683-118B-4D12-B1F6-DF425604DAE4}

2011-12-17 11:08:34 -------- d-----w- C:\Users\Maxlem\AppData\Local\{7CFF7EF1-0C87-466A-9A09-391592DE1835}

2011-12-16 21:48:28 -------- d-----w- C:\Users\Maxlem\AppData\Local\Babylon

2011-12-16 21:48:27 -------- d-----w- C:\Users\Maxlem\AppData\Roaming\Babylon

2011-12-16 21:48:10 -------- d-----w- C:\Users\Maxlem\AppData\Local\TempDIR

2011-12-16 19:15:56 -------- d-----w- C:\Users\Maxlem\AppData\Roaming\Azureus

2011-12-16 10:14:18 -------- d-----w- C:\Users\Maxlem\AppData\Local\{02329B65-BA14-46A1-AC19-9ADB6B27C623}

2011-12-16 10:14:07 -------- d-----w- C:\Users\Maxlem\AppData\Local\{2B60C687-627C-4E36-A2A0-BD5875352F54}

2011-12-15 10:57:39 -------- d-----w- C:\Users\Maxlem\AppData\Local\{F27C78D5-F223-4A87-BA33-C1DFF7A9037A}

2011-12-15 10:57:27 -------- d-----w- C:\Users\Maxlem\AppData\Local\{FBAF073B-4428-4CB4-8F50-C207B112B5A6}

2011-12-14 12:35:14 43520 ----a-w- C:\Windows\System32\csrsrv.dll

2011-12-14 12:34:18 1197568 ----a-w- C:\Windows\System32\wininet.dll

2011-12-14 12:34:06 981504 ----a-w- C:\Windows\SysWow64\wininet.dll

2011-12-14 12:34:05 860672 ----a-w- C:\Program Files (x86)\Internet Explorer\iedvtool.dll

2011-12-14 12:34:05 696600 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe

2011-12-14 12:34:05 673048 ----a-w- C:\Program Files (x86)\Internet Explorer\iexplore.exe

2011-12-14 12:18:58 -------- d-----w- C:\Users\Maxlem\AppData\Local\{02FA16D6-29FF-46F6-A4E2-504B2610BC78}

2011-12-13 11:15:22 -------- d-----w- C:\Users\Maxlem\AppData\Local\{994C4824-DBE4-422D-8675-6E1E5794A145}

2011-12-13 11:15:06 -------- d-----w- C:\Users\Maxlem\AppData\Local\{05816AF1-8EB5-4DE7-8F66-8F5FE0A4D874}

2011-12-12 16:08:41 -------- d-----w- C:\Program Files (x86)\Ventrilo

2011-12-12 16:08:09 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard

2011-12-12 11:50:34 -------- d-----w- C:\Users\Maxlem\AppData\Local\{4864FCDC-37E5-4532-B0EA-B7D6FA283310}

2011-12-12 11:50:22 -------- d-----w- C:\Users\Maxlem\AppData\Local\{40D88DCA-4F41-43C8-AC3B-DC1E77EF8D7A}

2011-12-11 15:02:58 -------- d-----w- C:\Users\Maxlem\AppData\Local\{298CA3AA-19D3-4F0D-9C94-5B176FB3EDA8}

2011-12-11 15:02:46 -------- d-----w- C:\Users\Maxlem\AppData\Local\{7BB61F77-2AC4-4C7A-B7E7-C2ACC23579C9}

2011-12-11 09:49:38 -------- d-----w- C:\Users\Maxlem\AppData\Local\{C4A0FBCF-55F1-4246-9901-47C78FAA4851}

2011-12-11 09:49:23 -------- d-----w- C:\Users\Maxlem\AppData\Local\{8EF93D15-9079-423D-8389-C0AD5A724A99}

2011-12-10 20:31:01 -------- d-----w- C:\Users\Maxlem\AppData\Local\{F0B9157F-1A1E-48AA-95CF-34BD9E223F61}

2011-12-10 20:30:49 -------- d-----w- C:\Users\Maxlem\AppData\Local\{31F3FE72-9DBC-471C-A94E-9BFB803024BC}

2011-12-10 11:56:29 -------- d-----w- C:\Users\Maxlem\AppData\Local\{7A1D2491-36C1-470E-97D6-670B7688FDA5}

2011-12-10 11:56:17 -------- d-----w- C:\Users\Maxlem\AppData\Local\{A5549F6D-1DD8-4580-9A2A-19CBE5583609}

2011-12-09 15:14:39 -------- d-----w- C:\Users\Maxlem\AppData\Local\{48DCF411-262C-4009-808E-0DF7E42F25CB}

2011-12-09 15:14:26 -------- d-----w- C:\Users\Maxlem\AppData\Local\{C473F8AC-C0D3-469A-8004-439159C8ED8E}

2011-12-08 14:42:59 -------- d-----w- C:\Users\Maxlem\AppData\Local\{0748A302-A840-49B6-B7F8-3AADF6B41BA6}

2011-12-08 14:24:07 -------- d-----w- C:\Users\Maxlem\AppData\Local\{74D63806-96DB-4366-BCE8-2A89F62D4AD5}

2011-12-07 11:05:02 -------- d-----w- C:\Users\Maxlem\AppData\Local\{CA2AE19D-CBD8-46F6-A7A6-2B912FBFBF4D}

2011-12-07 11:04:50 -------- d-----w- C:\Users\Maxlem\AppData\Local\{1F023DE7-3C25-413D-9D06-013318148EA5}

2011-12-06 14:49:39 -------- d-----w- C:\Users\Maxlem\AppData\Local\{3966030E-ABD1-495F-A219-ADC180D8976C}

2011-12-06 14:49:27 -------- d-----w- C:\Users\Maxlem\AppData\Local\{9AC9ACF2-6F55-49EC-B2AB-521F311135BA}

2011-12-06 14:34:57 -------- d-----w- C:\Users\Maxlem\AppData\Local\{608DAA4E-7458-4042-9537-2B35CF6F09A9}

2011-12-06 14:34:42 -------- d-----w- C:\Users\Maxlem\AppData\Local\{67C13E63-90B8-4AFC-8A24-DCBC411774CD}

2011-12-05 17:44:15 -------- d-----w- C:\Users\Maxlem\AppData\Local\{9F23D489-E2E0-42EF-8D7B-3606A633262B}

2011-12-05 17:44:04 -------- d-----w- C:\Users\Maxlem\AppData\Local\{8F27C531-72BB-4774-96C5-D1F9322E1D17}

2011-12-05 15:21:51 -------- d-----w- C:\Users\Maxlem\AppData\Local\{4ED148FA-2509-4C6C-97F9-90A403B0D5B1}

2011-12-05 15:21:40 -------- d-----w- C:\Users\Maxlem\AppData\Local\{78B2E6FE-1523-4D90-9AC7-9AB632382323}

2011-12-04 15:24:30 -------- d-----w- C:\Users\Maxlem\AppData\Local\{B3C59FC8-518E-465D-9C35-BEF0B8A1ADDF}

2011-12-04 15:24:18 -------- d-----w- C:\Users\Maxlem\AppData\Local\{D45B8A18-87B4-4C41-A8A1-0FC0F8F0F7B1}

2011-12-04 10:33:59 -------- d-----w- C:\Users\Maxlem\AppData\Local\{39041207-3934-48C1-BB8A-A1AA1648A92D}

2011-12-04 10:33:47 -------- d-----w- C:\Users\Maxlem\AppData\Local\{B0ABB81D-E36F-494B-A359-B7385FA355CA}

.

==================== Find3M ====================

.

2012-01-01 21:00:17 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr

2012-01-01 21:00:17 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe

2012-01-01 13:47:10 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0

2011-12-31 12:05:25 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2011-12-10 18:23:01 75136 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe

2011-11-24 05:00:47 3141632 ----a-w- C:\Windows\System32\win32k.sys

2011-11-05 05:23:10 57856 ----a-w- C:\Windows\System32\licmgr10.dll

2011-11-05 05:17:42 2048 ----a-w- C:\Windows\System32\tzres.dll

2011-11-05 04:34:15 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll

2011-11-05 04:30:11 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2011-11-05 04:07:32 482816 ----a-w- C:\Windows\System32\html.iec

2011-11-05 03:28:41 386048 ----a-w- C:\Windows\SysWow64\html.iec

2011-11-05 03:25:44 1638912 ----a-w- C:\Windows\System32\mshtml.tlb

2011-11-05 02:55:38 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2011-10-15 06:25:12 723456 ----a-w- C:\Windows\System32\EncDec.dll

2011-10-15 05:48:52 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll

.

============= FINISH: 22:57:06,36 ===============

And ill attach both DDS and Attach.

DDS.txt

Attach.txt

Link to post
Share on other sites

Please download Farbar Service Scanner and run it on the computer with the issue.


  • Make sure the following options are checked:

    • Internet Services
    • Windows Firewall
    • System Restore

    [*]Press "Scan".

    [*]It will create a log (FSS.txt) in the same directory the tool is run.

    [*]Please copy and paste the log to your reply.

Please download and run RogueKiller.

Choose 1 to scan the system

Post back the report.

MrC

Link to post
Share on other sites

The FFS log:

Farbar Service Scanner

Ran by Maxlem (administrator) on 03-01-2012 at 13:45:00

Microsoft Windows 7 Home Premium (X64)

Boot Mode: Normal

****************************************************************

Internet Services:

============

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Yahoo IP is accessible.

Windows Firewall:

=============

MpsSvc Service is not running. Checking service configuration:

The start type of MpsSvc service is OK.

The ImagePath of MpsSvc service is OK.

The ServiceDll of MpsSvc service is OK.

mpsdrv Service is not running. Checking service configuration:

The start type of mpsdrv service is OK.

The ImagePath of mpsdrv service is OK.

Firewall Disabled Policy:

==================

System Restore:

============

SDRSVC Service is not running. Checking service configuration:

The start type of SDRSVC service is OK.

The ImagePath of SDRSVC service is OK.

The ServiceDll of SDRSVC service is OK.

VSS Service is not running. Checking service configuration:

The start type of VSS service is OK.

The ImagePath of VSS service is OK.

System Restore Disabled Policy:

========================

File Check:

========

C:\Windows\System32\nsisvc.dll => MD5 is legit

C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit

C:\Windows\System32\dhcpcore.dll => MD5 is legit

C:\Windows\System32\drivers\afd.sys => MD5 is legit

C:\Windows\System32\drivers\tdx.sys => MD5 is legit

C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit

C:\Windows\System32\dnsrslvr.dll => MD5 is legit

C:\Windows\System32\mpssvc.dll

[2009-07-14 01:09] - [2009-07-14 02:41] - 0824832 ____A (Microsoft Corporation) AECAB449567D1846DAD63ECE49E893E3

C:\Windows\System32\bfe.dll

[2009-07-14 01:09] - [2009-07-14 02:40] - 0703488 ____A (Microsoft Corporation) 4992C609A6315671463E30F6512BC022

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit

C:\Windows\System32\SDRSVC.dll

[2009-07-14 00:36] - [2009-07-14 02:41] - 0170496 ____A (Microsoft Corporation) 765A27C3279CE11D14CB9E4F5869FCA5

C:\Windows\System32\vssvc.exe

[2009-07-14 00:39] - [2009-07-14 02:39] - 1598976 ____A (Microsoft Corporation) 787898BF9FB6D7BD87A36E2D95C899BA

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

RogueKiller:

RogueKiller V6.2.2 [12/31/2011] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7600 ) 64 bits version

Started in : Normal mode

User: Maxlem [Admin rights]

Mode: Scan -- Date : 01/03/2012 13:46:00

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 4 ¤¤¤

[sUSP PATH] HKCU\[...]\Run : Spyware Doctor with AntiVirus (C:\Users\Maxlem\Desktop\explorer.exe.exe -min) -> FOUND

[sUSP PATH] HKUS\S-1-5-21-278867483-3741661408-2011077839-1000[...]\Run : Spyware Doctor with AntiVirus (C:\Users\Maxlem\Desktop\explorer.exe.exe -min) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

[ZeroAccess] sys32\consrv.dll present!

¤¤¤ HOSTS File: ¤¤¤

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: +++++

--- User ---

[MBR] 76997a558d607f4fc1c9659564101252

[bSP] 43e2be632fa467e7e97cb39987fa84d2 : Windows 7 MBR Code

Partition table:

0 - [XXXXXX] FAT16 [HIDDEN!] Offset (sectors): 63 | Size: 172 Mo

1 - [ACTIVE] NTFS [VISIBLE] Offset (sectors): 337920 | Size: 16821 Mo

2 - [XXXXXX] NTFS [VISIBLE] Offset (sectors): 33191936 | Size: 983208 Mo

User = LL1 ... OK!

Error reading LL2 MBR!

Finished : << RKreport[1].txt >>

RKreport[1].txt

Link to post
Share on other sites

I dont think i have the OS CD, But what do they mean with "Removing this infection can also disable the ability to connect to the internet."? does it mean if the infection has been removed i cant use the internet?

Sometimes this does happen, I working on one right now and we lucked out...no problems.

http://forums.malwarebytes.org/index.php?showtopic=103652

I just have to inform you of this possibility, we'll take all the precautions we could before we start.

Why don't you have the cd??

MrC

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.