Blue Screen after MalwareBytes - Infected with Live Security

[f12ank622]

My PC was infected with Live Security Malware so I downloaded MalwareBytes and scan, then removed all infected items. Rebooted and always get Blue Screen now.

Error on Blue Screen is:

IRQL_NOT_LESS_OR EQUAL

Technical information:

*** STOP: 0x00000000A (0x0000000000000000, 0x0000000000000002, 0x0000000000000001, 0xfffff800308f6ca)

My DSS log is attached below.

Thanks in advance for your help!

.

DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31

Run by FWu at 15:01:33 on 2012-08-01

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.6135.5037 [GMT -7:00]

.

AV: ESET Smart Security 4.0 *Enabled/Outdated* {CB0F8167-5331-BA19-698E-64816B6801A5}

SP: ESET Smart Security 4.0 *Enabled/Outdated* {706E6083-750B-B597-533E-5FF310EF4B18}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: ESET Personal firewall *Disabled* {F3340042-195E-BB41-42D1-CDB495BB46DE}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\Explorer.EXE

C:\Windows\system32\ctfmon.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Users\fwu\Desktop\mbam-setup-1.62.0.1300.exe

C:\Users\fwu\AppData\Local\Temp\is-H0O3M.tmp\mbam-setup-1.62.0.1300.tmp

\\.\globalroot\systemroot\Installer\{8baed504-271e-bf8b-046f-07197357cecd}\U

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://companyweb

uDefault_Page_URL = hxxp://companyweb

uInternet Settings,ProxyOverride = <local>;*.local

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_265_Plugin.exe -update plugin

uRunOnce: [7531CC8B0000E6FAEA694C6BF875EF60] C:\ProgramData\7531CC8B0000E6FAEA694C6BF875EF60\7531CC8B0000E6FAEA694C6BF875EF60.exe

mRun: [<NO NAME>]

mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript

mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

uPolicies-explorer: HideSCAHealth = 1 (0x1)

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

mPolicies-system: RunStartupScriptSync = 1 (0x1)

mPolicies-system: EnableLinkedConnections = 1 (0x1)

IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200

IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office10\EXCEL.EXE/3000

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

Trusted Zone: homeserver.com\wuresidence

Trusted Zone: intuit.com\community

Trusted Zone: intuit.com\ttlc

DPF: {298BFFEE-662D-11D5-ADAF-00E0810232D7} - hxxps://simulcast.manheim.com/simulcast/lib/LiveSound.dll

DPF: {62FC5539-7373-420B-AA75-89DE9ECF6CAB} - hxxp://192.168.10.32/DvrOcx.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {E865C40C-7EBF-408B-8FC5-05172921AA53} - hxxps://wuresidence.homeserver.com/remote/Microsoft.HomeServer.RichUpload.cab

DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100

TCP: DhcpNameServer = 192.168.10.5

TCP: Interfaces\{8124478B-1895-4F29-823C-048F80ABA56E} : DhcpNameServer = 192.168.10.5

Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 9.0\HelpAsyncPluggableProtocol.dll

Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 10.0\HelpAsyncPluggableProtocol.dll

Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 12.0\HelpAsyncPluggableProtocol.dll

Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\System32\mscoree.dll

AppInit_DLLs: acaptuser32.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO-X64: SmartSelect - No File

TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

mRun-x64: [(Default)]

mRunOnce-x64: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript

mRunOnce-x64: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

AppInit_DLLs-X64: acaptuser32.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\fwu\AppData\Roaming\Mozilla\Firefox\Profiles\8d79di5t.default\

FF - prefs.js: browser.startup.homepage -

FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\fwu\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll

.

============= SERVICES / DRIVERS ===============

.

R0 NBVol;Nero Backup Volume Filter Driver;C:\Windows\system32\DRIVERS\NBVol.sys --> C:\Windows\system32\DRIVERS\NBVol.sys [?]

R0 NBVolUp;Nero Backup Volume Upper Filter Driver;C:\Windows\system32\DRIVERS\NBVolUp.sys --> C:\Windows\system32\DRIVERS\NBVolUp.sys [?]

R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]

R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]

R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S1 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]

S2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2009-10-6 92160]

S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]

S2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2009-9-11 735960]

S2 epfwwfp;epfwwfp;C:\Windows\system32\DRIVERS\epfwwfp.sys --> C:\Windows\system32\DRIVERS\epfwwfp.sys [?]

S2 FedExAdminService;FedEx Administration Service;C:\Program Files (x86)\FedEx\ShipManager\BIN\AdminService.exe [2009-10-5 28672]

S2 FedExLoggingService;FedEx Logging Service;C:\Program Files (x86)\FedEx\ShipManager\BIN\FedEx.Gsm.Common.LoggingService.exe [2009-10-5 16384]

S2 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;"C:\Program Files (x86)\Fishbowl\database\bin\fb_inet_server.exe" -s DefaultInstance --> C:\Program Files (x86)\Fishbowl\database\bin\fb_inet_server.exe [?]

S2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2010-1-27 15928]

S2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\C:\Windows\system32\drivers\LMIRfsDriver.sys --> C:\Windows\system32\drivers\LMIRfsDriver.sys [?]

S2 MSSQL$ACCTIVATE;SQL Server (ACCTIVATE);C:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]

S2 MSSQL$NOWCOMSQLEXPRESS;SQL Server (NOWCOMSQLEXPRESS);C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]

S2 NowUpdate Engine;Nowcom Application Updater Service;"C:\Program Files (x86)\Nowcom Corporation\NowUpdate 3.0\NowUpdate.Service.exe" --> C:\Program Files (x86)\Nowcom Corporation\NowUpdate 3.0\NowUpdate.Service.exe [?]

S2 QBVSS;QBIDPService;C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [2011-12-6 1248256]

S2 SSPORT;SSPORT;\??\C:\Windows\system32\Drivers\SSPORT.sys --> C:\Windows\system32\Drivers\SSPORT.sys [?]

S3 FedExShipnetDBService;FedEx Shipnet Database Service;C:\Program Files (x86)\FedEx\ShipManager\ASA\Win32\dbsrv9.exe [2008-4-23 83248]

S3 FedExShipService;FedEx Shipping Engine;C:\Program Files (x86)\FedEx\ShipManager\BIN\ShipEngineService.exe [2009-10-5 16384]

S3 FedExSmartPostService;FedEx SmartPost Shipping Engine;C:\Program Files (x86)\FedEx\ShipManager\BIN\SmartPostShipService.exe [2009-10-5 16384]

S3 FedExTransactionService;FedEx Transaction Engine;C:\Program Files (x86)\FedEx\ShipManager\BIN\TransEngineService.exe [2009-10-5 16384]

S3 ivusb;Initio Driver for USB Default Controller;C:\Windows\system32\DRIVERS\ivusb.sys --> C:\Windows\system32\DRIVERS\ivusb.sys [?]

S3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]

S3 mfebopk;McAfee Inc. mfebopk;C:\Windows\system32\drivers\mfebopk.sys --> C:\Windows\system32\drivers\mfebopk.sys [?]

S3 mferkdk;McAfee Inc. mferkdk;C:\Windows\system32\drivers\mferkdk.sys --> C:\Windows\system32\drivers\mferkdk.sys [?]

S3 mfesmfk;McAfee Inc. mfesmfk;C:\Windows\system32\drivers\mfesmfk.sys --> C:\Windows\system32\drivers\mfesmfk.sys [?]

S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-30 113120]

S3 QuickBooksDB22;QuickBooksDB22;C:\PROGRA~2\Intuit\QUICKB~3.0\QBDBMgrN.exe -hvQuickBooksDB22 --> C:\PROGRA~2\Intuit\QUICKB~3.0\QBDBMgrN.exe -hvQuickBooksDB22 [?]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S4 QuickBooksDB20;QuickBooksDB20;C:\PROGRA~2\Intuit\QUICKB~2.0\QBDBMgrN.exe -hvQuickBooksDB20 --> C:\PROGRA~2\Intuit\QUICKB~2.0\QBDBMgrN.exe -hvQuickBooksDB20 [?]

.

=============== Created Last 30 ================

.

2012-08-01 21:58:54 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-08-01 21:58:54 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-07-31 00:18:58 -------- d-----w- C:\Users\fwu\AppData\Roaming\Malwarebytes

2012-07-31 00:18:52 -------- d-----w- C:\ProgramData\Malwarebytes

2012-07-31 00:00:57 -------- d-sh--w- C:\Windows\System32\%APPDATA%

2012-07-30 23:55:30 -------- d-----w- C:\ProgramData\7531CC8B0000E6FAEA694C6BF875EF60

2012-07-27 07:27:17 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{FA462F21-F1FD-4AAC-BC40-27E42452F11D}\mpengine.dll

2012-07-11 23:39:41 -------- d-----w- C:\Users\fwu\AppData\Local\Nero_AG

2012-07-11 10:04:42 3148800 ----a-w- C:\Windows\System32\win32k.sys

2012-07-11 10:04:02 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll

2012-07-11 10:04:02 2048 ----a-w- C:\Windows\System32\msxml3r.dll

2012-07-11 10:04:01 2004480 ----a-w- C:\Windows\System32\msxml6.dll

2012-07-11 10:04:01 1881600 ----a-w- C:\Windows\System32\msxml3.dll

2012-07-11 10:04:01 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll

2012-07-11 10:04:01 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll

2012-07-11 10:03:08 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll

2012-07-11 10:03:08 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys

2012-07-11 10:03:08 458704 ----a-w- C:\Windows\System32\drivers\cng.sys

2012-07-11 10:03:08 340992 ----a-w- C:\Windows\System32\schannel.dll

2012-07-11 10:03:08 307200 ----a-w- C:\Windows\System32\ncrypt.dll

2012-07-11 10:03:08 225280 ----a-w- C:\Windows\SysWow64\schannel.dll

2012-07-11 10:03:08 22016 ----a-w- C:\Windows\SysWow64\secur32.dll

2012-07-11 10:03:08 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll

2012-07-11 10:03:08 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys

2012-07-11 10:02:22 184320 ----a-w- C:\Windows\System32\cryptsvc.dll

2012-07-11 10:02:22 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll

2012-07-11 10:02:22 140288 ----a-w- C:\Windows\System32\cryptnet.dll

2012-07-11 10:02:22 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll

2012-07-11 10:02:21 1462272 ----a-w- C:\Windows\System32\crypt32.dll

2012-07-11 10:02:21 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll

2012-07-06 10:00:27 294912 ----a-w- C:\Windows\System32\browserchoice.exe

.

==================== Find3M ====================

.

2012-07-11 21:22:29 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-07-11 21:22:29 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll

2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll

2012-06-02 22:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll

2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll

2012-06-02 22:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe

2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll

2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll

2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-05-31 19:25:12 279656 ------w- C:\Windows\System32\MpSigStub.exe

2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

.

============= FINISH: 15:07:11.35 ===============

[screen317]

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

• When the tool is finished, it will produce a report for you.
  
• Please post the contents of C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

[f12ank622]

Here it is. Thank you for your help.

Malwarebytes Anti-Malware (PRO) 1.62.0.1300

www.malwarebytes.org

Database version: v2012.08.02.09

Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)

Internet Explorer 9.0.8112.16421

FWu :: OFFICE-FWU [administrator]

Protection: Disabled

8/2/2012 2:39:39 PM

mbam-log-2012-08-02 (14-40-57).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 298667

Time elapsed: 48 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 1

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce|7531CC8B0000E6FAEA694C6BF875EF60 (Trojan.FakeAV) -> Data: C:\ProgramData\7531CC8B0000E6FAEA694C6BF875EF60\7531CC8B0000E6FAEA694C6BF875EF60.exe -> No action taken.

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\ProgramData\7531CC8B0000E6FAEA694C6BF875EF60\7531CC8B0000E6FAEA694C6BF875EF60.exe (Trojan.FakeAV) -> No action taken.

(end)

[f12ank622]

I ran ComboFix and it didn't produce a log file for me but instead the PC shut down and then reboot itself. Now I can log in and Windows starts up fine (no longer need to F8/Safe Mode) but a bit slower than before.

[f12ank622]

Log from scanning in "normal" mode of Windows 7.

Malwarebytes Anti-Malware (PRO) 1.62.0.1300

www.malwarebytes.org

Database version: v2012.08.02.09

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

FWu :: OFFICE-FWU [administrator]

Protection: Enabled

8/2/2012 2:56:40 PM

mbam-log-2012-08-02 (15-01-46).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 298205

Time elapsed: 4 minute(s), 2 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\ProgramData\7531CC8B0000E6FAEA694C6BF875EF60\7531CC8B0000E6FAEA694C6BF875EF60.exe (Trojan.FakeAV) -> No action taken.

(end)

[screen317]

Hi,

Can you see if any of these files exist:

C:\ComboFix.txt

C:\log.txt

C:\qoobox\ComboFix.txt

C:\qoobox\log.txt

If so, post them.

[screen317]

Are you still with us? This topic will be closed in a few days if we do not hear back from you.

[f12ank622]

Those files don't exisit. Should I run ComboFix again?

[screen317]

Hi,

Delete your copy of ComboFix. Grab a fresh copy and save it to your Desktop, but do not run it yet. Before you download it, rename it to sega.com (ensure that the Save As type is "All Files").

Please reboot to Safe Mode (tap the F8 key just before Windows starts to load and select the Safe Mode option from the menu).

Click Start --> Run, and enter this command exactly as shown:

"%userprofile%\desktop\sega.com" /killall

See if it will run successfully now. Stop it after half an hour of no activity.

[screen317]

Are you still with us? This topic will be closed in a few days if we do not hear back from you.

[Maurice Naggar]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!