Jump to content

Possible virus infection?

TheExplorer

By TheExplorer
in Resolved Malware Removal Logs

 Share

Recommended Posts

TheExplorer

TheExplorer

Posted
Posted

Merged 3 post

So, my PC is a rather fresh install...I reinstalled my PC about a month ago. I had a virus that would hide the sound options on my desktop and would make my mouse cursor and scrolling really jumpy. I never found the virus, and my PC was slow and everything I did would cause my PC to lock up. That was fixed...however. My PC has been acting a bit strange, again.

SVCHost seems to be using more disk than usual. When I first reinstalled, my harddrive was fine...but now when SVCHost begins to run, my harddrive starts getting rather loud, like it is loading a lot of things...even if all I'm doing is surfing the internet or just letting it idle. But, my PC doesn't seem to be doing anything like it did before...my sound doesn't disappear, my mouse acts normal and it doesn't randomly lock up. And some small weird things happen, like with Steam forgot all my settings for each game and redownloaded files I already had...but that might have been a Steam thing, but no one else reported it.

So, earlier. My IT guy scanned with malwayre bytes, it found nothing.

(malwarebytes log)

Malwarebytes Anti-Malware 1.60.1.1000

www.malwarebytes.org

Database version: v2012.02.19.05

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Cody :: CODY-PC [administrator]

2/19/2012 5:12:25 PM

mbam-log-2012-02-19 (17-12-25).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 203231

Time elapsed: 2 minute(s), 1 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

He then scanned with Norton AntiVirus 2012, but that too found nothing.

However, he finally decided to scan Combofix. And the same exact virus Combofix found before I reinstalled my PC (new harddrive as well) was back. It quarantined it as "install.exe.vir", and that same one kept popping up before. None of the virus scanners find it, only Combofix ever found it. And I can never actually see the file when its in the folder. And now it seems to be back. He wasn't able to pursue it further due to an emergency call, he had to leave after trying to find the source. He suggested I come here and see if you guys have any idea of how to get rid of install.exe virus, and if he gets back and Combofix still finds it, he'll go further...unless it is already fixed.

I'll post the Combofix log in the second and third post if it is too long for one post.

ComboFix 12-02-19.02 - Cody 02/19/2012 16:43:32.1.4 - x64

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8126.6245 [GMT -8:00]

Running from: c:\users\Cody\Desktop\ComboFix.exe

AV: Norton AntiVirus *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Norton AntiVirus *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\Install.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-01-20 to 2012-02-20 )))))))))))))))))))))))))))))))

.

.

2012-02-19 23:38 . 2012-02-19 23:38 -------- d-----w- c:\users\Cody\AppData\Local\dxhr

2012-02-19 23:36 . 2012-02-19 23:36 -------- d-----w- c:\users\Cody\AppData\Local\28050

2012-02-19 23:33 . 2008-07-12 16:18 467984 ----a-w- c:\windows\SysWow64\d3dx10_39.dll

2012-02-19 23:33 . 2008-07-12 16:18 1493528 ----a-w- c:\windows\SysWow64\D3DCompiler_39.dll

2012-02-19 23:33 . 2008-07-12 16:18 540688 ----a-w- c:\windows\system32\d3dx10_39.dll

2012-02-19 23:33 . 2008-07-12 16:18 1942552 ----a-w- c:\windows\system32\D3DCompiler_39.dll

2012-02-19 23:33 . 2008-07-12 16:18 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll

2012-02-19 23:33 . 2008-07-12 16:18 4992520 ----a-w- c:\windows\system32\D3DX9_39.dll

2012-02-19 16:16 . 2012-02-19 16:16 -------- d-----w- c:\windows\C5C1C0F0D62F4DBF81D4D7EF397C228B.TMP

2012-02-17 23:55 . 2012-02-17 23:55 -------- d-----w- c:\users\Cody\AppData\Local\Google

2012-02-17 14:45 . 2012-01-06 05:15 8602168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EBA1A4D7-4C24-4B9E-8713-AE6D8D97DD80}\mpengine.dll

2012-02-16 04:09 . 2012-02-19 16:16 -------- d-----w- c:\program files (x86)\Common Files\BioWare

2012-02-15 15:37 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll

2012-02-15 15:37 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll

2012-02-15 15:37 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl

2012-02-15 15:37 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl

2012-02-15 15:37 . 2012-01-14 04:06 3145728 ----a-w- c:\windows\system32\win32k.sys

2012-02-15 15:37 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys

2012-02-15 15:37 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll

2012-02-15 15:37 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll

2012-02-14 16:00 . 2012-02-14 15:59 314360 ----a-w- c:\windows\system32\EvoDisplayHelper.dll

2012-02-14 16:00 . 2012-02-14 15:59 197112 ----a-w- c:\windows\SysWow64\EvoDisplayHelper.dll

2012-02-14 15:58 . 2012-02-14 15:58 -------- d-----w- c:\programdata\Echobit

2012-02-14 15:58 . 2012-02-14 15:58 -------- d-----w- c:\users\Cody\AppData\Local\Echobit

2012-02-13 05:22 . 2012-02-13 05:22 -------- d-----w- c:\users\Cody\AppData\Local\SKIDROW

2012-02-13 05:22 . 2012-02-13 05:22 -------- d-----w- c:\users\Cody\AppData\Local\BigHugeEngine

2012-02-12 18:26 . 2012-02-17 22:41 -------- d-----w- c:\users\Cody\AppData\Roaming\uTorrent

2012-02-11 05:15 . 2012-02-11 05:15 -------- d-----w- c:\users\Cody\AppData\Local\Funcom

2012-02-11 05:15 . 2012-02-18 17:16 -------- d-----w- c:\programdata\media center programs

2012-02-11 05:15 . 2012-02-11 05:15 -------- d-----w- c:\program files (x86)\Funcom

2012-02-09 21:32 . 2012-02-09 21:32 -------- d-----w- C:\.jagex_cache_32

2012-02-09 21:31 . 2012-02-09 21:31 -------- d-----w- c:\users\Cody\jagexcache

2012-02-08 03:28 . 2012-02-08 03:28 750488 ----a-w- c:\windows\system32\npdeployJava1.dll

2012-02-08 03:28 . 2012-02-08 03:28 660368 ----a-w- c:\windows\system32\deployJava1.dll

2012-02-08 03:28 . 2012-02-08 03:28 -------- d-----w- c:\program files\Java

2012-02-06 15:44 . 2012-02-14 16:03 -------- d-----w- c:\users\Cody\AppData\Roaming\Xfire

2012-02-06 15:44 . 2012-02-06 15:50 -------- d-----w- c:\programdata\Xfire

2012-02-06 15:44 . 2012-02-06 15:44 -------- d-----w- c:\program files (x86)\Xfire

2012-02-05 21:13 . 2012-02-05 21:13 -------- d-----w- c:\users\Cody\.haven

2012-02-03 09:31 . 2012-02-03 09:31 42392 ----a-w- c:\windows\SysWow64\xfcodec.dll

2012-02-03 09:31 . 2012-02-03 09:31 28056 ----a-w- c:\windows\system32\xfcodec64.dll

2012-01-29 04:40 . 2012-02-10 02:23 -------- d-----w- c:\users\Cody\AppData\Roaming\.minecraft

2012-01-29 04:39 . 2012-01-29 04:39 -------- d-----w- c:\program files (x86)\Common Files\Java

2012-01-29 04:39 . 2012-01-29 04:39 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-01-29 04:39 . 2012-01-29 04:39 -------- d-----w- c:\program files (x86)\Java

2012-01-28 15:28 . 2012-02-08 15:46 -------- d-----w- c:\windows\system32\drivers\NAVx64\1305000.091

2012-01-27 06:16 . 2012-01-27 06:16 -------- d-----w- c:\programdata\Macrium

2012-01-27 06:14 . 2012-01-27 06:14 -------- d-----w- c:\program files\Macrium

2012-01-27 05:52 . 2012-01-27 05:52 -------- d-----w- c:\users\Cody\AppData\Roaming\MinMaxGames

2012-01-26 12:17 . 2012-01-26 12:17 416064 ----a-w- c:\windows\SysWow64\nvStreaming.exe

2012-01-26 05:15 . 2012-01-27 05:50 -------- d-----w- c:\users\Cody\AppData\Roaming\NVIDIA

2012-01-26 04:55 . 2012-01-26 04:55 -------- d-----w- c:\windows\3F5C371F8EA24F259D3DD0B4526E3AEA.TMP

2012-01-26 04:55 . 2012-02-19 16:16 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard

2012-01-26 04:30 . 2012-01-26 04:30 -------- d-----w- c:\users\Cody\AppData\Local\Desura

2012-01-26 04:27 . 2012-01-26 04:27 -------- d-----w- c:\program files (x86)\Common Files\Desura

2012-01-26 04:27 . 2012-01-26 04:27 -------- d-----w- c:\programdata\Desura

2012-01-26 04:27 . 2012-01-26 04:39 -------- d-----w- c:\program files (x86)\Desura

2012-01-22 01:43 . 2012-02-04 04:09 -------- d-----w- C:\Fraps

2012-01-21 01:30 . 2012-01-31 08:38 -------- d-----w- c:\users\Cody\AppData\Roaming\vlc

2012-01-21 01:29 . 2012-01-21 01:29 -------- d-----w- c:\program files (x86)\VideoLAN

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-02-14 16:00 . 2012-01-18 03:48 197112 ----a-w- c:\windows\SysWow64\nvwgf2um.dll

2012-02-14 16:00 . 2012-01-18 03:48 197112 ----a-w- c:\windows\SysWow64\nvd3dum.dll

2012-02-14 16:00 . 2009-07-13 21:59 345080 ----a-w- c:\windows\system32\nvwgf2umx.dll

2012-02-07 17:04 . 2012-01-18 03:56 175736 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS

2012-01-29 13:10 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe

2012-01-26 14:53 . 2012-01-18 03:48 7712576 ----a-w- c:\windows\SysWow64\nvwgf2um_evolve.dll

2012-01-26 14:53 . 2012-01-18 03:48 2660160 ----a-w- c:\windows\system32\nvapi64.dll

2012-01-26 14:53 . 2012-01-18 03:48 2300736 ----a-w- c:\windows\SysWow64\nvapi.dll

2012-01-26 14:53 . 2012-01-18 03:48 1737536 ----a-w- c:\windows\system32\nvdispco64.dll

2012-01-26 14:53 . 2012-01-18 03:48 15007552 ----a-w- c:\windows\SysWow64\nvd3dum_evolve.dll

2012-01-26 14:53 . 2012-01-18 03:48 1466176 ----a-w- c:\windows\system32\nvgenco64.dll

2012-01-26 14:53 . 2009-07-13 21:59 9716544 ----a-w- c:\windows\system32\nvwgf2umx_evolve.dll

2012-01-26 11:48 . 2012-01-18 03:50 6063936 ----a-w- c:\windows\system32\nvcpl.dll

2012-01-26 11:40 . 2012-01-18 03:50 3089728 ----a-w- c:\windows\system32\nvsvc64.dll

2012-01-26 11:37 . 2012-01-18 03:50 2561856 ----a-w- c:\windows\system32\nvsvcr.dll

2012-01-26 11:37 . 2012-01-18 03:50 889664 ----a-w- c:\windows\system32\nvvsvc.exe

2012-01-26 11:37 . 2012-01-18 03:50 63296 ----a-w- c:\windows\system32\nvshext.dll

2012-01-26 11:37 . 2012-01-18 03:50 118080 ----a-w- c:\windows\system32\nvmctray.dll

2012-01-18 04:27 . 2012-01-18 03:46 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-01-18 04:01 . 2011-03-29 02:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2012-01-18 02:55 . 2012-01-18 02:55 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2012-01-18 02:55 . 2012-01-18 02:55 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2012-01-18 02:55 . 2012-01-18 02:55 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll

2012-01-18 02:55 . 2012-01-18 02:55 85504 ----a-w- c:\windows\system32\iesetup.dll

2012-01-18 02:55 . 2012-01-18 02:55 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe

2012-01-18 02:55 . 2012-01-18 02:55 76800 ----a-w- c:\windows\system32\tdc.ocx

2012-01-18 02:55 . 2012-01-18 02:55 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe

2012-01-18 02:55 . 2012-01-18 02:55 74752 ----a-w- c:\windows\SysWow64\iesetup.dll

2012-01-18 02:55 . 2012-01-18 02:55 63488 ----a-w- c:\windows\SysWow64\tdc.ocx

2012-01-18 02:55 . 2012-01-18 02:55 603648 ----a-w- c:\windows\system32\vbscript.dll

2012-01-18 02:55 . 2012-01-18 02:55 49664 ----a-w- c:\windows\system32\imgutil.dll

2012-01-18 02:55 . 2012-01-18 02:55 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll

2012-01-18 02:55 . 2012-01-18 02:55 48640 ----a-w- c:\windows\system32\mshtmler.dll

2012-01-18 02:55 . 2012-01-18 02:55 448512 ----a-w- c:\windows\system32\html.iec

2012-01-18 02:55 . 2012-01-18 02:55 420864 ----a-w- c:\windows\SysWow64\vbscript.dll

2012-01-18 02:55 . 2012-01-18 02:55 367104 ----a-w- c:\windows\SysWow64\html.iec

2012-01-18 02:55 . 2012-01-18 02:55 35840 ----a-w- c:\windows\SysWow64\imgutil.dll

2012-01-18 02:55 . 2012-01-18 02:55 30720 ----a-w- c:\windows\system32\licmgr10.dll

2012-01-18 02:55 . 2012-01-18 02:55 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll

2012-01-18 02:55 . 2012-01-18 02:55 222208 ----a-w- c:\windows\system32\msls31.dll

2012-01-18 02:55 . 2012-01-18 02:55 173056 ----a-w- c:\windows\system32\ieUnatt.exe

2012-01-18 02:55 . 2012-01-18 02:55 165888 ----a-w- c:\windows\system32\iexpress.exe

2012-01-18 02:55 . 2012-01-18 02:55 161792 ----a-w- c:\windows\SysWow64\msls31.dll

2012-01-18 02:55 . 2012-01-18 02:55 160256 ----a-w- c:\windows\system32\wextract.exe

2012-01-18 02:55 . 2012-01-18 02:55 152064 ----a-w- c:\windows\SysWow64\wextract.exe

2012-01-18 02:55 . 2012-01-18 02:55 150528 ----a-w- c:\windows\SysWow64\iexpress.exe

2012-01-18 02:55 . 2012-01-18 02:55 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2012-01-18 02:55 . 2012-01-18 02:55 135168 ----a-w- c:\windows\system32\IEAdvpack.dll

2012-01-18 02:55 . 2012-01-18 02:55 12288 ----a-w- c:\windows\system32\mshta.exe

2012-01-18 02:55 . 2012-01-18 02:55 11776 ----a-w- c:\windows\SysWow64\mshta.exe

2012-01-18 02:55 . 2012-01-18 02:55 114176 ----a-w- c:\windows\system32\admparse.dll

2012-01-18 02:55 . 2012-01-18 02:55 111616 ----a-w- c:\windows\system32\iesysprep.dll

2012-01-18 02:55 . 2012-01-18 02:55 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll

2012-01-18 02:55 . 2012-01-18 02:55 101888 ----a-w- c:\windows\SysWow64\admparse.dll

2011-12-22 23:54 . 2011-12-22 23:54 13464 ----a-w- c:\windows\system32\drivers\PSVolAcc.sys

2011-12-22 23:54 . 2011-12-22 23:54 43672 ----a-w- c:\windows\system32\drivers\psmounter.sys

2011-12-10 23:24 . 2012-01-19 23:47 23152 ----a-w- c:\windows\system32\drivers\mbam.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152]

"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]

"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"mixer1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-01-26 2345792]

R3 Desura Install Service;Desura Install Service;c:\program files (x86)\Common Files\Desura\desura_service.exe [2012-01-26 131912]

R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R4 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]

S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAVx64\1305000.091\SYMDS64.SYS [x]

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAVx64\1305000.091\SYMEFA64.SYS [x]

S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.1.3\Definitions\BASHDefs\20120215.001\BHDrvx64.sys [2011-12-24 1157240]

S1 ccSet_NAV;Norton AntiVirus Settings Manager;c:\windows\system32\drivers\NAVx64\1305000.091\ccSetx64.sys [x]

S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.1.3\Definitions\IPSDefs\20120217.003\IDSvia64.sys [2011-12-15 488568]

S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAVx64\1305000.091\Ironx64.SYS [x]

S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NAVx64\1305000.091\SYMNETS.SYS [x]

S2 EvoSvc;Evolve Service;c:\games\Evolve Messenger\EvoSvc.exe [2012-02-18 1458680]

S2 NAV;Norton AntiVirus;c:\program files (x86)\Norton AntiVirus\Engine\19.5.0.145\ccSvcHst.exe [2011-11-30 138248]

S2 ReflectService.exe;Macrium Reflect Image Mounting Service;c:\program files\Macrium\Reflect\ReflectService.exe [2011-12-22 301720]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-01-26 382272]

S3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [x]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-02-04 138360]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [x]

S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

Contents of the 'Scheduled Tasks' folder

.

2012-02-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1428527232-2901902058-1397954174-1000Core.job

- c:\users\Cody\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-17 23:55]

.

2012-02-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1428527232-2901902058-1397954174-1000UA.job

- c:\users\Cody\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-17 23:55]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-11-04 8317472]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\users\Cody\AppData\Roaming\Mozilla\Firefox\Profiles\vw0h28xv.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NAV]

"ImagePath"="\"c:\program files (x86)\Norton AntiVirus\Engine\19.5.0.145\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files (x86)\Norton AntiVirus\Engine\19.5.0.145\diMaster.dll\" /prefetch:1"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-1428527232-2901902058-1397954174-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.Email.1"

.

[HKEY_USERS\S-1-5-21-1428527232-2901902058-1397954174-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.VCard.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Environment*]

"v5Licence0"="15-VV6X-78DY-6ZJM-XQBP-TEAF-WDF7GJ1"

"Activated"="Y"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-02-19 16:51:06 - machine was rebooted

ComboFix-quarantined-files.txt 2012-02-20 00:51

.

Pre-Run: 1,336,372,617,216 bytes free

Post-Run: 1,335,907,090,432 bytes free

.

- - End Of File - - DB95591732B5F13E8DAEE3709BE1E471

Also, has an update. I noticed a lot of replies saying torrent programs are bad, which I only used it to download a modification for Medieval 2 Total War. However, I have since uninstalled it (with add/remove programs) and used CCleaner to clean out the extra registry files it left behind.

Link to post
Share on other sites
LDTate

LDTate

Posted
Posted

post-32477-1261866970.gif

Logs will be closed if you haven't replied within 3 days

Please don't attach the scans / logs for these tools, use "copy/paste".

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Please run a new MBAM scan being sure to update before scanning.

Post the scan results

Also please describe how your computer behaves at the moment.

Please don't attach the scans / logs, use "copy/paste".

Link to post
Share on other sites
LDTate

LDTate

Posted
Posted

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.