Jump to content

PUP.bitminer removal.

watermonger
 Share

Recommended Posts

watermonger

watermonger

Posted
Posted

So I have tried multiple times to remove this with malwarebytes, even tried it in safe mode, restarted, booted back into safemode, and scanned again and it was still there. I am also having a problem with a program called PING.exe, I read somewhere to scan with TDSSKiller and it did not detect it. Logs are attached.

Also forgot to add that I am making all the post from the infected computer because I dont have a back up.

Attach.txt

DDS.txt

Link to post
Share on other sites
  • 2 weeks later...
watermonger

watermonger

Posted
  • Author
Posted

Ok so now I am infected with system check because of that damn PUP.bitminer trojan. I really need some help guys, I will pay w/e for services I dont care I just need this fixed.

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_24

Run by Administrator at 13:33:35 on 2012-01-19

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.8169.6418 [GMT -8:00]

.

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\atieclxx.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe

C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe

C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe

C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe

C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe

C:\Windows\system32\IProsetMonitor.exe

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe

C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe

C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe

C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe

C:\Program Files\Logitech\Gaming Software\LWEMon.exe

C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe

C:\Program Files (x86)\Origin\Origin.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe

C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe

C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe

C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Windows Media Player\WMPSideShowGadget.exe

C:\Program Files (x86)\Windows Media Player\wmplayer.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Windows\system32\taskhost.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\system32\sppsvc.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uInternet Settings,ProxyServer = http=127.0.0.1:60990

uURLSearchHooks: SearchHook Class: {bc86e1ab-eda5-4059-938f-ce307b0c6f0a} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll

mWinlogon: Userinit=userinit.exe,

BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll

uRun: [Google Update] "C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe

uRun: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

mRun: [bCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"

mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe

mRun: [ASUS Ai Charger] C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start

mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

uPolicies-explorer: HideSCAHealth = 1 (0x1)

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-explorer: HideSCAHealth = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

LSP: mswsock.dll

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.21.0.cab

TCP: DhcpNameServer = 24.159.64.23 24.217.201.67 66.189.0.100

TCP: Interfaces\{9B182974-6EB6-44E1-95C4-0883A81C711D} : DhcpNameServer = 24.159.64.23 24.217.201.67 66.189.0.100

SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4

BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll

BHO-X64: Increase performance and video formats for your HTML5 <video> - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll

mRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

mRun-x64: [bCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"

mRun-x64: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe

mRun-x64: [ASUS Ai Charger] C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start

mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

Hosts: 188.119.151.113 www.google-analytics.com.

Hosts: 188.119.151.113 ad-emea.doubleclick.net.

Hosts: 188.119.151.113 www.statcounter.com.

Hosts: 69.72.252.254 www.google-analytics.com.

Hosts: 69.72.252.254 ad-emea.doubleclick.net.

.

Note: multiple HOSTS entries found. Please refer to Attach.txt

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\62am1ccv.default\

FF - prefs.js: network.proxy.http - 127.0.0.1

FF - prefs.js: network.proxy.http_port - 60990

FF - prefs.js: network.proxy.type - 0

FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll

FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll

FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll

FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll

FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

FF - plugin: C:\Users\Administrator\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

============= SERVICES / DRIVERS ===============

.

R0 AiCharger;ASUS Charger Driver;C:\Windows\system32\DRIVERS\AiCharger.sys --> C:\Windows\system32\DRIVERS\AiCharger.sys [?]

R0 mv91xx;mv91xx;C:\Windows\system32\DRIVERS\mv91xx.sys --> C:\Windows\system32\DRIVERS\mv91xx.sys [?]

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 asComSvc;ASUS Com Service;C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe [2010-11-3 918144]

R2 asHmComSvc;ASUS HM Com Service;C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe [2010-12-1 915584]

R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2011-4-23 586880]

R2 BCUService;Browser Configuration Utility Service;C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-26 223464]

R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-8-15 2329480]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-4-23 13336]

R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\system32\IProsetMonitor.exe --> C:\Windows\system32\IProsetMonitor.exe [?]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-27 652872]

R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]

R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]

R3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;C:\Windows\system32\DRIVERS\e1c62x64.sys --> C:\Windows\system32\DRIVERS\e1c62x64.sys [?]

R3 ICCWDT;Intel® Watchdog Timer Driver (Intel® WDT);C:\Windows\system32\DRIVERS\ICCWDT.sys --> C:\Windows\system32\DRIVERS\ICCWDT.sys [?]

R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\system32\drivers\LGBusEnum.sys --> C:\Windows\system32\drivers\LGBusEnum.sys [?]

R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\system32\drivers\LGVirHid.sys --> C:\Windows\system32\drivers\LGVirHid.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]

R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-5-9 130976]

S3 RTCore64;RTCore64;C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [2010-5-26 14648]

.

=============== Created Last 30 ================

.

2012-01-19 20:51:21 -------- d-----w- C:\Windows\pss

2012-01-19 00:58:01 -------- d-----w- C:\Users\Administrator\AppData\Roaming\Need for Speed World

2012-01-19 00:36:47 -------- d-----w- C:\Users\Administrator\AppData\Local\Electronic_Arts_Inc

2012-01-18 23:07:30 -------- d-----w- C:\Program Files (x86)\97FE8

2012-01-18 23:07:12 -------- d-----w- C:\Users\Administrator\AppData\Local\SanctionedMedia

2012-01-18 23:06:59 -------- d-----w- C:\Users\Administrator\AppData\Roaming\0E097

2012-01-18 23:06:59 -------- d-----w- C:\Program Files (x86)\LP

2012-01-18 23:06:42 -------- d-----we C:\Windows\system64

2012-01-17 19:58:45 -------- d-----w- C:\Program Files\Common Files\Logitech

2012-01-17 02:25:10 -------- d-----w- C:\Program Files (x86)\MegaDev

2012-01-08 02:24:31 626688 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr80.dll

2012-01-08 02:24:31 548864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp80.dll

2012-01-08 02:24:31 479232 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcm80.dll

2012-01-08 02:24:31 43992 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozutils.dll

2011-12-28 15:49:44 -------- d-----w- C:\Users\Administrator\AppData\Local\My Games

2011-12-28 04:29:22 -------- d-----w- C:\ProgramData\scar5

2011-12-28 04:23:41 -------- d-----w- C:\Users\Administrator\AppData\Roaming\scar5

2011-12-28 04:23:41 -------- d-----w- C:\Program Files (x86)\scar5

2011-12-28 02:58:05 -------- d-----w- C:\Users\Administrator\AppData\Roaming\Malwarebytes

2011-12-28 02:58:02 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-12-28 02:58:02 -------- d-----w- C:\ProgramData\Malwarebytes

2011-12-28 02:58:02 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

.

==================== Find3M ====================

.

2012-01-18 00:35:21 281880 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr

2012-01-18 00:35:21 281880 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe

2012-01-18 00:34:56 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0

2012-01-05 01:08:37 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe

2011-11-30 17:44:02 10497024 ----a-w- C:\Windows\System32\drivers\atikmdag.sys

2011-11-30 17:19:56 24887808 ----a-w- C:\Windows\System32\atio6axx.dll

2011-11-30 17:03:50 159744 ----a-w- C:\Windows\System32\atiapfxx.exe

2011-11-30 17:03:36 749568 ----a-w- C:\Windows\SysWow64\aticfx32.dll

2011-11-30 17:01:54 893440 ----a-w- C:\Windows\System32\aticfx64.dll

2011-11-30 16:58:56 466944 ----a-w- C:\Windows\System32\ATIDEMGX.dll

2011-11-30 16:58:40 517120 ----a-w- C:\Windows\System32\atieclxx.exe

2011-11-30 16:58:02 204288 ----a-w- C:\Windows\System32\atiesrxx.exe

2011-11-30 16:58:00 18829312 ----a-w- C:\Windows\SysWow64\atioglxx.dll

2011-11-30 16:56:46 120320 ----a-w- C:\Windows\System32\atitmm64.dll

2011-11-30 16:56:26 423424 ----a-w- C:\Windows\System32\atipdl64.dll

2011-11-30 16:56:20 356352 ----a-w- C:\Windows\SysWow64\atipdlxx.dll

2011-11-30 16:56:08 278528 ----a-w- C:\Windows\SysWow64\Oemdspif.dll

2011-11-30 16:56:02 21504 ----a-w- C:\Windows\System32\atimuixx.dll

2011-11-30 16:55:58 59392 ----a-w- C:\Windows\System32\atiedu64.dll

2011-11-30 16:55:52 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll

2011-11-30 16:51:20 4327936 ----a-w- C:\Windows\SysWow64\atidxx32.dll

2011-11-30 16:40:50 5079552 ----a-w- C:\Windows\System32\atidxx64.dll

2011-11-30 16:33:46 1113088 ----a-w- C:\Windows\System32\atiumd6v.dll

2011-11-30 16:33:14 1828864 ----a-w- C:\Windows\SysWow64\atiumdmv.dll

2011-11-30 16:33:02 4044288 ----a-w- C:\Windows\System32\atiumd6a.dll

2011-11-30 16:31:18 51200 ----a-w- C:\Windows\System32\aticalrt64.dll

2011-11-30 16:31:16 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll

2011-11-30 16:31:06 44544 ----a-w- C:\Windows\System32\aticalcl64.dll

2011-11-30 16:31:04 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll

2011-11-30 16:30:52 9978880 ----a-w- C:\Windows\System32\aticaldd64.dll

2011-11-30 16:28:56 4356096 ----a-w- C:\Windows\SysWow64\atiumdag.dll

2011-11-30 16:27:02 8449024 ----a-w- C:\Windows\SysWow64\aticaldd.dll

2011-11-30 16:24:58 4189184 ----a-w- C:\Windows\SysWow64\atiumdva.dll

2011-11-30 16:22:08 5512704 ----a-w- C:\Windows\System32\atiumd64.dll

2011-11-30 16:20:04 58880 ----a-w- C:\Windows\System32\coinst.dll

2011-11-30 16:14:14 486912 ----a-w- C:\Windows\System32\atiadlxx.dll

2011-11-30 16:14:06 339968 ----a-w- C:\Windows\SysWow64\atiadlxy.dll

2011-11-30 16:13:52 17408 ----a-w- C:\Windows\System32\atig6pxx.dll

2011-11-30 16:13:48 14336 ----a-w- C:\Windows\SysWow64\atiglpxx.dll

2011-11-30 16:13:48 14336 ----a-w- C:\Windows\System32\atiglpxx.dll

2011-11-30 16:13:44 39936 ----a-w- C:\Windows\System32\atig6txx.dll

2011-11-30 16:13:36 32768 ----a-w- C:\Windows\SysWow64\atigktxx.dll

2011-11-30 16:13:28 326656 ----a-w- C:\Windows\System32\drivers\atikmpag.sys

2011-11-30 16:12:38 40960 ----a-w- C:\Windows\System32\atiuxp64.dll

2011-11-30 16:12:30 31744 ----a-w- C:\Windows\SysWow64\atiuxpag.dll

2011-11-30 16:12:24 38912 ----a-w- C:\Windows\System32\atiu9p64.dll

2011-11-30 16:12:16 29184 ----a-w- C:\Windows\SysWow64\atiu9pag.dll

2011-11-30 16:11:38 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll

2011-11-30 16:11:14 54784 ----a-w- C:\Windows\System32\atimpc64.dll

2011-11-30 16:11:14 54784 ----a-w- C:\Windows\System32\amdpcom64.dll

2011-11-30 16:11:08 53760 ----a-w- C:\Windows\SysWow64\atimpc32.dll

2011-11-30 16:11:08 53760 ----a-w- C:\Windows\SysWow64\amdpcom32.dll

2011-11-29 18:19:50 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2011-10-26 05:21:54 66560 ----a-w- C:\Windows\System32\OpenVideo64.dll

2011-10-26 05:21:48 56832 ----a-w- C:\Windows\SysWow64\OpenVideo.dll

2011-10-26 05:21:40 66560 ----a-w- C:\Windows\System32\OVDecoder64.dll

2011-10-26 05:21:34 56832 ----a-w- C:\Windows\SysWow64\OVDecoder.dll

2011-10-26 05:21:24 16991744 ----a-w- C:\Windows\System32\amdocl64.dll

2011-10-26 05:20:42 13950464 ----a-w- C:\Windows\SysWow64\amdocl.dll

.

============= FINISH: 13:33:48.06 ===============

Link to post
Share on other sites
LDTate

LDTate

Posted
Posted

post-32477-1261866970.gif

Logs will be closed if you haven't replied within 3 days

Please don't attach the scans / logs for these tools, use "copy/paste".

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Please run a new MBAM scan being sure to update before scanning.

Post the scan results

Also please describe how your computer behaves at the moment.

Please don't attach the scans / logs, use "copy/paste".

Link to post
Share on other sites
watermonger

watermonger

Posted
  • Author
Posted

Well System check has completely hijacked my PC. It has hidden every icon on my desktop and all my folders under C: drive. It also gives me a bunch of fake error messages. It wont let me use task manager and it keeps quite a few programs from running. I tried to update MBAM but I get this error message

"An error has occured. Please report this issue to our support team (include the content of all error message(s) and code(s) in your submission).

PROGRAM_ERROR_UPDATING (5, 0, MBAMFileIO::WriteFile)

Access is denied."

So I scanned anyways and here is what came back. Should I also scan with DDS?

Malwarebytes Anti-Malware (Trial) 1.60.0.1800

www.malwarebytes.org

Database version: v2012.01.28.06

Windows 7 x64 NTFS

Internet Explorer 8.0.7600.16385

Administrator :: M-censoredING-E-PC [administrator]

Protection: Enabled

1/29/2012 12:54:12 PM

mbam-log-2012-01-29 (12-54-12).txt

Scan type: Full scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 374624

Time elapsed: 6 minute(s), 31 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 2

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Windows\assembly\temp\kwrd.dll (PUP.BitMiner) -> Quarantined and deleted successfully.

(end)

Link to post
Share on other sites
watermonger

watermonger

Posted
  • Author
Posted

Ok so I recently ran MBAM and noticed that kwrd.dll was gone, and MBAM found two PUM.hijacks that it removed. I restarted and scanned again and MBAM found nothing. But I still occasionally get redirected to the same site, though I dont think it is an attack site because MBAM doesnt pop up with a blocked notice. Any idea what the heck happened, it cant have just dissapeared, can it?

Link to post
Share on other sites
LDTate

LDTate

Posted
Posted

Trying to remove this infection can cause your pc to not boot or disable the internet.

If that happens, you'll need to do a Repair Install

How to Do a Repair Install to Fix Windows 7

http://www.sevenforums.com/tutorials/3413-repair-install.html

Download TDSSKiller from here and save it to your Desktop.

Note: if the Cure option is not there, please select 'Skip'.

Please read carefully and follow these steps.

  1. Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    tdss_1.jpg
  2. Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
    tdss_2.jpg
  3. Click the Start Scan button.
    tdss_3.jpg
  4. If a suspicious object is detected, the default action will be Skip, click on Continue.
    tdss_4.jpg
  5. If malicious objects are found, they will show in the Scan results and offer three (3) options.
  6. Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    tdss_5.jpg

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Link to post
Share on other sites
watermonger

watermonger

Posted
  • Author
Posted

TDSSKiller says it detected nothing

14:17:14.0622 4648 TDSS rootkit removing tool 2.7.8.0 Jan 30 2012 16:39:36

14:17:14.0998 4648 ============================================================

14:17:14.0998 4648 Current date / time: 2012/01/30 14:17:14.0998

14:17:14.0998 4648 SystemInfo:

14:17:14.0998 4648

14:17:14.0998 4648 OS Version: 6.1.7600 ServicePack: 0.0

14:17:14.0998 4648 Product type: Workstation

14:17:14.0998 4648 ComputerName: M-censoredING-E-PC

14:17:14.0998 4648 UserName: Administrator

14:17:14.0998 4648 Windows directory: C:\Windows

14:17:14.0998 4648 System windows directory: C:\Windows

14:17:14.0998 4648 Running under WOW64

14:17:14.0998 4648 Processor architecture: Intel x64

14:17:14.0998 4648 Number of processors: 4

14:17:14.0998 4648 Page size: 0x1000

14:17:14.0998 4648 Boot type: Normal boot

14:17:14.0998 4648 ============================================================

14:17:15.0159 4648 Drive \Device\Harddisk1\DR1 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000048

14:17:15.0175 4648 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

14:17:15.0190 4648 \Device\Harddisk1\DR1:

14:17:15.0190 4648 MBR used

14:17:15.0190 4648 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000

14:17:15.0190 4648 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x94DC800

14:17:15.0190 4648 \Device\Harddisk0\DR0:

14:17:15.0191 4648 MBR used

14:17:15.0191 4648 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A384800

14:17:15.0299 4648 Initialize success

14:17:15.0299 4648 ============================================================

14:17:20.0062 1844 ============================================================

14:17:20.0062 1844 Scan started

14:17:20.0062 1844 Mode: Manual; SigCheck; TDLFS;

14:17:20.0062 1844 ============================================================

14:17:20.0384 1844 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys

14:17:20.0417 1844 1394ohci - ok

14:17:20.0428 1844 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys

14:17:20.0437 1844 ACPI - ok

14:17:20.0446 1844 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys

14:17:20.0463 1844 AcpiPmi - ok

14:17:20.0476 1844 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

14:17:20.0487 1844 adp94xx - ok

14:17:20.0499 1844 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

14:17:20.0508 1844 adpahci - ok

14:17:20.0528 1844 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

14:17:20.0535 1844 adpu320 - ok

14:17:20.0550 1844 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys

14:17:20.0603 1844 AFD - ok

14:17:20.0612 1844 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys

14:17:20.0617 1844 agp440 - ok

14:17:20.0626 1844 AiCharger (a41b855edc1f141851e27f984827942c) C:\Windows\system32\DRIVERS\AiCharger.sys

14:17:20.0638 1844 AiCharger - ok

14:17:20.0647 1844 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys

14:17:20.0651 1844 aliide - ok

14:17:20.0662 1844 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys

14:17:20.0667 1844 amdide - ok

14:17:20.0676 1844 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

14:17:20.0683 1844 AmdK8 - ok

14:17:20.0820 1844 amdkmdag (eac31afcf791633cdff37facb3443532) C:\Windows\system32\DRIVERS\atikmdag.sys

14:17:20.0963 1844 amdkmdag - ok

14:17:20.0975 1844 amdkmdap (0f5901b4fad08aa6f28edf67f0aa3be3) C:\Windows\system32\DRIVERS\atikmpag.sys

14:17:20.0983 1844 amdkmdap - ok

14:17:20.0992 1844 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

14:17:21.0000 1844 AmdPPM - ok

14:17:21.0009 1844 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys

14:17:21.0015 1844 amdsata - ok

14:17:21.0025 1844 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

14:17:21.0032 1844 amdsbs - ok

14:17:21.0041 1844 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys

14:17:21.0045 1844 amdxata - ok

14:17:21.0055 1844 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys

14:17:21.0080 1844 AppID - ok

14:17:21.0091 1844 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

14:17:21.0097 1844 arc - ok

14:17:21.0106 1844 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

14:17:21.0111 1844 arcsas - ok

14:17:21.0114 1844 AsIO - ok

14:17:21.0117 1844 AsUpIO - ok

14:17:21.0126 1844 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

14:17:21.0148 1844 AsyncMac - ok

14:17:21.0157 1844 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys

14:17:21.0161 1844 atapi - ok

14:17:21.0173 1844 AtiHDAudioService (dbb487d09f56c674430ac454fd8bcab9) C:\Windows\system32\drivers\AtihdW76.sys

14:17:21.0179 1844 AtiHDAudioService - ok

14:17:21.0195 1844 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

14:17:21.0209 1844 b06bdrv - ok

14:17:21.0221 1844 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

14:17:21.0230 1844 b57nd60a - ok

14:17:21.0242 1844 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

14:17:21.0263 1844 Beep - ok

14:17:21.0273 1844 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

14:17:21.0280 1844 blbdrive - ok

14:17:21.0289 1844 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys

14:17:21.0311 1844 bowser - ok

14:17:21.0319 1844 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

14:17:21.0327 1844 BrFiltLo - ok

14:17:21.0336 1844 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

14:17:21.0343 1844 BrFiltUp - ok

14:17:21.0355 1844 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

14:17:21.0366 1844 Brserid - ok

14:17:21.0375 1844 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

14:17:21.0383 1844 BrSerWdm - ok

14:17:21.0391 1844 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

14:17:21.0400 1844 BrUsbMdm - ok

14:17:21.0408 1844 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

14:17:21.0415 1844 BrUsbSer - ok

14:17:21.0425 1844 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

14:17:21.0433 1844 BTHMODEM - ok

14:17:21.0445 1844 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

14:17:21.0466 1844 cdfs - ok

14:17:21.0477 1844 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys

14:17:21.0484 1844 cdrom - ok

14:17:21.0494 1844 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

14:17:21.0502 1844 circlass - ok

14:17:21.0526 1844 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

14:17:21.0535 1844 CLFS - ok

14:17:21.0550 1844 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

14:17:21.0557 1844 CmBatt - ok

14:17:21.0566 1844 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys

14:17:21.0570 1844 cmdide - ok

14:17:21.0583 1844 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys

14:17:21.0597 1844 CNG - ok

14:17:21.0607 1844 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

14:17:21.0612 1844 Compbatt - ok

14:17:21.0621 1844 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys

14:17:21.0629 1844 CompositeBus - ok

14:17:21.0634 1844 cpuz135 - ok

14:17:21.0643 1844 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

14:17:21.0648 1844 crcdisk - ok

14:17:21.0663 1844 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys

14:17:21.0685 1844 DfsC - ok

14:17:21.0695 1844 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

14:17:21.0716 1844 discache - ok

14:17:21.0726 1844 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

14:17:21.0731 1844 Disk - ok

14:17:21.0742 1844 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

14:17:21.0750 1844 drmkaud - ok

14:17:21.0761 1844 dtsoftbus01 (fb9bef3401ee5ecc2603311b9c64f44a) C:\Windows\system32\DRIVERS\dtsoftbus01.sys

14:17:21.0766 1844 dtsoftbus01 - ok

14:17:21.0783 1844 DXGKrnl (7cb7d2b73813ce05c7bc0f5f95d27cec) C:\Windows\System32\drivers\dxgkrnl.sys

14:17:21.0815 1844 DXGKrnl - ok

14:17:21.0827 1844 e1cexpress (6bafd9819d9fec2edbaebc8493c711a4) C:\Windows\system32\DRIVERS\e1c62x64.sys

14:17:21.0833 1844 e1cexpress - ok

14:17:21.0841 1844 EagleX64 - ok

14:17:21.0879 1844 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

14:17:21.0920 1844 ebdrv - ok

14:17:21.0936 1844 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

14:17:21.0948 1844 elxstor - ok

14:17:21.0957 1844 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys

14:17:21.0964 1844 ErrDev - ok

14:17:21.0977 1844 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

14:17:22.0000 1844 exfat - ok

14:17:22.0010 1844 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

14:17:22.0033 1844 fastfat - ok

14:17:22.0043 1844 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

14:17:22.0050 1844 fdc - ok

14:17:22.0061 1844 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

14:17:22.0066 1844 FileInfo - ok

14:17:22.0075 1844 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

14:17:22.0096 1844 Filetrace - ok

14:17:22.0105 1844 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

14:17:22.0111 1844 flpydisk - ok

14:17:22.0123 1844 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys

14:17:22.0129 1844 FltMgr - ok

14:17:22.0140 1844 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

14:17:22.0145 1844 FsDepends - ok

14:17:22.0154 1844 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys

14:17:22.0158 1844 Fs_Rec - ok

14:17:22.0171 1844 fvevol (b8b2a6e1558f8f5de5ce431c5b2c7b09) C:\Windows\system32\DRIVERS\fvevol.sys

14:17:22.0179 1844 fvevol - ok

14:17:22.0189 1844 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

14:17:22.0194 1844 gagp30kx - ok

14:17:22.0204 1844 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys

14:17:22.0207 1844 hamachi - ok

14:17:22.0218 1844 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

14:17:22.0225 1844 hcw85cir - ok

14:17:22.0237 1844 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys

14:17:22.0249 1844 HdAudAddService - ok

14:17:22.0259 1844 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys

14:17:22.0268 1844 HDAudBus - ok

14:17:22.0276 1844 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

14:17:22.0283 1844 HidBatt - ok

14:17:22.0292 1844 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

14:17:22.0302 1844 HidBth - ok

14:17:22.0311 1844 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

14:17:22.0320 1844 HidIr - ok

14:17:22.0330 1844 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys

14:17:22.0337 1844 HidUsb - ok

14:17:22.0349 1844 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys

14:17:22.0355 1844 HpSAMD - ok

14:17:22.0370 1844 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys

14:17:22.0399 1844 HTTP - ok

14:17:22.0408 1844 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys

14:17:22.0412 1844 hwpolicy - ok

14:17:22.0422 1844 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys

14:17:22.0429 1844 i8042prt - ok

14:17:22.0442 1844 iaStor (d7921d5a870b11cc1adab198a519d50a) C:\Windows\system32\DRIVERS\iaStor.sys

14:17:22.0449 1844 iaStor - ok

14:17:22.0463 1844 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys

14:17:22.0473 1844 iaStorV - ok

14:17:22.0482 1844 ICCWDT (c1010add3ddae1196ed21057af7b2aae) C:\Windows\system32\DRIVERS\ICCWDT.sys

14:17:22.0486 1844 ICCWDT - ok

14:17:22.0496 1844 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

14:17:22.0501 1844 iirsp - ok

14:17:22.0547 1844 IntcAzAudAddService (dab7318ccfa8081200d5b7b486793f74) C:\Windows\system32\drivers\RTKVHD64.sys

14:17:22.0574 1844 IntcAzAudAddService - ok

14:17:22.0583 1844 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys

14:17:22.0588 1844 intelide - ok

14:17:22.0598 1844 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

14:17:22.0604 1844 intelppm - ok

14:17:22.0615 1844 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys

14:17:22.0637 1844 IpFilterDriver - ok

14:17:22.0646 1844 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys

14:17:22.0653 1844 IPMIDRV - ok

14:17:22.0663 1844 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

14:17:22.0685 1844 IPNAT - ok

14:17:22.0694 1844 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

14:17:22.0710 1844 IRENUM - ok

14:17:22.0719 1844 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys

14:17:22.0723 1844 isapnp - ok

14:17:22.0734 1844 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys

14:17:22.0742 1844 iScsiPrt - ok

14:17:22.0752 1844 JRAID (a577f5db30f70eca9708c07c2eacbd9d) C:\Windows\system32\DRIVERS\jraid.sys

14:17:22.0756 1844 JRAID - ok

14:17:22.0766 1844 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

14:17:22.0770 1844 kbdclass - ok

14:17:22.0779 1844 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys

14:17:22.0786 1844 kbdhid - ok

14:17:22.0796 1844 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys

14:17:22.0802 1844 KSecDD - ok

14:17:22.0812 1844 KSecPkg (bbe1bf6d9b661c354d4857d5fadb943b) C:\Windows\system32\Drivers\ksecpkg.sys

14:17:22.0818 1844 KSecPkg - ok

14:17:22.0833 1844 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

14:17:22.0854 1844 ksthunk - ok

14:17:22.0867 1844 LGBusEnum (fa529fb35694c24bf98a9ef67c1cd9d0) C:\Windows\system32\drivers\LGBusEnum.sys

14:17:22.0870 1844 LGBusEnum - ok

14:17:22.0879 1844 LGVirHid (94b29ce153765e768f004fb3440be2b0) C:\Windows\system32\drivers\LGVirHid.sys

14:17:22.0883 1844 LGVirHid - ok

14:17:22.0893 1844 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

14:17:22.0914 1844 lltdio - ok

14:17:22.0927 1844 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

14:17:22.0933 1844 LSI_FC - ok

14:17:22.0942 1844 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

14:17:22.0948 1844 LSI_SAS - ok

14:17:22.0957 1844 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

14:17:22.0963 1844 LSI_SAS2 - ok

14:17:22.0973 1844 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

14:17:22.0979 1844 LSI_SCSI - ok

14:17:22.0988 1844 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

14:17:23.0011 1844 luafv - ok

14:17:23.0020 1844 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys

14:17:23.0024 1844 MBAMProtector - ok

14:17:23.0034 1844 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

14:17:23.0039 1844 megasas - ok

14:17:23.0050 1844 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

14:17:23.0058 1844 MegaSR - ok

14:17:23.0068 1844 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys

14:17:23.0071 1844 MEIx64 - ok

14:17:23.0081 1844 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

14:17:23.0101 1844 Modem - ok

14:17:23.0110 1844 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

14:17:23.0119 1844 monitor - ok

14:17:23.0128 1844 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

14:17:23.0132 1844 mouclass - ok

14:17:23.0142 1844 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

14:17:23.0149 1844 mouhid - ok

14:17:23.0158 1844 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys

14:17:23.0163 1844 mountmgr - ok

14:17:23.0174 1844 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys

14:17:23.0180 1844 mpio - ok

14:17:23.0189 1844 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

14:17:23.0211 1844 mpsdrv - ok

14:17:23.0221 1844 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys

14:17:23.0231 1844 MRxDAV - ok

14:17:23.0241 1844 mrxsmb (cfdcd8ca87c2a657debc150ac35b5e08) C:\Windows\system32\DRIVERS\mrxsmb.sys

14:17:23.0263 1844 mrxsmb - ok

14:17:23.0273 1844 mrxsmb10 (1bee517b220b7f024f411aec1571dd5a) C:\Windows\system32\DRIVERS\mrxsmb10.sys

14:17:23.0298 1844 mrxsmb10 - ok

14:17:23.0307 1844 mrxsmb20 (6b2d5fef385828b6e485c1c90afb8195) C:\Windows\system32\DRIVERS\mrxsmb20.sys

14:17:23.0329 1844 mrxsmb20 - ok

14:17:23.0338 1844 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys

14:17:23.0342 1844 msahci - ok

14:17:23.0352 1844 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys

14:17:23.0358 1844 msdsm - ok

14:17:23.0370 1844 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

14:17:23.0391 1844 Msfs - ok

14:17:23.0400 1844 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

14:17:23.0420 1844 mshidkmdf - ok

14:17:23.0429 1844 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys

14:17:23.0433 1844 msisadrv - ok

14:17:23.0444 1844 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

14:17:23.0465 1844 MSKSSRV - ok

14:17:23.0474 1844 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

14:17:23.0494 1844 MSPCLOCK - ok

14:17:23.0503 1844 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

14:17:23.0530 1844 MSPQM - ok

14:17:23.0541 1844 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys

14:17:23.0550 1844 MsRPC - ok

14:17:23.0560 1844 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys

14:17:23.0564 1844 mssmbios - ok

14:17:23.0573 1844 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

14:17:23.0593 1844 MSTEE - ok

14:17:23.0602 1844 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

14:17:23.0609 1844 MTConfig - ok

14:17:23.0618 1844 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

14:17:23.0623 1844 Mup - ok

14:17:23.0634 1844 mv91xx (38b4c95e821528fb91df16a78e04450f) C:\Windows\system32\DRIVERS\mv91xx.sys

14:17:23.0640 1844 mv91xx - ok

14:17:23.0652 1844 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

14:17:23.0664 1844 NativeWifiP - ok

14:17:23.0682 1844 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys

14:17:23.0695 1844 NDIS - ok

14:17:23.0705 1844 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

14:17:23.0726 1844 NdisCap - ok

14:17:23.0735 1844 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

14:17:23.0756 1844 NdisTapi - ok

14:17:23.0765 1844 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys

14:17:23.0787 1844 Ndisuio - ok

14:17:23.0797 1844 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys

14:17:23.0820 1844 NdisWan - ok

14:17:23.0829 1844 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys

14:17:23.0850 1844 NDProxy - ok

14:17:23.0859 1844 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

14:17:23.0880 1844 NetBIOS - ok

14:17:23.0890 1844 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys

14:17:23.0913 1844 NetBT - ok

14:17:23.0925 1844 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

14:17:23.0930 1844 nfrd960 - ok

14:17:23.0940 1844 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

14:17:23.0960 1844 Npfs - ok

14:17:23.0969 1844 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

14:17:23.0990 1844 nsiproxy - ok

14:17:24.0013 1844 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys

14:17:24.0039 1844 Ntfs - ok

14:17:24.0048 1844 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

14:17:24.0068 1844 Null - ok

14:17:24.0077 1844 nusb3hub (158ad24745bd85ba9be3c51c38f48c32) C:\Windows\system32\DRIVERS\nusb3hub.sys

14:17:24.0083 1844 nusb3hub - ok

14:17:24.0093 1844 nusb3xhc (d40a13b2c0891e218f9523b376955db6) C:\Windows\system32\DRIVERS\nusb3xhc.sys

14:17:24.0100 1844 nusb3xhc - ok

14:17:24.0110 1844 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys

14:17:24.0116 1844 nvraid - ok

14:17:24.0126 1844 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys

14:17:24.0132 1844 nvstor - ok

14:17:24.0141 1844 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys

14:17:24.0147 1844 nv_agp - ok

14:17:24.0156 1844 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys

14:17:24.0162 1844 ohci1394 - ok

14:17:24.0173 1844 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

14:17:24.0180 1844 Parport - ok

14:17:24.0189 1844 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys

14:17:24.0194 1844 partmgr - ok

14:17:24.0205 1844 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys

14:17:24.0212 1844 pci - ok

14:17:24.0221 1844 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys

14:17:24.0226 1844 pciide - ok

14:17:24.0236 1844 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

14:17:24.0243 1844 pcmcia - ok

14:17:24.0252 1844 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

14:17:24.0257 1844 pcw - ok

14:17:24.0270 1844 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

14:17:24.0298 1844 PEAUTH - ok

14:17:24.0320 1844 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys

14:17:24.0342 1844 PptpMiniport - ok

14:17:24.0351 1844 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

14:17:24.0358 1844 Processor - ok

14:17:24.0371 1844 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys

14:17:24.0393 1844 Psched - ok

14:17:24.0402 1844 pxkbf - ok

14:17:24.0411 1844 pxrts - ok

14:17:24.0421 1844 pxscan - ok

14:17:24.0443 1844 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

14:17:24.0469 1844 ql2300 - ok

14:17:24.0479 1844 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

14:17:24.0485 1844 ql40xx - ok

14:17:24.0495 1844 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

14:17:24.0504 1844 QWAVEdrv - ok

14:17:24.0526 1844 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

14:17:24.0547 1844 RasAcd - ok

14:17:24.0557 1844 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

14:17:24.0577 1844 RasAgileVpn - ok

14:17:24.0588 1844 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys

14:17:24.0611 1844 Rasl2tp - ok

14:17:24.0621 1844 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

14:17:24.0643 1844 RasPppoe - ok

14:17:24.0653 1844 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

14:17:24.0674 1844 RasSstp - ok

14:17:24.0686 1844 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys

14:17:24.0710 1844 rdbss - ok

14:17:24.0719 1844 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

14:17:24.0727 1844 rdpbus - ok

14:17:24.0737 1844 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

14:17:24.0758 1844 RDPCDD - ok

14:17:24.0768 1844 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

14:17:24.0789 1844 RDPENCDD - ok

14:17:24.0799 1844 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

14:17:24.0819 1844 RDPREFMP - ok

14:17:24.0829 1844 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys

14:17:24.0852 1844 RDPWD - ok

14:17:24.0863 1844 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys

14:17:24.0869 1844 rdyboost - ok

14:17:24.0883 1844 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

14:17:24.0904 1844 rspndr - ok

14:17:24.0909 1844 RTCore64 (2e887e52e45bba3c47ccd0e75fc5266f) C:\Program Files (x86)\MSI Afterburner\RTCore64.sys

14:17:24.0913 1844 RTCore64 - ok

14:17:24.0924 1844 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys

14:17:24.0930 1844 sbp2port - ok

14:17:24.0940 1844 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys

14:17:24.0961 1844 scfilter - ok

14:17:24.0973 1844 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

14:17:24.0994 1844 secdrv - ok

14:17:25.0006 1844 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

14:17:25.0012 1844 Serenum - ok

14:17:25.0022 1844 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

14:17:25.0029 1844 Serial - ok

14:17:25.0039 1844 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

14:17:25.0046 1844 sermouse - ok

14:17:25.0059 1844 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys

14:17:25.0067 1844 sffdisk - ok

14:17:25.0076 1844 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys

14:17:25.0084 1844 sffp_mmc - ok

14:17:25.0093 1844 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys

14:17:25.0101 1844 sffp_sd - ok

14:17:25.0110 1844 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

14:17:25.0117 1844 sfloppy - ok

14:17:25.0128 1844 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

14:17:25.0133 1844 SiSRaid2 - ok

14:17:25.0142 1844 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

14:17:25.0147 1844 SiSRaid4 - ok

14:17:25.0157 1844 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

14:17:25.0179 1844 Smb - ok

14:17:25.0190 1844 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

14:17:25.0195 1844 spldr - ok

14:17:25.0211 1844 srv (ec8f67289105bf270498095f14963464) C:\Windows\system32\DRIVERS\srv.sys

14:17:25.0237 1844 srv - ok

14:17:25.0250 1844 srv2 (f773d2ed090b7baa1c1a034f3ca476c8) C:\Windows\system32\DRIVERS\srv2.sys

14:17:25.0276 1844 srv2 - ok

14:17:25.0287 1844 srvnet (26e84d3649019c3244622e654dfcd75b) C:\Windows\system32\DRIVERS\srvnet.sys

14:17:25.0309 1844 srvnet - ok

14:17:25.0321 1844 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

14:17:25.0325 1844 stexstor - ok

14:17:25.0336 1844 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys

14:17:25.0340 1844 swenum - ok

14:17:25.0369 1844 Tcpip (912107716bab424c7870e8e6af5e07e1) C:\Windows\system32\drivers\tcpip.sys

14:17:25.0399 1844 Tcpip - ok

14:17:25.0424 1844 TCPIP6 (912107716bab424c7870e8e6af5e07e1) C:\Windows\system32\DRIVERS\tcpip.sys

14:17:25.0446 1844 TCPIP6 - ok

14:17:25.0456 1844 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys

14:17:25.0477 1844 tcpipreg - ok

14:17:25.0486 1844 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

14:17:25.0508 1844 TDPIPE - ok

14:17:25.0525 1844 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys

14:17:25.0547 1844 TDTCP - ok

14:17:25.0557 1844 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys

14:17:25.0579 1844 tdx - ok

14:17:25.0588 1844 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys

14:17:25.0593 1844 TermDD - ok

14:17:25.0607 1844 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys

14:17:25.0628 1844 tssecsrv - ok

14:17:25.0638 1844 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys

14:17:25.0661 1844 tunnel - ok

14:17:25.0670 1844 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

14:17:25.0675 1844 uagp35 - ok

14:17:25.0686 1844 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys

14:17:25.0710 1844 udfs - ok

14:17:25.0722 1844 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys

14:17:25.0727 1844 uliagpkx - ok

14:17:25.0736 1844 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys

14:17:25.0742 1844 umbus - ok

14:17:25.0751 1844 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

14:17:25.0757 1844 UmPass - ok

14:17:25.0767 1844 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys

14:17:25.0774 1844 usbccgp - ok

14:17:25.0784 1844 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys

14:17:25.0793 1844 usbcir - ok

14:17:25.0801 1844 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys

14:17:25.0808 1844 usbehci - ok

14:17:25.0820 1844 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys

14:17:25.0830 1844 usbhub - ok

14:17:25.0839 1844 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys

14:17:25.0846 1844 usbohci - ok

14:17:25.0855 1844 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

14:17:25.0864 1844 usbprint - ok

14:17:25.0873 1844 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS

14:17:25.0881 1844 USBSTOR - ok

14:17:25.0890 1844 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys

14:17:25.0896 1844 usbuhci - ok

14:17:25.0907 1844 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys

14:17:25.0912 1844 vdrvroot - ok

14:17:25.0922 1844 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

14:17:25.0930 1844 vga - ok

14:17:25.0939 1844 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

14:17:25.0960 1844 VgaSave - ok

14:17:25.0971 1844 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys

14:17:25.0978 1844 vhdmp - ok

14:17:25.0988 1844 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys

14:17:25.0992 1844 viaide - ok

14:17:26.0001 1844 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys

14:17:26.0006 1844 volmgr - ok

14:17:26.0018 1844 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys

14:17:26.0027 1844 volmgrx - ok

14:17:26.0039 1844 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys

14:17:26.0047 1844 volsnap - ok

14:17:26.0057 1844 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

14:17:26.0064 1844 vsmraid - ok

14:17:26.0074 1844 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys

14:17:26.0082 1844 vwifibus - ok

14:17:26.0093 1844 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

14:17:26.0099 1844 WacomPen - ok

14:17:26.0109 1844 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys

14:17:26.0131 1844 WANARP - ok

14:17:26.0133 1844 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys

14:17:26.0154 1844 Wanarpv6 - ok

14:17:26.0167 1844 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

14:17:26.0172 1844 Wd - ok

14:17:26.0186 1844 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

14:17:26.0199 1844 Wdf01000 - ok

14:17:26.0214 1844 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

14:17:26.0234 1844 WfpLwf - ok

14:17:26.0245 1844 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

14:17:26.0249 1844 WIMMount - ok

14:17:26.0266 1844 WmBEnum (680a7846370000d20d7e74917d5b7936) C:\Windows\system32\drivers\WmBEnum.sys

14:17:26.0269 1844 WmBEnum - ok

14:17:26.0279 1844 WmFilter (14c35ba8189c6f65d839163aa285e954) C:\Windows\system32\drivers\WmFilter.sys

14:17:26.0282 1844 WmFilter - ok

14:17:26.0292 1844 WmHidLo (ac4331af118a720f13c9c5cabbfe27bd) C:\Windows\system32\drivers\WmHidLo.sys

14:17:26.0296 1844 WmHidLo - ok

14:17:26.0306 1844 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys

14:17:26.0342 1844 WmiAcpi - ok

14:17:26.0354 1844 WmVirHid (8488dd91a3ee54a8e29f02ad7bb8201e) C:\Windows\system32\drivers\WmVirHid.sys

14:17:26.0357 1844 WmVirHid - ok

14:17:26.0366 1844 WmXlCore (14802b3a30aa849c97cb968ccc813bf3) C:\Windows\system32\drivers\WmXlCore.sys

14:17:26.0370 1844 WmXlCore - ok

14:17:26.0381 1844 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

14:17:26.0402 1844 ws2ifsl - ok

14:17:26.0414 1844 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys

14:17:26.0435 1844 WudfPf - ok

14:17:26.0446 1844 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys

14:17:26.0468 1844 WUDFRd - ok

14:17:26.0474 1844 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1

14:17:26.0481 1844 \Device\Harddisk1\DR1 - ok

14:17:26.0500 1844 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

14:17:30.0111 1844 \Device\Harddisk0\DR0 - ok

14:17:30.0112 1844 Boot (0x1200) (8ccecd7b01d14c267b66809b89489268) \Device\Harddisk1\DR1\Partition0

14:17:30.0112 1844 \Device\Harddisk1\DR1\Partition0 - ok

14:17:30.0113 1844 Boot (0x1200) (70ed206c67e593bb4f2ea9ee2478601d) \Device\Harddisk1\DR1\Partition1

14:17:30.0114 1844 \Device\Harddisk1\DR1\Partition1 - ok

14:17:30.0149 1844 Boot (0x1200) (a0d03fee30b0ffc9877bd02f3319cb06) \Device\Harddisk0\DR0\Partition0

14:17:30.0150 1844 \Device\Harddisk0\DR0\Partition0 - ok

14:17:30.0150 1844 ============================================================

14:17:30.0150 1844 Scan finished

14:17:30.0150 1844 ============================================================

14:17:30.0155 1092 Detected object count: 0

14:17:30.0155 1092 Actual detected object count: 0

Link to post
Share on other sites
LDTate

LDTate

Posted
Posted

Please do not attach the scan results from Combofx. Use copy/paste.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Download ComboFix from one of these locations:

Link 1

Link 2 If using this link, Right Click and select Save As.

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
  • Double click on ComboFix.exe & follow the prompts.
    Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.
    Note: If you have XP SP3, use the XP SP2 package.
    If Vista or Windows 7, skip the Recovery Console part
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RC1.png

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofx. Use copy/paste.

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites
watermonger

watermonger

Posted
  • Author
Posted

I dont notice any changes with the way my PC operates. I would have to open a lot of webpages to find out if I still get the occasional re-direct. Also want to add that I forgot to mention that I manually removed System Check with the Fileassassin tool before I noticed that kwrd.dll dissapeared.

ComboFix 12-01-30.02 - Administrator 01/30/2012 14:31:21.1.4 - x64

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.8169.5439 [GMT -8:00]

Running from: c:\users\Administrator\Desktop\ComboFix.exe

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

B:\Setup.exe

C:\Install.exe

c:\program files (x86)\LP

c:\program files (x86)\LP\46D0\2040.tmp

c:\program files (x86)\LP\46D0\2A5A.tmp

c:\program files (x86)\LP\46D0\A594.tmp

c:\programdata\~4JVFhmrawbMd2j

c:\programdata\~4JVFhmrawbMd2jr

c:\windows\assembly\temp\@

c:\windows\assembly\temp\bckfg.tmp

c:\windows\assembly\temp\cfg.ini

c:\windows\assembly\temp\keywords

c:\windows\system32\consrv.dll

c:\windows\System64

.

.

((((((((((((((((((((((((( Files Created from 2011-12-28 to 2012-01-30 )))))))))))))))))))))))))))))))

.

.

2012-01-30 02:46 . 2012-01-30 02:46 -------- d-----w- c:\users\Administrator\AppData\Roaming\IDM

2012-01-30 02:46 . 2012-01-30 02:52 -------- d-----w- c:\program files (x86)\Internet Download Manager

2012-01-29 09:11 . 2012-01-30 22:15 -------- d-----w- c:\program files (x86)\GridinSoft Trojan Killer

2012-01-19 00:58 . 2012-01-19 00:58 -------- d-----w- c:\users\Administrator\AppData\Roaming\Need for Speed World

2012-01-19 00:36 . 2012-01-19 00:36 -------- d-----w- c:\users\Administrator\AppData\Local\Electronic_Arts_Inc

2012-01-18 23:07 . 2012-01-18 23:07 -------- d-----w- c:\users\Administrator\AppData\Local\SanctionedMedia

2012-01-18 23:06 . 2012-01-19 00:29 -------- d-----w- c:\users\Administrator\AppData\Roaming\0E097

2012-01-17 19:58 . 2012-01-17 19:58 -------- d-----w- c:\program files\Common Files\Logitech

2012-01-17 02:25 . 2012-01-17 02:25 -------- d-----w- c:\program files (x86)\MegaDev

2012-01-08 02:24 . 2012-01-08 02:24 626688 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr80.dll

2012-01-08 02:24 . 2012-01-08 02:24 548864 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp80.dll

2012-01-08 02:24 . 2012-01-08 02:24 479232 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcm80.dll

2012-01-08 02:24 . 2012-01-08 02:24 43992 ----a-w- c:\program files (x86)\Mozilla Firefox\mozutils.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-01-30 02:00 . 2011-04-24 16:28 282864 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr

2012-01-30 02:00 . 2011-04-24 15:57 282864 ----a-w- c:\windows\SysWow64\PnkBstrB.exe

2012-01-30 01:59 . 2011-04-24 15:57 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0

2012-01-05 01:08 . 2011-04-24 15:57 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe

2011-12-10 23:24 . 2011-12-28 02:58 23152 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-11-30 17:44 . 2011-11-30 17:44 10497024 ----a-w- c:\windows\system32\drivers\atikmdag.sys

2011-11-30 17:19 . 2011-11-30 17:19 24887808 ----a-w- c:\windows\system32\atio6axx.dll

2011-11-30 17:03 . 2011-11-30 17:03 159744 ----a-w- c:\windows\system32\atiapfxx.exe

2011-11-30 17:03 . 2011-11-30 17:03 749568 ----a-w- c:\windows\SysWow64\aticfx32.dll

2011-11-30 17:01 . 2011-11-30 17:01 893440 ----a-w- c:\windows\system32\aticfx64.dll

2011-11-30 16:58 . 2011-11-30 16:58 466944 ----a-w- c:\windows\system32\ATIDEMGX.dll

2011-11-30 16:58 . 2011-11-30 16:58 517120 ----a-w- c:\windows\system32\atieclxx.exe

2011-11-30 16:58 . 2011-11-30 16:58 204288 ----a-w- c:\windows\system32\atiesrxx.exe

2011-11-30 16:58 . 2011-11-30 16:58 18829312 ----a-w- c:\windows\SysWow64\atioglxx.dll

2011-11-30 16:56 . 2011-11-30 16:56 120320 ----a-w- c:\windows\system32\atitmm64.dll

2011-11-30 16:56 . 2011-11-30 16:56 423424 ----a-w- c:\windows\system32\atipdl64.dll

2011-11-30 16:56 . 2011-11-30 16:56 356352 ----a-w- c:\windows\SysWow64\atipdlxx.dll

2011-11-30 16:56 . 2011-11-30 16:56 278528 ----a-w- c:\windows\SysWow64\Oemdspif.dll

2011-11-30 16:56 . 2011-11-30 16:56 21504 ----a-w- c:\windows\system32\atimuixx.dll

2011-11-30 16:55 . 2011-11-30 16:55 59392 ----a-w- c:\windows\system32\atiedu64.dll

2011-11-30 16:55 . 2011-11-30 16:55 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll

2011-11-30 16:51 . 2011-11-30 16:51 4327936 ----a-w- c:\windows\SysWow64\atidxx32.dll

2011-11-30 16:40 . 2011-11-30 16:40 5079552 ----a-w- c:\windows\system32\atidxx64.dll

2011-11-30 16:33 . 2011-11-30 16:33 1113088 ----a-w- c:\windows\system32\atiumd6v.dll

2011-11-30 16:33 . 2011-11-30 16:33 1828864 ----a-w- c:\windows\SysWow64\atiumdmv.dll

2011-11-30 16:33 . 2011-11-30 16:33 4044288 ----a-w- c:\windows\system32\atiumd6a.dll

2011-11-30 16:31 . 2011-11-30 16:31 51200 ----a-w- c:\windows\system32\aticalrt64.dll

2011-11-30 16:31 . 2011-11-30 16:31 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll

2011-11-30 16:31 . 2011-11-30 16:31 44544 ----a-w- c:\windows\system32\aticalcl64.dll

2011-11-30 16:31 . 2011-11-30 16:31 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll

2011-11-30 16:30 . 2011-11-30 16:30 9978880 ----a-w- c:\windows\system32\aticaldd64.dll

2011-11-30 16:28 . 2011-11-30 16:28 4356096 ----a-w- c:\windows\SysWow64\atiumdag.dll

2011-11-30 16:27 . 2011-11-30 16:27 8449024 ----a-w- c:\windows\SysWow64\aticaldd.dll

2011-11-30 16:24 . 2011-11-30 16:24 4189184 ----a-w- c:\windows\SysWow64\atiumdva.dll

2011-11-30 16:22 . 2011-11-30 16:22 5512704 ----a-w- c:\windows\system32\atiumd64.dll

2011-11-30 16:20 . 2011-11-30 16:20 58880 ----a-w- c:\windows\system32\coinst.dll

2011-11-30 16:14 . 2011-11-30 16:14 486912 ----a-w- c:\windows\system32\atiadlxx.dll

2011-11-30 16:14 . 2011-11-30 16:14 339968 ----a-w- c:\windows\SysWow64\atiadlxy.dll

2011-11-30 16:13 . 2011-11-30 16:13 17408 ----a-w- c:\windows\system32\atig6pxx.dll

2011-11-30 16:13 . 2011-11-30 16:13 14336 ----a-w- c:\windows\SysWow64\atiglpxx.dll

2011-11-30 16:13 . 2011-11-30 16:13 14336 ----a-w- c:\windows\system32\atiglpxx.dll

2011-11-30 16:13 . 2011-11-30 16:13 39936 ----a-w- c:\windows\system32\atig6txx.dll

2011-11-30 16:13 . 2011-11-30 16:13 32768 ----a-w- c:\windows\SysWow64\atigktxx.dll

2011-11-30 16:13 . 2011-11-30 16:13 326656 ----a-w- c:\windows\system32\drivers\atikmpag.sys

2011-11-30 16:12 . 2011-11-30 16:12 40960 ----a-w- c:\windows\system32\atiuxp64.dll

2011-11-30 16:12 . 2011-11-30 16:12 31744 ----a-w- c:\windows\SysWow64\atiuxpag.dll

2011-11-30 16:12 . 2011-11-30 16:12 38912 ----a-w- c:\windows\system32\atiu9p64.dll

2011-11-30 16:12 . 2011-11-30 16:12 29184 ----a-w- c:\windows\SysWow64\atiu9pag.dll

2011-11-30 16:11 . 2011-11-30 16:11 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll

2011-11-30 16:11 . 2011-11-30 16:11 54784 ----a-w- c:\windows\system32\atimpc64.dll

2011-11-30 16:11 . 2011-11-30 16:11 54784 ----a-w- c:\windows\system32\amdpcom64.dll

2011-11-30 16:11 . 2011-11-30 16:11 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll

2011-11-30 16:11 . 2011-11-30 16:11 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll

2011-11-29 18:19 . 2011-11-09 02:41 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-10-24 3077528]

"EADM"="c:\program files (x86)\Origin\Origin.exe" [2012-01-11 28201096]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-11-06 283160]

"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]

"BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-10-26 375000]

"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632]

"ASUS Ai Charger"="c:\program files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe" [2010-10-19 465536]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]

"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-08-15 1955208]

"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-11-30 343168]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-25 460872]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"HideSCAHealth"= 1 (0x1)

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-06 13336]

R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-25 652872]

R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]

R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]

R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-03-02 130976]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

R3 RTCore64;RTCore64;c:\program files (x86)\MSI Afterburner\RTCore64.sys [2010-05-27 14648]

S0 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys [x]

S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys [x]

S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe [2010-11-03 918144]

S2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe [2010-12-02 915584]

S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2010-10-21 586880]

S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-26 223464]

S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-08-15 2329480]

S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [x]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]

S3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [x]

S3 ICCWDT;Intel® Watchdog Timer Driver (Intel® WDT);c:\windows\system32\DRIVERS\ICCWDT.sys [x]

S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [x]

S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [x]

S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]

S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

Contents of the 'Scheduled Tasks' folder

.

2012-01-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2944524311-2623610160-1399968897-500Core.job

- c:\users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-30 23:26]

.

2012-01-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2944524311-2623610160-1399968897-500UA.job

- c:\users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-30 23:26]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-02 11545192]

"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2010-06-11 415816]

"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2010-06-11 2413128]

"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2010-06-11 4725320]

"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-15 190536]

"combofix"="c:\combofix\CF17364.3XE" [2009-07-14 344576]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyServer = http=127.0.0.1:60990

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

FF - ProfilePath - c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\62am1ccv.default\

FF - prefs.js: network.proxy.http - 127.0.0.1

FF - prefs.js: network.proxy.http_port - 60990

FF - prefs.js: network.proxy.type - 0

.

- - - - ORPHANS REMOVED - - - -

.

Wow6432Node-HKLM-Run-KndCLIWLJesl.exe - c:\programdata\KndCLIWLJesl.exe

AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

AddRemove-BattlEye - c:\program files (x86)\steam\steamapps\common\arma 2BattlEye\UnInstallBE.exe

AddRemove-Simple File Shredder - c:\program files (x86)\scar5\Simple File Shredder\uninst.exe

AddRemove-{bd8defa4-19fa-4964-9692-f1112d8a62d9}}_is1 - c:\program files (x86)\steam\steamapps\common\wings of prey\unins000.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-2944524311-2623610160-1399968897-500\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (Administrator)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d0,14,5c,e8,00,d2,92,4b,ac,b0,8e,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d0,14,5c,e8,00,d2,92,4b,ac,b0,8e,\

.

[HKEY_USERS\S-1-5-21-2944524311-2623610160-1399968897-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice]

@Denied: (2) (Administrator)

"Progid"="VLC.avi"

.

[HKEY_USERS\S-1-5-21-2944524311-2623610160-1399968897-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.div\UserChoice]

@Denied: (2) (Administrator)

"Progid"="divx_div_file"

.

[HKEY_USERS\S-1-5-21-2944524311-2623610160-1399968897-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.divx\UserChoice]

@Denied: (2) (Administrator)

"Progid"="divx_divx_file"

.

[HKEY_USERS\S-1-5-21-2944524311-2623610160-1399968897-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]

@Denied: (2) (Administrator)

"Progid"="ChromeHTML"

.

[HKEY_USERS\S-1-5-21-2944524311-2623610160-1399968897-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]

@Denied: (2) (Administrator)

"Progid"="ChromeHTML"

.

[HKEY_USERS\S-1-5-21-2944524311-2623610160-1399968897-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\UserChoice]

@Denied: (2) (Administrator)

"Progid"="IE.AssocFile.MHT"

.

[HKEY_USERS\S-1-5-21-2944524311-2623610160-1399968897-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\UserChoice]

@Denied: (2) (Administrator)

"Progid"="IE.AssocFile.MHT"

.

[HKEY_USERS\S-1-5-21-2944524311-2623610160-1399968897-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mkv\UserChoice]

@Denied: (2) (Administrator)

"Progid"="VLC.mkv"

.

[HKEY_USERS\S-1-5-21-2944524311-2623610160-1399968897-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]

@Denied: (2) (Administrator)

"Progid"="VLC.mp4"

.

[HKEY_USERS\S-1-5-21-2944524311-2623610160-1399968897-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nfo\UserChoice]

@Denied: (2) (Administrator)

"Progid"="Applications\\notepad.exe"

.

[HKEY_USERS\S-1-5-21-2944524311-2623610160-1399968897-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.qt\UserChoice]

@Denied: (2) (Administrator)

"Progid"="divx_qt_file"

.

[HKEY_USERS\S-1-5-21-2944524311-2623610160-1399968897-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]

@Denied: (2) (Administrator)

"Progid"="ChromeHTML"

.

[HKEY_USERS\S-1-5-21-2944524311-2623610160-1399968897-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.swf\UserChoice]

@Denied: (2) (Administrator)

"Progid"="Applications\\firefox.exe"

.

[HKEY_USERS\S-1-5-21-2944524311-2623610160-1399968897-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tix\UserChoice]

@Denied: (2) (Administrator)

"Progid"="divx_tix_file"

.

[HKEY_USERS\S-1-5-21-2944524311-2623610160-1399968897-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.url\UserChoice]

@Denied: (2) (Administrator)

"Progid"="IE.AssocFile.URL"

.

[HKEY_USERS\S-1-5-21-2944524311-2623610160-1399968897-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.WAX"

.

[HKEY_USERS\S-1-5-21-2944524311-2623610160-1399968897-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.ASF"

.

[HKEY_USERS\S-1-5-21-2944524311-2623610160-1399968897-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.WMD"

.

[HKEY_USERS\S-1-5-21-2944524311-2623610160-1399968897-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.WMS"

.

[HKEY_USERS\S-1-5-21-2944524311-2623610160-1399968897-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.ASX"

.

[HKEY_USERS\S-1-5-21-2944524311-2623610160-1399968897-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.WMZ"

.

[HKEY_USERS\S-1-5-21-2944524311-2623610160-1399968897-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.WVX"

.

[HKEY_USERS\S-1-5-21-2944524311-2623610160-1399968897-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]

@Denied: (2) (Administrator)

"Progid"="ChromeHTML"

.

[HKEY_USERS\S-1-5-21-2944524311-2623610160-1399968897-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]

@Denied: (2) (Administrator)

"Progid"="ChromeHTML"

.

[HKEY_USERS\S-1-5-21-2944524311-2623610160-1399968897-500_Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]

@Denied: (Full) (Everyone)

@Allowed: (Read) (RestrictedCode)

"scansk"=hex(0):68,60,49,79,d7,0d,6a,fb,63,99,fb,76,80,ec,cc,c3,b0,97,09,4c,4a,

04,3d,a3,72,15,c5,a0,d8,19,90,b8,12,12,97,f9,c1,8c,d6,0e,00,00,00,00,00,00,\

.

[HKEY_USERS\S-1-5-21-2944524311-2623610160-1399968897-500_Classes\Wow6432Node\CLSID\{76aacfd0-4186-4756-952c-174ee63426af}]

@Denied: (Full) (Everyone)

@Allowed: (Read) (RestrictedCode)

"Model"=dword:0000010c

"Therad"=dword:0000001e

"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,

38,95,44,ca,dc,ff,68,c2,35,c7,44,50,bd,c6,da,83,52,53,b6,04,61,b2,ac,39,ed,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\windows\SysWOW64\PnkBstrA.exe

c:\program files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe

c:\program files (x86)\ASUS\AI Suite II\AsRoutineController.exe

c:\program files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe

c:\program files (x86)\ASUS\AI Suite II\AI Suite II.exe

c:\program files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe

c:\program files (x86)\Windows Media Player\wmplayer.exe

.

**************************************************************************

.

Completion time: 2012-01-30 14:36:14 - machine was rebooted

ComboFix-quarantined-files.txt 2012-01-30 22:36

.

Pre-Run: 12,797,595,648 bytes free

Post-Run: 12,524,773,376 bytes free

.

- - End Of File - - 719AF95E711ABDC97103BE12430541A4

Link to post
Share on other sites
LDTate

LDTate

Posted
Posted

Copy/paste the text in the Codebox below into notepad:

Here's how to do that:

Click Start > Run type Notepad click OK.

This will open an empty notepad file:

Take your mouse, and place your cursor at the beginning of the text in the box below, then click and hold the left mouse button, while pulling your mouse over the text. This should highlight the text. Now release the left mouse button. Now, with the cursor over the highlighted text, right click the mouse for options, and select 'copy'. Now over the empty Notepad box, right click your mouse again, and select 'paste' and you will have copied and pasted the text. 

KillAll::

DDS::
uInternet Settings,ProxyServer = http=127.0.0.1:60990

FireFox::
FF - ProfilePath - c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\62am1ccv.default\
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 60990
FF - prefs.js: network.proxy.type - 0

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;

2.Click Save As... Change the directory to your desktop;

3.Change the Save as type to "All Files";

4.Type in the file name: CFScript

5.Click Save ...

CFScriptB-4.gif

Drag CFScript.txt into ComboFix.exe

Then post the results log using Copy / Paste

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites
watermonger

watermonger

Posted
  • Author
Posted

ComboFix 12-01-30.02 - Administrator 01/30/2012 14:52:03.2.4 - x64

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.8169.6355 [GMT -8:00]

Running from: c:\users\Administrator\Desktop\ComboFix.exe

Command switches used :: c:\users\Administrator\Desktop\CFScript.txt

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((( Files Created from 2011-12-28 to 2012-01-30 )))))))))))))))))))))))))))))))

.

.

2012-01-30 22:54 . 2012-01-30 22:54 -------- d-----w- c:\users\M-censoreding-E\AppData\Local\temp

2012-01-30 22:54 . 2012-01-30 22:54 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-01-30 02:46 . 2012-01-30 02:46 -------- d-----w- c:\users\Administrator\AppData\Roaming\IDM

2012-01-30 02:46 . 2012-01-30 02:52 -------- d-----w- c:\program files (x86)\Internet Download Manager

2012-01-29 09:11 . 2012-01-30 22:15 -------- d-----w- c:\program files (x86)\GridinSoft Trojan Killer

2012-01-19 00:58 . 2012-01-19 00:58 -------- d-----w- c:\users\Administrator\AppData\Roaming\Need for Speed World

2012-01-19 00:36 . 2012-01-19 00:36 -------- d-----w- c:\users\Administrator\AppData\Local\Electronic_Arts_Inc

2012-01-18 23:07 . 2012-01-18 23:07 -------- d-----w- c:\users\Administrator\AppData\Local\SanctionedMedia

2012-01-18 23:06 . 2012-01-19 00:29 -------- d-----w- c:\users\Administrator\AppData\Roaming\0E097

2012-01-17 19:58 . 2012-01-17 19:58 -------- d-----w- c:\program files\Common Files\Logitech

2012-01-17 02:25 . 2012-01-17 02:25 -------- d-----w- c:\program files (x86)\MegaDev

2012-01-08 02:24 . 2012-01-08 02:24 626688 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr80.dll

2012-01-08 02:24 . 2012-01-08 02:24 548864 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp80.dll

2012-01-08 02:24 . 2012-01-08 02:24 479232 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcm80.dll

2012-01-08 02:24 . 2012-01-08 02:24 43992 ----a-w- c:\program files (x86)\Mozilla Firefox\mozutils.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-01-30 02:00 . 2011-04-24 16:28 282864 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr

2012-01-30 02:00 . 2011-04-24 15:57 282864 ----a-w- c:\windows\SysWow64\PnkBstrB.exe

2012-01-30 01:59 . 2011-04-24 15:57 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0

2012-01-05 01:08 . 2011-04-24 15:57 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe

2011-12-10 23:24 . 2011-12-28 02:58 23152 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-11-30 17:44 . 2011-11-30 17:44 10497024 ----a-w- c:\windows\system32\drivers\atikmdag.sys

2011-11-30 17:19 . 2011-11-30 17:19 24887808 ----a-w- c:\windows\system32\atio6axx.dll

2011-11-30 17:03 . 2011-11-30 17:03 159744 ----a-w- c:\windows\system32\atiapfxx.exe

2011-11-30 17:03 . 2011-11-30 17:03 749568 ----a-w- c:\windows\SysWow64\aticfx32.dll

2011-11-30 17:01 . 2011-11-30 17:01 893440 ----a-w- c:\windows\system32\aticfx64.dll

2011-11-30 16:58 . 2011-11-30 16:58 466944 ----a-w- c:\windows\system32\ATIDEMGX.dll

2011-11-30 16:58 . 2011-11-30 16:58 517120 ----a-w- c:\windows\system32\atieclxx.exe

2011-11-30 16:58 . 2011-11-30 16:58 204288 ----a-w- c:\windows\system32\atiesrxx.exe

2011-11-30 16:58 . 2011-11-30 16:58 18829312 ----a-w- c:\windows\SysWow64\atioglxx.dll

2011-11-30 16:56 . 2011-11-30 16:56 120320 ----a-w- c:\windows\system32\atitmm64.dll

2011-11-30 16:56 . 2011-11-30 16:56 423424 ----a-w- c:\windows\system32\atipdl64.dll

2011-11-30 16:56 . 2011-11-30 16:56 356352 ----a-w- c:\windows\SysWow64\atipdlxx.dll

2011-11-30 16:56 . 2011-11-30 16:56 278528 ----a-w- c:\windows\SysWow64\Oemdspif.dll

2011-11-30 16:56 . 2011-11-30 16:56 21504 ----a-w- c:\windows\system32\atimuixx.dll

2011-11-30 16:55 . 2011-11-30 16:55 59392 ----a-w- c:\windows\system32\atiedu64.dll

2011-11-30 16:55 . 2011-11-30 16:55 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll

2011-11-30 16:51 . 2011-11-30 16:51 4327936 ----a-w- c:\windows\SysWow64\atidxx32.dll

2011-11-30 16:40 . 2011-11-30 16:40 5079552 ----a-w- c:\windows\system32\atidxx64.dll

2011-11-30 16:33 . 2011-11-30 16:33 1113088 ----a-w- c:\windows\system32\atiumd6v.dll

2011-11-30 16:33 . 2011-11-30 16:33 1828864 ----a-w- c:\windows\SysWow64\atiumdmv.dll

2011-11-30 16:33 . 2011-11-30 16:33 4044288 ----a-w- c:\windows\system32\atiumd6a.dll

2011-11-30 16:31 . 2011-11-30 16:31 51200 ----a-w- c:\windows\system32\aticalrt64.dll

2011-11-30 16:31 . 2011-11-30 16:31 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll

2011-11-30 16:31 . 2011-11-30 16:31 44544 ----a-w- c:\windows\system32\aticalcl64.dll

2011-11-30 16:31 . 2011-11-30 16:31 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll

2011-11-30 16:30 . 2011-11-30 16:30 9978880 ----a-w- c:\windows\system32\aticaldd64.dll

2011-11-30 16:28 . 2011-11-30 16:28 4356096 ----a-w- c:\windows\SysWow64\atiumdag.dll

2011-11-30 16:27 . 2011-11-30 16:27 8449024 ----a-w- c:\windows\SysWow64\aticaldd.dll

2011-11-30 16:24 . 2011-11-30 16:24 4189184 ----a-w- c:\windows\SysWow64\atiumdva.dll

2011-11-30 16:22 . 2011-11-30 16:22 5512704 ----a-w- c:\windows\system32\atiumd64.dll

2011-11-30 16:20 . 2011-11-30 16:20 58880 ----a-w- c:\windows\system32\coinst.dll

2011-11-30 16:14 . 2011-11-30 16:14 486912 ----a-w- c:\windows\system32\atiadlxx.dll

2011-11-30 16:14 . 2011-11-30 16:14 339968 ----a-w- c:\windows\SysWow64\atiadlxy.dll

2011-11-30 16:13 . 2011-11-30 16:13 17408 ----a-w- c:\windows\system32\atig6pxx.dll

2011-11-30 16:13 . 2011-11-30 16:13 14336 ----a-w- c:\windows\SysWow64\atiglpxx.dll

2011-11-30 16:13 . 2011-11-30 16:13 14336 ----a-w- c:\windows\system32\atiglpxx.dll

2011-11-30 16:13 . 2011-11-30 16:13 39936 ----a-w- c:\windows\system32\atig6txx.dll

2011-11-30 16:13 . 2011-11-30 16:13 32768 ----a-w- c:\windows\SysWow64\atigktxx.dll

2011-11-30 16:13 . 2011-11-30 16:13 326656 ----a-w- c:\windows\system32\drivers\atikmpag.sys

2011-11-30 16:12 . 2011-11-30 16:12 40960 ----a-w- c:\windows\system32\atiuxp64.dll

2011-11-30 16:12 . 2011-11-30 16:12 31744 ----a-w- c:\windows\SysWow64\atiuxpag.dll

2011-11-30 16:12 . 2011-11-30 16:12 38912 ----a-w- c:\windows\system32\atiu9p64.dll

2011-11-30 16:12 . 2011-11-30 16:12 29184 ----a-w- c:\windows\SysWow64\atiu9pag.dll

2011-11-30 16:11 . 2011-11-30 16:11 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll

2011-11-30 16:11 . 2011-11-30 16:11 54784 ----a-w- c:\windows\system32\atimpc64.dll

2011-11-30 16:11 . 2011-11-30 16:11 54784 ----a-w- c:\windows\system32\amdpcom64.dll

2011-11-30 16:11 . 2011-11-30 16:11 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll

2011-11-30 16:11 . 2011-11-30 16:11 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll

2011-11-29 18:19 . 2011-11-09 02:41 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

.

.

((((((((((((((((((((((((((((( SnapShot@2012-01-30_22.35.19 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-07-14 05:10 . 2012-01-30 22:36 33458 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2011-04-24 06:03 . 2012-01-30 22:35 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2011-04-24 06:03 . 2012-01-30 21:56 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2011-04-24 06:03 . 2012-01-30 21:56 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2011-04-24 06:03 . 2012-01-30 22:35 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2011-06-10 22:33 . 2012-01-30 22:36 7348 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2944524311-2623610160-1399968897-500_UserData.bin

- 2011-06-10 22:33 . 2012-01-30 21:57 7348 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2944524311-2623610160-1399968897-500_UserData.bin

+ 2012-01-30 22:55 . 2012-01-30 22:55 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2012-01-30 22:35 . 2012-01-30 22:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-01-30 22:55 . 2012-01-30 22:55 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2012-01-30 22:35 . 2012-01-30 22:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2009-07-14 02:36 . 2012-01-30 21:59 636154 c:\windows\system32\perfh009.dat

+ 2009-07-14 02:36 . 2012-01-30 22:39 636154 c:\windows\system32\perfh009.dat

+ 2009-07-14 02:36 . 2012-01-30 22:39 110334 c:\windows\system32\perfc009.dat

- 2009-07-14 02:36 . 2012-01-30 21:59 110334 c:\windows\system32\perfc009.dat

- 2009-07-14 05:01 . 2012-01-30 22:34 253092 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2009-07-14 05:01 . 2012-01-30 22:54 253092 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2011-06-11 08:19 . 2012-01-30 22:54 13185496 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2944524311-2623610160-1399968897-500-12288.dat

- 2011-06-11 08:19 . 2012-01-30 22:34 13185496 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2944524311-2623610160-1399968897-500-12288.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-10-24 3077528]

"EADM"="c:\program files (x86)\Origin\Origin.exe" [2012-01-11 28201096]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-11-06 283160]

"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]

"BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-10-26 375000]

"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632]

"ASUS Ai Charger"="c:\program files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe" [2010-10-19 465536]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]

"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-08-15 1955208]

"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-11-30 343168]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-25 460872]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"HideSCAHealth"= 1 (0x1)

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-06 13336]

R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-25 652872]

R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]

R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]

R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-03-02 130976]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

R3 RTCore64;RTCore64;c:\program files (x86)\MSI Afterburner\RTCore64.sys [2010-05-27 14648]

S0 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys [x]

S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys [x]

S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe [2010-11-03 918144]

S2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe [2010-12-02 915584]

S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2010-10-21 586880]

S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-26 223464]

S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-08-15 2329480]

S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [x]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]

S3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [x]

S3 ICCWDT;Intel® Watchdog Timer Driver (Intel® WDT);c:\windows\system32\DRIVERS\ICCWDT.sys [x]

S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [x]

S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [x]

S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]

S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-01-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2944524311-2623610160-1399968897-500Core.job

- c:\users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-30 23:26]

.

2012-01-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2944524311-2623610160-1399968897-500UA.job

- c:\users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-30 23:26]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-02 11545192]

"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2010-06-11 415816]

"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2010-06-11 2413128]

"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2010-06-11 4725320]

"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-15 190536]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

FF - ProfilePath - c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\62am1ccv.default\

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-2944524311-2623610160-1399968897-500\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (Administrator)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d0,14,5c,e8,00,d2,92,4b,ac,b0,8e,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d0,14,5c,e8,00,d2,92,4b,ac,b0,8e,\

.

[HKEY_USERS\S-1-5-21-2944524311-2623610160-1399968897-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice]

@Denied: (2) (Administrator)

"Progid"="VLC.avi"

.

[HKEY_USERS\S-1-5-21-2944524311-2623610160-1399968897-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.div\UserChoice]

@Denied: (2) (Administrator)

"Progid"="divx_div_file"

.

[HKEY_USERS\S-1-5-21-2944524311-2623610160-1399968897-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.divx\UserChoice]

@Denied: (2) (Administrator)

"Progid"="divx_divx_file"

.

[HKEY_USERS\S-1-5-21-2944524311-2623610160-1399968897-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]

@Denied: (2) (Administrator)

"Progid"="ChromeHTML"

.

[HKEY_USERS\S-1-5-21-2944524311-2623610160-1399968897-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]

@Denied: (2) (Administrator)

"Progid"="ChromeHTML"

.

[HKEY_USERS\S-1-5-21-2944524311-2623610160-1399968897-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\UserChoice]

@Denied: (2) (Administrator)

"Progid"="IE.AssocFile.MHT"

.

[HKEY_USERS\S-1-5-21-2944524311-2623610160-1399968897-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\UserChoice]

@Denied: (2) (Administrator)

"Progid"="IE.AssocFile.MHT"

.

[HKEY_USERS\S-1-5-21-2944524311-2623610160-1399968897-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mkv\UserChoice]

@Denied: (2) (Administrator)

"Progid"="VLC.mkv"

.

[HKEY_USERS\S-1-5-21-2944524311-2623610160-1399968897-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]

@Denied: (2) (Administrator)

"Progid"="VLC.mp4"

.

[HKEY_USERS\S-1-5-21-2944524311-2623610160-1399968897-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nfo\UserChoice]

@Denied: (2) (Administrator)

"Progid"="Applications\\notepad.exe"

.

[HKEY_USERS\S-1-5-21-2944524311-2623610160-1399968897-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.qt\UserChoice]

@Denied: (2) (Administrator)

"Progid"="divx_qt_file"

.

[HKEY_USERS\S-1-5-21-2944524311-2623610160-1399968897-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]

@Denied: (2) (Administrator)

"Progid"="ChromeHTML"

.

[HKEY_USERS\S-1-5-21-2944524311-2623610160-1399968897-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.swf\UserChoice]

@Denied: (2) (Administrator)

"Progid"="Applications\\firefox.exe"

.

[HKEY_USERS\S-1-5-21-2944524311-2623610160-1399968897-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tix\UserChoice]

@Denied: (2) (Administrator)

"Progid"="divx_tix_file"

.

[HKEY_USERS\S-1-5-21-2944524311-2623610160-1399968897-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.url\UserChoice]

@Denied: (2) (Administrator)

"Progid"="IE.AssocFile.URL"

.

[HKEY_USERS\S-1-5-21-2944524311-2623610160-1399968897-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.WAX"

.

[HKEY_USERS\S-1-5-21-2944524311-2623610160-1399968897-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.ASF"

.

[HKEY_USERS\S-1-5-21-2944524311-2623610160-1399968897-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.WMD"

.

[HKEY_USERS\S-1-5-21-2944524311-2623610160-1399968897-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.WMS"

.

[HKEY_USERS\S-1-5-21-2944524311-2623610160-1399968897-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.ASX"

.

[HKEY_USERS\S-1-5-21-2944524311-2623610160-1399968897-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.WMZ"

.

[HKEY_USERS\S-1-5-21-2944524311-2623610160-1399968897-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.WVX"

.

[HKEY_USERS\S-1-5-21-2944524311-2623610160-1399968897-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]

@Denied: (2) (Administrator)

"Progid"="ChromeHTML"

.

[HKEY_USERS\S-1-5-21-2944524311-2623610160-1399968897-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]

@Denied: (2) (Administrator)

"Progid"="ChromeHTML"

.

[HKEY_USERS\S-1-5-21-2944524311-2623610160-1399968897-500_Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]

@Denied: (Full) (Everyone)

@Allowed: (Read) (RestrictedCode)

"scansk"=hex(0):68,60,49,79,d7,0d,6a,fb,63,99,fb,76,80,ec,cc,c3,b0,97,09,4c,4a,

04,3d,a3,72,15,c5,a0,d8,19,90,b8,12,12,97,f9,c1,8c,d6,0e,00,00,00,00,00,00,\

.

[HKEY_USERS\S-1-5-21-2944524311-2623610160-1399968897-500_Classes\Wow6432Node\CLSID\{76aacfd0-4186-4756-952c-174ee63426af}]

@Denied: (Full) (Everyone)

@Allowed: (Read) (RestrictedCode)

"Model"=dword:0000010c

"Therad"=dword:0000001e

"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,

38,95,44,ca,dc,ff,68,c2,35,c7,44,50,bd,c6,da,83,52,53,b6,04,61,b2,ac,39,ed,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\windows\SysWOW64\PnkBstrA.exe

c:\program files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe

c:\program files (x86)\ASUS\AI Suite II\AsRoutineController.exe

c:\program files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe

c:\program files (x86)\ASUS\AI Suite II\AI Suite II.exe

c:\program files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe

c:\program files (x86)\Windows Media Player\wmplayer.exe

c:\program files (x86)\Mozilla Firefox\firefox.exe

.

**************************************************************************

.

Completion time: 2012-01-30 14:56:23 - machine was rebooted

ComboFix-quarantined-files.txt 2012-01-30 22:56

ComboFix2.txt 2012-01-30 22:36

.

Pre-Run: 12,552,773,632 bytes free

Post-Run: 13,160,419,328 bytes free

.

- - End Of File - - 988826F2B170DB914EA90AB6DADDB700

Link to post
Share on other sites
LDTate

LDTate

Posted
Posted

I don't know much about Nod32, but if you feel it's a good AV then install it.

Here's a couple free ones just in case.

Only run one Anti-Virus at a time.

Use an AntiVirus Software - Choose only one - More than one will conflict. It is very important that your computer has anti-virus software running to protect against viruses. Update Antivirus prior to manual scans as necessary or as used. Please only choose one, having more than one can cause problems, such as crashes and your computer to slow down.

Link to post
Share on other sites
LDTate

LDTate

Posted
Posted

I don't know much about Nod32, but if you feel it's a good AV then install it.

Here's a couple free ones just in case.

Only run one Anti-Virus at a time.

Use an AntiVirus Software - Choose only one - More than one will conflict. It is very important that your computer has anti-virus software running to protect against viruses. Update Antivirus prior to manual scans as necessary or as used. Please only choose one, having more than one can cause problems, such as crashes and your computer to slow down.

Link to post
Share on other sites
LDTate

LDTate

Posted
Posted

You also need to uninstall Combofix.

Good job thumbup.gif

The following will implement some cleanup procedures as well as reset System Restore points:

For XP:

  • Click START run
  • Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.

For Vista / Windows 7

  • Click START Search
  • Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.

Here's my usual all clean post

To be on the safe side, I would also change all my passwords.

This infection appears to have been cleaned, but as the malware could be configured to run any program a remote attacker requires, it's impossible to be 100% sure that any machine is clean.

Log looks good :D

  • Update your AntiVirus Software - It is imperative that you update your Antivirus software at least once a week
    (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer.
    Without a firewall your computer is succeptible to being hacked and taken over.
    I am very serious about this and see it happen almost every day with my clients.
    Simply using a Firewall in its default configuration can lower your risk greatly.
  • Using a secure browser plugin M86 SecureBrowsing makes it safe to search, surf and socialize online. This free browser plug-in displays security icons next to links on search engines and social networking sites like Facebook, Twitter and LinkedIn, so you'll know which pages are safe and which ones to avoid.
    •Free browser plug-in for Internet Explorer and Firefox
    •Real-time safety ratings
    •Ideal for Facebook, Twitter and LinkedIn
  • JAVA Click this link and click on the Free JAVA Download
  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly.
    This will ensure your computer has always the latest security updates available installed on your computer.
    If there are new updates to install, install them immediately, reboot your computer, and revisit the site
    until there are no more critical updates.

Only run one Anti-Virus and Firewall program.

I would suggest you read:

PC Safety and Security--What Do I Need?.

How to Prevent Malware:

The full version of Malwarebytes' Anti-Malware could have helped protect your computer against this threat.

We use different ways of protecting your computer(s):

  • Dynamically Blocks Malware Sites & Servers
  • Malware Execution Prevention

Save yourself the hassle and get protected.

Link to post
Share on other sites
LDTate

LDTate

Posted
Posted

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.