MrF3rrari Posted November 10, 2012 ID:611610 Share Posted November 10, 2012 "";"Found Luhe.Sirefef.A, c:\Windows\Installer\{9ae93be4-e136-43f7-255a-d8bb95c97099}\U\80000000.@";"Infected""";"Trojan horse Agent3.CJQI, c:\Windows\Installer\{9ae93be4-e136-43f7-255a-d8bb95c97099}\U\80000064.@";"Infected""";"Trojan horse Agent3.CJQI, c:\Windows\Installer\{9ae93be4-e136-43f7-255a-d8bb95c97099}\U\80000064.@";"Infected""";"Trojan horse Patched_c.MIS, c:\Windows\System32\services.exe";"Cannot be cleanedRemove manually"Trojans will reappear when i remove with AVGAVG rescue CD is no help Link to post Share on other sites More sharing options...
MrCharlie Posted November 10, 2012 ID:611630 Share Posted November 10, 2012 Welcome to the forum, please start at the link below:http://forums.malwar...?showtopic=9573Post back the 2 logs here.....DDS.txt and Attach.txt<====><====><====><====><====><====><====><====>Next.......Please remove any usb or external drives from the computer before you run this scan!Quit all running programs.Please download and run RogueKiller to your desktop.For Windows XP, double-click to start.For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.Click Scan to scan the system.When the scan completes > Close out the program > Don't Fix anything!Don't run any other options, they're not all bad!!!!!!!Post back the report which should be located on your desktop.MrC------->Your topic will be closed if you haven't replied within 3 days!<-------- Link to post Share on other sites More sharing options...
MrF3rrari Posted November 10, 2012 Author ID:611719 Share Posted November 10, 2012 Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits versionStarted in : Normal modeUser : Owner [Admin rights]Mode : Scan -- Date : 11/10/2012 12:40:05¤¤¤ Bad processes : 0 ¤¤¤¤¤¤ Registry Entries : 4 ¤¤¤[HJ SMENU] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\Users\Owner\AppData\Local\{9ae93be4-e136-43f7-255a-d8bb95c97099}\n.) -> FOUND¤¤¤ Particular Files / Folders: ¤¤¤[ZeroAccess][FILE] @ : C:\Windows\Installer\{9ae93be4-e136-43f7-255a-d8bb95c97099}\@ --> FOUND[ZeroAccess][FOLDER] U : C:\Windows\Installer\{9ae93be4-e136-43f7-255a-d8bb95c97099}\U --> FOUND[ZeroAccess][FOLDER] L : C:\Windows\Installer\{9ae93be4-e136-43f7-255a-d8bb95c97099}\L --> FOUND[ZeroAccess][FILE] @ : C:\Users\Owner\AppData\Local\{9ae93be4-e136-43f7-255a-d8bb95c97099}\@ --> FOUND[ZeroAccess][FOLDER] U : C:\Users\Owner\AppData\Local\{9ae93be4-e136-43f7-255a-d8bb95c97099}\U --> FOUND[ZeroAccess][FOLDER] L : C:\Users\Owner\AppData\Local\{9ae93be4-e136-43f7-255a-d8bb95c97099}\L --> FOUND[ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_32\Desktop.ini --> FOUND[ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_64\Desktop.ini --> FOUND[susp.ASLR][FILE] services.exe : C:\Windows\system32\services.exe --> FOUND¤¤¤ Driver : [NOT LOADED] ¤¤¤¤¤¤ Infection : Rans.Gendarm ¤¤¤¤¤¤ HOSTS File: ¤¤¤--> C:\Windows\system32\drivers\etc\hosts¤¤¤ MBR Check: ¤¤¤+++++ PhysicalDrive0: ST95005620AS +++++--- User ---[MBR] f2bb638caf84a5a831afff156fe50eb0[bSP] 4bd723b63117cdb15f46b7ece45e83d8 : Windows 7/8 MBR CodePartition table:0 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 64 | Size: 22000 Mo1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 45056064 | Size: 122569 Mo2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 296078203 | Size: 332370 MoUser = LL1 ... OK!User = LL2 ... OK!Finished : << RKreport[1]_S_11102012_02d1240.txt >>RKreport[1]_S_11102012_02d1240.txt Link to post Share on other sites More sharing options...
MrF3rrari Posted November 11, 2012 Author ID:611813 Share Posted November 11, 2012 Were you able to read my last MrC? Link to post Share on other sites More sharing options...
MrCharlie Posted November 11, 2012 ID:611816 Share Posted November 11, 2012 Yes, I was waiting for you to post the 2 logs from DDS.I don't see them. MrC Link to post Share on other sites More sharing options...
MrF3rrari Posted November 11, 2012 Author ID:611864 Share Posted November 11, 2012 I don't know what I posted earlier but I just copied and pasted the 1 log from the RK scan that was located on my desktop. Please advise. Link to post Share on other sites More sharing options...
MrCharlie Posted November 11, 2012 ID:611914 Share Posted November 11, 2012 You didn't run DDS and post the 2 logs!~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Please read the following information first.You're infected with Rootkit.ZeroAccess, a BackDoor Trojan.BACKDOOR WARNING------------------------------One or more of the identified infections is known to use a backdoor.This allows hackers to remotely control your computer, steal critical system information and download and execute files.I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.Though the infection has been identified and because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?http://www.dslreports.com/faq/10451When Should I Format, How Should I Reinstallhttp://www.dslreports.com/faq/10063I will try my best to clean this machine but I can't guarantee that it will be 100% secure afterwards.Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.-----------------------------------------Please create a new system restore point before running Malwarebytes Anti-Malware.Download Malwarebytes Anti-Rootkit from HEREUnzip the contents to a folder in a convenient location.Open the folder where the contents were unzipped and run mbar.exeFollow the instructions in the wizard to update and allow the program to scan your computer for threats.Click on the Cleanup button to remove any threats and reboot if prompted to do so.Wait while the system shuts down and the cleanup process is performed.Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.When done, please post the two logs produced, they will be in the MBAR folder..... mbar-log.txt and system-log.txtMrC Link to post Share on other sites More sharing options...
MrF3rrari Posted November 11, 2012 Author ID:612138 Share Posted November 11, 2012 DDS (Ver_2012-11-07.01) - NTFS_AMD64Internet Explorer: 9.0.8112.16447 BrowserJavaVersion: 10.9.2Run by Owner at 14:12:22 on 2012-11-11Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2924.1810 [GMT -8:00].AV: Trend Micro Titanium *Disabled/Outdated* {68F968AC-2AA0-091D-848C-803E83E35902}SP: Trend Micro Titanium *Disabled/Outdated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.============== Running Processes ===============.C:\PROGRA~2\AVG\AVG2013\avgrsa.exeC:\Program Files (x86)\AVG\AVG2013\avgcsrva.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\system32\FBAgent.exeC:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exeC:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exeC:\Windows\System32\spoolsv.exeC:\Windows\system32\taskhost.exeC:\Program Files\Trend Micro\AMSP\coreServiceShell.exeC:\Windows\system32\Dwm.exeC:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exeC:\Program Files (x86)\AVG\AVG2013\avgfws.exeC:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exeC:\Windows\Explorer.EXEC:\Program Files (x86)\AVG\AVG2013\avgidsagent.exeC:\Program Files\Trend Micro\AMSP\AMSP_LogServer.exeC:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exeC:\Windows\System32\svchost.exe -k LocalServiceNoNetworkC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exeC:\Windows\system32\taskeng.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exeC:\Program Files (x86)\ASUS\Splendid\ACMON.exeC:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exeC:\Program Files\P4G\BatteryLife.exeC:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exeC:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exeC:\Program Files\Elantech\ETDCtrl.exeC:\Program Files (x86)\ASUS\ASUS CopyProtect\aspg.exeC:\Windows\system32\svchost.exe -k imgsvcC:\Windows\System32\igfxtray.exeC:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exeC:\Windows\System32\hkcmd.exeC:\Windows\SysWOW64\ACEngSvr.exeC:\Windows\System32\igfxpers.exeC:\ProgramData\FLEXnet\Connect\11\ISUSPM.exeC:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exeC:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exeC:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exeC:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exeC:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exeC:\Program Files (x86)\Ask.com\Updater\Updater.exeC:\Program Files (x86)\BearShare Applications\MediaBar\Datamngr\datamngrUI.exeC:\Program Files (x86)\AVG\AVG2013\avgui.exeC:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeC:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Program Files (x86)\AVG\AVG2013\avgnsa.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\Program Files (x86)\AVG\AVG2013\avgemca.exeC:\Program Files (x86)\AVG\AVG2013\avgcsrva.exeC:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exeC:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exeC:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXEC:\Windows\system32\SearchIndexer.exeC:\Windows\system32\SearchProtocolHost.exeC:\Program Files\Elantech\ETDCtrlHelper.exeC:\Windows\System32\svchost.exe -k LocalServicePeerNetC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exeC:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exeC:\Windows\AsScrPro.exeC:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exeC:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exeC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exeC:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exeC:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exeC:\Program Files (x86)\Internet Explorer\IELowutil.exeC:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exeC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Windows\system32\NOTEPAD.EXEC:\Windows\system32\SearchFilterHost.exeC:\Windows\System32\svchost.exe -k WerSvcGroupC:\Windows\System32\cscript.exe.============== Pseudo HJT Report ===============.uStart Page = hxxp://www.google.com/uDefault_Page_URL = hxxp://asus.msn.commStart Page = hxxp://asus.msn.comuURLSearchHooks: UrlSearchHook Class: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dllmWinlogon: Userinit = userinit.exe,BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1464\6.6.1079\TmIEPlg32.dllBHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dllBHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dllBHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dllBHO: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllBHO: DataMngr: {B939CF93-F2CB-443d-956C-DC523D85C9DB} - C:\Program Files (x86)\BearShare Applications\MediaBar\Datamngr\BrowserConnection.dllBHO: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe32.dllBHO: Wincore Mediabar: {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\Program Files (x86)\BearShare Applications\MediaBar\Datamngr\ToolBar\wincorebsdtx.dllBHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dllBHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dllBHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dllTB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dllTB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dllTB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dllTB: Wincore Mediabar: {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\Program Files (x86)\BearShare Applications\MediaBar\Datamngr\ToolBar\wincorebsdtx.dllTB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dlluRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"uRun: [Google Update] "C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe" /cuRun: [iSUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -schedulermRun: [updateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"mRun: [updateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exemRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exemRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exemRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exemRun: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"mRun: [DATAMNGR] C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\DATAMN~1.EXEmRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLYmRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SRSPRE~1.LNK - C:\Windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exeuPolicies-Explorer: NoDriveAutoRun = dword:16mPolicies-Explorer: NoActiveDesktop = dword:1mPolicies-Explorer: NoActiveDesktopChanges = dword:1mPolicies-System: ConsentPromptBehaviorAdmin = dword:5mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableUIADesktopToggle = dword:0IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dllIE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllIE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllLSP: mswsock.dllDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cabTCP: NameServer = 192.168.1.1TCP: Interfaces\{583A603C-08CA-4EF2-B5AA-8F35A165C053} : DHCPNameServer = 192.168.1.1TCP: Interfaces\{583A603C-08CA-4EF2-B5AA-8F35A165C053}\378656C6C697 : DHCPNameServer = 192.168.10.1Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllHandler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dllHandler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe32.dllHandler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1464\6.6.1079\TmIEPlg32.dllHandler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllSSODL: WebCheck - <orphaned>x64-mStart Page = hxxp://asus.msn.comx64-BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1464\6.6.1079\TmIEPlg.dllx64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllx64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dllx64-BHO: DataMngr: {B939CF93-F2CB-443d-956C-DC523D85C9DB} - C:\Program Files (x86)\BearShare Applications\MediaBar\Datamngr\x64\BrowserConnection.dllx64-BHO: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe64.dllx64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dllx64-Run: [ETDWare] C:\Program Files (x86)\Elantech\ETDCtrl.exex64-Run: [smartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /tx64-Run: [setwallpaper] c:\programdata\SetWallpaper.cmdx64-Run: [igfxTray] C:\Windows\System32\igfxtray.exex64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exex64-Run: [Persistence] C:\Windows\System32\igfxpers.exex64-Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe -set Silent "1" SplashURL ""x64-Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe"x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>x64-Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe64.dllx64-Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1464\6.6.1079\TmIEPlg.dllx64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>x64-Notify: igfxcui - igfxdev.dllx64-SSODL: WebCheck - <orphaned>.============= SERVICES / DRIVERS ===============.R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-10-15 63328]R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2012-9-21 225120]R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2012-10-5 111456]R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-9-14 40800]R0 lullaby;lullaby;C:\Windows\System32\drivers\lullaby.sys [2010-12-16 15928]R1 Avgfwfd;AVG network filter service;C:\Windows\System32\drivers\avgfwd6a.sys [2012-9-4 50296]R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2012-10-22 154464]R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-10-2 185696]R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-9-21 200032]R2 AFBAgent;AFBAgent;C:\Windows\System32\FBAgent.exe [2010-12-16 379520]R2 Amsp;Trend Micro Solution Platform;C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe [2011-2-23 256336]R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]R2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG2013\avgfws.exe [2012-11-2 1340976]R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-6 5814392]R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-11-8 399432]R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-11-8 676936]R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]R2 tmevtmgr;tmevtmgr;C:\Windows\System32\drivers\tmevtmgr.sys [2011-2-23 67664]R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-16 2314240]R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE [2012-2-10 240408]R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2010-6-9 130048]R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-12-16 56344]R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-2-26 158976]R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-2-2 271872]R3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2009-8-18 143472]R3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);C:\Windows\System32\drivers\JME.sys [2010-2-24 115312]R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-11-8 25928]R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE [2012-2-10 193816]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S3 CATmobile;T-Mobile Con App Svc;C:\Program Files (x86)\T-Mobile\webConnect Manager\conappssvc.exe [2009-8-13 124184]S3 ewusbnet;HUAWEI USB-NDIS miniport;C:\Windows\System32\drivers\ewusbnet.sys [2009-7-24 132608]S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2010-12-16 48488]S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]S3 hwusbdev;Huawei DataCard USB PNP Device;C:\Windows\System32\drivers\ewusbdev.sys [2009-7-24 113792]S3 PCTINDIS5X64;PCTINDIS5X64 NDIS Protocol Driver;C:\Windows\System32\PCTINDIS5X64.sys [2009-8-13 43032]S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\System32\drivers\SiSG664.sys [2009-6-10 56832]S3 TMobileRcAppSvc;T-Mobile RcApp Svc;C:\Program Files (x86)\T-Mobile\webConnect Manager\RcAppSvc.exe [2009-8-13 120088]S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-7-18 59392]S3 UsbGps;LGE CDMA USB GPS NMEA Port;C:\Windows\System32\drivers\lgx64gps.sys [2011-4-13 27136]S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-2-26 1255736]S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184].=============== Created Last 30 ================.2012-11-09 23:56:24 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll2012-11-09 02:29:35 -------- d-----w- C:\Users\Owner\AppData\Roaming\Malwarebytes2012-11-09 02:27:16 -------- d-----w- C:\ProgramData\Malwarebytes2012-11-09 02:27:14 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys2012-11-09 02:27:14 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware2012-11-09 01:04:02 -------- d-----w- C:\Users\Owner\AppData\Roaming\AVG20132012-11-09 01:03:10 -------- d-----w- C:\Users\Owner\AppData\Roaming\TuneUp Software2012-11-09 01:02:38 -------- d--h--w- C:\$AVG2012-11-09 01:02:38 -------- d-----w- C:\ProgramData\AVG20132012-11-09 01:01:44 -------- d-----w- C:\Program Files (x86)\AVG2012-11-09 00:55:34 -------- d--h--w- C:\ProgramData\Common Files2012-11-09 00:55:34 -------- d-----w- C:\Users\Owner\AppData\Local\MFAData2012-11-09 00:55:34 -------- d-----w- C:\Users\Owner\AppData\Local\Avg20132012-11-09 00:55:34 -------- d-----w- C:\ProgramData\MFAData2012-10-29 02:52:16 -------- d-----w- C:\Users\Owner\AppData\Local\Kobo2012-10-29 02:51:34 -------- d-----w- C:\Program Files (x86)\Kobo2012-10-26 16:24:29 -------- d-----w- C:\ProgramData\1D18E2012-10-22 21:02:44 154464 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys2012-10-15 11:48:50 63328 ----a-w- C:\Windows\System32\drivers\avgidsha.sys.==================== Find3M ====================.2012-11-09 23:56:11 821736 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll2012-11-09 23:56:11 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll2012-10-26 16:51:18 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2012-10-26 16:51:18 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe2012-10-05 11:32:50 111456 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys2012-10-02 11:30:38 185696 ----a-w- C:\Windows\System32\drivers\avgldx64.sys2012-09-21 11:46:04 200032 ----a-w- C:\Windows\System32\drivers\avgtdia.sys2012-09-21 11:46:00 225120 ----a-w- C:\Windows\System32\drivers\avgloga.sys2012-09-14 11:05:18 40800 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys2012-09-04 18:39:32 50296 ----a-w- C:\Windows\System32\drivers\avgfwd6a.sys2009-04-08 18:31:56 106496 ----a-w- C:\Program Files (x86)\Common Files\CPInstallAction.dll2008-08-12 05:45:20 155648 ----a-w- C:\Program Files (x86)\Common Files\MSIactionall.dll.============= FINISH: 14:13:27.68 ===============.UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-07.01).Microsoft Windows 7 Home PremiumBoot Device: \Device\HarddiskVolume2Install Date: 2/22/2011 1:24:40 PMSystem Uptime: 11/11/2012 12:44:58 PM (2 hours ago).Motherboard: ASUSTeK Computer Inc. | | K52FProcessor: Intel® Pentium® CPU P6200 @ 2.13GHz | Socket 989 | 917/533mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 120 GiB total, 75.664 GiB free.D: is FIXED (NTFS) - 325 GiB total, 324.432 GiB free.E: is CDROM ().==== Disabled Device Manager Items =============.==== System Restore Points ===================.RP66: 7/15/2012 10:04:40 AM - Windows UpdateRP67: 7/16/2012 1:25:42 AM - Windows UpdateRP68: 11/8/2012 5:01:16 PM - Installed AVG 2013RP69: 11/8/2012 5:01:51 PM - Installed AVG 2013RP70: 11/9/2012 3:55:46 PM - Installed Java 7 Update 9.==== Installed Programs ======================.Adobe Flash Player 10 PluginAdobe Flash Player 11 ActiveXAmazon KindleAsk ToolbarAsk Toolbar UpdaterASUS AI RecoveryASUS CopyProtectASUS Data Security ManagerASUS FancyStartASUS LifeFrame3ASUS Live UpdateASUS MultiFrameASUS Power4Gear HybridASUS SmartLogonASUS Splendid Video Enhancement TechnologyASUS Virtual CameraATK PackageAVG 2013BearShareBest Buy pc appBing BarBing Rewards Client InstallerConexant HD AudioControlDeckCyberLink LabelPrintCyberLink Power2GoD3DX10ETDWare PS/2-x64 7.0.5.12_WHQLFast BootGoogle ChromeGoogle Talk PluginGoogle Toolbar for Internet ExplorerGoogle Update HelperIntel® Control CenterIntel® Graphics Media Accelerator DriverIntel® Management Engine ComponentsJava 7 Update 9Java Auto UpdaterJava 6 Update 32JMicron Ethernet Adapter NDIS DriverJMicron Flash Media Controller DriverJunk Mail filter updateK_Series_ScreenSaver_ENKoboLG USB Modem driverMalwarebytes Anti-Malware version 1.65.1.1000Mesh RuntimeMessenger CompanionMicrosoft .NET Framework 4 Client ProfileMicrosoft Application Error ReportingMicrosoft Office 2010Microsoft Office Click-to-Run 2010Microsoft Office Starter 2010 - EnglishMicrosoft SilverlightMicrosoft SQL Server 2005 Compact Edition [ENU]Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2005 Redistributable (x64)Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219MSVCRTMSVCRT_amd64MSXML 4.0 SP3 Parser (KB2721691)MSXML 4.0 SP3 Parser (KB973685)Nuance PDF ReaderooVooReturn to Mysterious IslandSecurity Update for Microsoft .NET Framework 4 Client Profile (KB2160841)Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)Skype ToolbarsSkype™ 5.1T-Mobile webConnect ManagerTrend Micro TitaniumUpdate for Microsoft .NET Framework 4 Client Profile (KB2468871)Update for Microsoft .NET Framework 4 Client Profile (KB2473228)Update for Microsoft .NET Framework 4 Client Profile (KB2533523)Update for Microsoft .NET Framework 4 Client Profile (KB2600217)USB2.0 UVC VGA WebCamVisual Studio 2010 x64 RedistributablesWincore MediaBarWindows Live Communications PlatformWindows Live EssentialsWindows Live Family SafetyWindows Live ID Sign-in AssistantWindows Live InstallerWindows Live Language SelectorWindows Live MailWindows Live MeshWindows Live Mesh ActiveX Control for Remote ConnectionsWindows Live MessengerWindows Live Messenger Companion CoreWindows Live MIME IFilterWindows Live Movie MakerWindows Live Photo CommonWindows Live Photo GalleryWindows Live PIMT PlatformWindows Live Remote ClientWindows Live Remote Client ResourcesWindows Live Remote ServiceWindows Live Remote Service ResourcesWindows Live SOXEWindows Live SOXE DefinitionsWindows Live UX PlatformWindows Live UX Platform Language PackWindows Live WriterWindows Live Writer ResourcesWinFlashWireless Console 3.==== Event Viewer Messages From Past Week ========.11/9/2012 4:00:47 PM, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.11/9/2012 4:00:28 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.11/9/2012 4:00:19 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.11/9/2012 4:00:18 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.11/9/2012 4:00:16 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.11/8/2012 5:08:54 PM, Error: Service Control Manager [7024] - The AVG Firewall service terminated with service-specific error %%-536805289..==== End Of File =========================== Link to post Share on other sites More sharing options...
MrCharlie Posted November 11, 2012 ID:612153 Share Posted November 11, 2012 OK, please run MBAR as outlined in my earlier post:http://forums.malwarebytes.org/index.php?showtopic=117936&view=findpost&p=611914MrC Link to post Share on other sites More sharing options...
MrF3rrari Posted November 12, 2012 Author ID:612543 Share Posted November 12, 2012 ---------------------------------------Malwarebytes Anti-Rootkit BETA 1.01.0.1009© Malwarebytes Corporation 2011-2012OS version: 6.1.7601 Windows 7 Service Pack 1 x64Account is AdministrativeInternet Explorer version: 9.0.8112.16421Java version: 1.6.0_32File system is: NTFSDisk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, Q:\ DRIVE_FIXEDCPU speed: 2.128000 GHzMemory total: 3066433536, free: 1629487104------------ Kernel report ------------ 11/12/2012 07:16:11------------ Loaded modules -----------\SystemRoot\system32\ntoskrnl.exe\SystemRoot\system32\hal.dll\SystemRoot\system32\kdcom.dll\SystemRoot\system32\mcupdate_GenuineIntel.dll\SystemRoot\system32\PSHED.dll\SystemRoot\system32\CLFS.SYS\SystemRoot\system32\CI.dll\SystemRoot\system32\drivers\Wdf01000.sys\SystemRoot\system32\drivers\WDFLDR.SYS\SystemRoot\system32\drivers\ACPI.sys\SystemRoot\system32\drivers\WMILIB.SYS\SystemRoot\system32\drivers\msisadrv.sys\SystemRoot\system32\drivers\pci.sys\SystemRoot\system32\drivers\vdrvroot.sys\SystemRoot\System32\drivers\partmgr.sys\SystemRoot\system32\DRIVERS\compbatt.sys\SystemRoot\system32\DRIVERS\BATTC.SYS\SystemRoot\system32\drivers\volmgr.sys\SystemRoot\System32\drivers\volmgrx.sys\SystemRoot\system32\drivers\pciide.sys\SystemRoot\system32\drivers\PCIIDEX.SYS\SystemRoot\System32\drivers\mountmgr.sys\SystemRoot\system32\DRIVERS\iaStor.sys\SystemRoot\system32\drivers\atapi.sys\SystemRoot\system32\drivers\ataport.SYS\SystemRoot\system32\drivers\msahci.sys\SystemRoot\system32\drivers\amdxata.sys\SystemRoot\system32\drivers\fltmgr.sys\SystemRoot\system32\drivers\fileinfo.sys\SystemRoot\System32\Drivers\AsDsm.sys\SystemRoot\system32\DRIVERS\lullaby.sys\SystemRoot\System32\Drivers\Ntfs.sys\SystemRoot\System32\Drivers\msrpc.sys\SystemRoot\System32\Drivers\ksecdd.sys\SystemRoot\System32\Drivers\cng.sys\SystemRoot\System32\drivers\pcw.sys\SystemRoot\System32\Drivers\Fs_Rec.sys\SystemRoot\system32\drivers\ndis.sys\SystemRoot\system32\drivers\NETIO.SYS\SystemRoot\System32\Drivers\ksecpkg.sys\SystemRoot\System32\drivers\tcpip.sys\SystemRoot\System32\drivers\fwpkclnt.sys\SystemRoot\system32\drivers\volsnap.sys\SystemRoot\System32\Drivers\spldr.sys\SystemRoot\System32\drivers\rdyboost.sys\SystemRoot\System32\Drivers\mup.sys\SystemRoot\System32\drivers\hwpolicy.sys\SystemRoot\System32\DRIVERS\fvevol.sys\SystemRoot\system32\DRIVERS\disk.sys\SystemRoot\system32\DRIVERS\CLASSPNP.SYS\SystemRoot\system32\DRIVERS\avgrkx64.sys\SystemRoot\system32\DRIVERS\avgloga.sys\SystemRoot\system32\DRIVERS\avgmfx64.sys\SystemRoot\system32\DRIVERS\avgidsha.sys\SystemRoot\system32\drivers\cdrom.sys\SystemRoot\System32\Drivers\Null.SYS\SystemRoot\System32\Drivers\Beep.SYS\SystemRoot\System32\drivers\vga.sys\SystemRoot\System32\drivers\VIDEOPRT.SYS\SystemRoot\System32\drivers\watchdog.sys\SystemRoot\System32\DRIVERS\RDPCDD.sys\SystemRoot\system32\drivers\rdpencdd.sys\SystemRoot\system32\drivers\rdprefmp.sys\SystemRoot\System32\Drivers\Msfs.SYS\SystemRoot\System32\Drivers\Npfs.SYS\SystemRoot\system32\DRIVERS\avgfwd6a.sys\SystemRoot\system32\DRIVERS\tdx.sys\SystemRoot\system32\DRIVERS\TDI.SYS\SystemRoot\system32\DRIVERS\avgtdia.sys\SystemRoot\System32\DRIVERS\netbt.sys\SystemRoot\system32\drivers\afd.sys\SystemRoot\system32\DRIVERS\wfplwf.sys\SystemRoot\system32\DRIVERS\pacer.sys\SystemRoot\system32\DRIVERS\vwififlt.sys\SystemRoot\system32\DRIVERS\netbios.sys\SystemRoot\system32\DRIVERS\wanarp.sys\SystemRoot\system32\DRIVERS\tmtdi.sys\SystemRoot\system32\drivers\termdd.sys\SystemRoot\system32\DRIVERS\rdbss.sys\SystemRoot\system32\drivers\nsiproxy.sys\SystemRoot\system32\drivers\mssmbios.sys\SystemRoot\System32\drivers\discache.sys\SystemRoot\System32\Drivers\dfsc.sys\SystemRoot\system32\DRIVERS\blbdrive.sys\SystemRoot\system32\DRIVERS\avgldx64.sys\SystemRoot\system32\DRIVERS\avgidsdrivera.sys\SystemRoot\system32\DRIVERS\tunnel.sys\SystemRoot\system32\DRIVERS\igdkmd64.sys\SystemRoot\System32\drivers\dxgkrnl.sys\SystemRoot\System32\drivers\dxgmms1.sys\SystemRoot\system32\DRIVERS\HECIx64.sys\SystemRoot\system32\drivers\usbehci.sys\SystemRoot\system32\drivers\USBPORT.SYS\SystemRoot\system32\drivers\HDAudBus.sys\SystemRoot\system32\DRIVERS\athrx.sys\SystemRoot\system32\DRIVERS\vwifibus.sys\SystemRoot\system32\DRIVERS\jmcr.sys\SystemRoot\system32\DRIVERS\SCSIPORT.SYS\SystemRoot\system32\DRIVERS\JME.sys\SystemRoot\system32\DRIVERS\i8042prt.sys\SystemRoot\system32\DRIVERS\ETD.sys\SystemRoot\system32\DRIVERS\mouclass.sys\SystemRoot\system32\DRIVERS\kbfiltr.sys\SystemRoot\system32\drivers\kbdclass.sys\SystemRoot\system32\DRIVERS\Impcd.sys\SystemRoot\system32\DRIVERS\CmBatt.sys\SystemRoot\system32\DRIVERS\intelppm.sys\SystemRoot\system32\DRIVERS\ATK64AMD.sys\SystemRoot\system32\drivers\CompositeBus.sys\SystemRoot\system32\DRIVERS\AgileVpn.sys\SystemRoot\system32\DRIVERS\rasl2tp.sys\SystemRoot\system32\DRIVERS\ndistapi.sys\SystemRoot\system32\DRIVERS\ndiswan.sys\SystemRoot\system32\DRIVERS\raspppoe.sys\SystemRoot\system32\DRIVERS\raspptp.sys\SystemRoot\system32\DRIVERS\rassstp.sys\SystemRoot\system32\drivers\swenum.sys\SystemRoot\system32\drivers\ks.sys\SystemRoot\system32\drivers\umbus.sys\SystemRoot\system32\DRIVERS\usbhub.sys\SystemRoot\System32\Drivers\NDProxy.SYS\SystemRoot\system32\drivers\CHDRT64.sys\SystemRoot\system32\drivers\portcls.sys\SystemRoot\system32\drivers\drmk.sys\SystemRoot\system32\drivers\ksthunk.sys\SystemRoot\system32\DRIVERS\IntcDAud.sys\SystemRoot\system32\DRIVERS\usbccgp.sys\SystemRoot\system32\DRIVERS\USBD.SYS\SystemRoot\system32\DRIVERS\snp2uvc.sys\SystemRoot\system32\DRIVERS\STREAM.SYS\SystemRoot\system32\DRIVERS\sncduvc.SYS\SystemRoot\System32\Drivers\crashdmp.sys\SystemRoot\System32\Drivers\dump_iaStor.sys\SystemRoot\System32\Drivers\dump_dumpfve.sys\SystemRoot\System32\win32k.sys\SystemRoot\System32\drivers\Dxapi.sys\SystemRoot\system32\DRIVERS\monitor.sys\SystemRoot\System32\TSDDD.dll\SystemRoot\system32\drivers\luafv.sys\??\C:\Windows\system32\drivers\mbam.sys\SystemRoot\system32\DRIVERS\Sftvollh.sys\SystemRoot\system32\drivers\WudfPf.sys\SystemRoot\system32\DRIVERS\lltdio.sys\SystemRoot\system32\DRIVERS\nwifi.sys\SystemRoot\system32\DRIVERS\ndisuio.sys\SystemRoot\system32\DRIVERS\rspndr.sys\??\C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys\SystemRoot\system32\DRIVERS\vwifimp.sys\SystemRoot\system32\drivers\HTTP.sys\SystemRoot\System32\DRIVERS\srvnet.sys\SystemRoot\system32\DRIVERS\bowser.sys\SystemRoot\system32\DRIVERS\mrxsmb.sys\SystemRoot\system32\DRIVERS\mrxsmb10.sys\SystemRoot\system32\DRIVERS\mrxsmb20.sys\SystemRoot\System32\DRIVERS\srv2.sys\SystemRoot\System32\DRIVERS\srv.sys\SystemRoot\system32\DRIVERS\tmcomm.sys\SystemRoot\system32\DRIVERS\tmevtmgr.sys\SystemRoot\system32\DRIVERS\tmactmon.sys\SystemRoot\system32\drivers\peauth.sys\SystemRoot\System32\Drivers\secdrv.SYS\SystemRoot\system32\DRIVERS\Sftfslh.sys\SystemRoot\system32\DRIVERS\Sftplaylh.sys\SystemRoot\System32\drivers\tcpipreg.sys\SystemRoot\system32\DRIVERS\Sftredirlh.sys\SystemRoot\System32\Drivers\fastfat.SYS\SystemRoot\System32\cdd.dll\??\C:\Windows\system32\drivers\mbamchameleon.sys\??\C:\Windows\system32\drivers\mbamswissarmy.sys\Windows\System32\ntdll.dll\Windows\System32\smss.exe\Windows\System32\apisetschema.dll----------- End -----------<<<1>>>Upper Device Name: \Device\Harddisk0\DR0Upper Device Object: 0xfffffa80032fc260Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\Ide\IAAStorageDevice-1\Lower Device Object: 0xfffffa8002d96050Lower Device Driver Name: \Driver\iaStor\Driver name found: iaStorDriverEntry returned 0x0Function returned 0x0Downloaded database version: v2012.11.12.04Downloaded database version: v2012.11.09.02Initializing...Done!Scanning directory: C:\Windows\system32\drivers...<<<2>>>Device number: 0, partition: 2Physical Sector Size: 512Drive: 0, DevicePointer: 0xfffffa80032fc260, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xfffffa80032fdb20, DeviceName: Unknown, DriverName: \Driver\partmgr\DevicePointer: 0xfffffa80032fc260, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\DevicePointer: 0xfffffa800232a330, DeviceName: Unknown, DriverName: \Driver\ACPI\DevicePointer: 0xfffffa8002d96050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\------------ End ----------Upper DeviceData: 0xfffff8a009ea7110, 0xfffffa80032fc260, 0xfffffa8009f45790Lower DeviceData: 0xfffff8a00ec1cad0, 0xfffffa8002d96050, 0xfffffa800660c550<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesDone!Drive 0Scanning MBR on drive 0...Inspecting partition table:MBR Signature: 55AADisk Signature: 8627C646Partition information: Partition 0 type is Other (0x1c) Partition is NOT ACTIVE. Partition starts at LBA: 64 Numsec = 45056000 Partition 1 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 45056064 Numsec = 251022139 Partition file system is NTFS Partition is bootable Partition 2 type is Extended with LBA (0xf) Partition is NOT ACTIVE. Partition starts at LBA: 296078203 Numsec = 680694965 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0Disk Size: 500107862016 bytesSector size: 512 bytesScanning physical sectors of unpartitioned space on drive 0 (1-63-976753168-976773168)...Done!Performing system, memory and registry scan...Read File: File "C:\ProgramData\AVG2013\Chjw\fe0a390b0a38c287.dat" is sparse (flags = 32768)Read File: File "C:\ProgramData\{073730B2-6CAE-4854-85C6-D25002372130}\BearShare_V10_en_Setup.dat" is compressed (flags = 1)Read File: File "C:\ProgramData\{073730B2-6CAE-4854-85C6-D25002372130}\BearShare_V10_en_Setup.lnk" is compressed (flags = 1)Read File: File "C:\ProgramData\{073730B2-6CAE-4854-85C6-D25002372130}\instance.dat" is compressed (flags = 1)Read File: File "C:\ProgramData\{FEC7DA28-87AB-47BB-8C6C-FFE15BF1037D}\Best Buy pc app Setup.dat" is compressed (flags = 1)Read File: File "C:\ProgramData\{FEC7DA28-87AB-47BB-8C6C-FFE15BF1037D}\instance.dat" is compressed (flags = 1)Infected: C:\Windows\System32\services.exe --> [Rootkit.0Access.S]Backup file found for a file C:\Windows\System32\services.exeInfected: C:\Windows\Installer\{9ae93be4-e136-43f7-255a-d8bb95c97099}\@ --> [backdoor.0Access]Infected: C:\Windows\Installer\{9ae93be4-e136-43f7-255a-d8bb95c97099}\L\00000004.@ --> [backdoor.0Access]Infected: C:\Windows\Installer\{9ae93be4-e136-43f7-255a-d8bb95c97099}\U\00000004.@ --> [backdoor.0Access]Infected: C:\Windows\Installer\{9ae93be4-e136-43f7-255a-d8bb95c97099}\U\00000008.@ --> [Trojan.Dropper.BCMiner]Infected: C:\Windows\Installer\{9ae93be4-e136-43f7-255a-d8bb95c97099}\U\000000cb.@ --> [backdoor.0Access]Infected: C:\Windows\Installer\{9ae93be4-e136-43f7-255a-d8bb95c97099}\U\80000000.@ --> [backdoor.0Access]Infected: C:\Windows\Installer\{9ae93be4-e136-43f7-255a-d8bb95c97099}\U\80000032.@ --> [Rootkit.0Access]Infected: C:\Windows\Installer\{9ae93be4-e136-43f7-255a-d8bb95c97099}\U\80000064.@ --> [backdoor.0Access]Infected: C:\Windows\assembly\GAC_32\Desktop.ini --> [Trojan.0access]Infected: C:\Windows\assembly\GAC_64\Desktop.ini --> [Rootkit.0access]Infected: C:\Users\Owner\Local Settings\{9ae93be4-e136-43f7-255a-d8bb95c97099}\@ --> [backdoor.0Access]Infected: C:\Users\Owner\Local Settings\Application Data\{9ae93be4-e136-43f7-255a-d8bb95c97099}\@ --> [backdoor.0Access]Infected: C:\Windows\Installer\{9ae93be4-e136-43f7-255a-d8bb95c97099}\L --> [backdoor.0Access]Infected: C:\Windows\Installer\{9ae93be4-e136-43f7-255a-d8bb95c97099}\L\1afb2d56 --> [backdoor.0Access]Infected: C:\Windows\Installer\{9ae93be4-e136-43f7-255a-d8bb95c97099}\L\201d3dde --> [backdoor.0Access]Infected: C:\Windows\Installer\{9ae93be4-e136-43f7-255a-d8bb95c97099}\U --> [backdoor.0Access]Infected: C:\Users\Owner\Local Settings\Application Data\{9ae93be4-e136-43f7-255a-d8bb95c97099}\U --> [backdoor.0Access]Infected: C:\Users\Owner\Local Settings\Application Data\{9ae93be4-e136-43f7-255a-d8bb95c97099}\L --> [backdoor.0Access]Done!Scan finishedCreating System Restore point...Scheduling clean up...<<<2>>>Device number: 0, partition: 2<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesRemoval scheduling successful. System shutdown needed.System shutdown occured=======================================---------------------------------------Malwarebytes Anti-Rootkit BETA 1.01.0.1009© Malwarebytes Corporation 2011-2012OS version: 6.1.7601 Windows 7 Service Pack 1 x64Account is AdministrativeInternet Explorer version: 9.0.8112.16421Java version: 1.6.0_32File system is: NTFSDisk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, Q:\ DRIVE_FIXEDCPU speed: 2.128000 GHzMemory total: 3066433536, free: 1582415872---------------------------------------Malwarebytes Anti-Rootkit BETA 1.01.0.1009© Malwarebytes Corporation 2011-2012OS version: 6.1.7601 Windows 7 Service Pack 1 x64Account is AdministrativeInternet Explorer version: 9.0.8112.16421Java version: 1.6.0_32File system is: NTFSDisk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, Q:\ DRIVE_FIXEDCPU speed: 2.128000 GHzMemory total: 3066433536, free: 1676881920------------ Kernel report ------------ 11/12/2012 10:50:19------------ Loaded modules -----------\SystemRoot\system32\ntoskrnl.exe\SystemRoot\system32\hal.dll\SystemRoot\system32\kdcom.dll\SystemRoot\system32\mcupdate_GenuineIntel.dll\SystemRoot\system32\PSHED.dll\SystemRoot\system32\CLFS.SYS\SystemRoot\system32\CI.dll\SystemRoot\system32\drivers\Wdf01000.sys\SystemRoot\system32\drivers\WDFLDR.SYS\SystemRoot\system32\drivers\ACPI.sys\SystemRoot\system32\drivers\WMILIB.SYS\SystemRoot\system32\drivers\msisadrv.sys\SystemRoot\system32\drivers\pci.sys\SystemRoot\system32\drivers\vdrvroot.sys\SystemRoot\System32\drivers\partmgr.sys\SystemRoot\system32\DRIVERS\compbatt.sys\SystemRoot\system32\DRIVERS\BATTC.SYS\SystemRoot\system32\drivers\volmgr.sys\SystemRoot\System32\drivers\volmgrx.sys\SystemRoot\system32\drivers\pciide.sys\SystemRoot\system32\drivers\PCIIDEX.SYS\SystemRoot\System32\drivers\mountmgr.sys\SystemRoot\system32\DRIVERS\iaStor.sys\SystemRoot\system32\drivers\atapi.sys\SystemRoot\system32\drivers\ataport.SYS\SystemRoot\system32\drivers\msahci.sys\SystemRoot\system32\drivers\amdxata.sys\SystemRoot\system32\drivers\fltmgr.sys\SystemRoot\system32\drivers\fileinfo.sys\SystemRoot\System32\Drivers\AsDsm.sys\SystemRoot\system32\DRIVERS\lullaby.sys\SystemRoot\System32\Drivers\Ntfs.sys\SystemRoot\System32\Drivers\msrpc.sys\SystemRoot\System32\Drivers\ksecdd.sys\SystemRoot\System32\Drivers\cng.sys\SystemRoot\System32\drivers\pcw.sys\SystemRoot\System32\Drivers\Fs_Rec.sys\SystemRoot\system32\drivers\ndis.sys\SystemRoot\system32\drivers\NETIO.SYS\SystemRoot\System32\Drivers\ksecpkg.sys\SystemRoot\System32\drivers\tcpip.sys\SystemRoot\System32\drivers\fwpkclnt.sys\SystemRoot\system32\drivers\volsnap.sys\SystemRoot\System32\Drivers\spldr.sys\SystemRoot\System32\drivers\rdyboost.sys\SystemRoot\System32\Drivers\mup.sys\SystemRoot\System32\drivers\hwpolicy.sys\SystemRoot\System32\DRIVERS\fvevol.sys\SystemRoot\system32\DRIVERS\disk.sys\SystemRoot\system32\DRIVERS\CLASSPNP.SYS\SystemRoot\system32\DRIVERS\avgrkx64.sys\SystemRoot\system32\DRIVERS\avgloga.sys\SystemRoot\system32\DRIVERS\avgmfx64.sys\SystemRoot\system32\DRIVERS\avgidsha.sys\SystemRoot\system32\drivers\cdrom.sys\SystemRoot\System32\Drivers\Null.SYS\SystemRoot\System32\Drivers\Beep.SYS\SystemRoot\System32\drivers\vga.sys\SystemRoot\System32\drivers\VIDEOPRT.SYS\SystemRoot\System32\drivers\watchdog.sys\SystemRoot\System32\DRIVERS\RDPCDD.sys\SystemRoot\system32\drivers\rdpencdd.sys\SystemRoot\system32\drivers\rdprefmp.sys\SystemRoot\System32\Drivers\Msfs.SYS\SystemRoot\System32\Drivers\Npfs.SYS\SystemRoot\system32\DRIVERS\avgfwd6a.sys\SystemRoot\system32\DRIVERS\tdx.sys\SystemRoot\system32\DRIVERS\TDI.SYS\SystemRoot\system32\DRIVERS\avgtdia.sys\SystemRoot\System32\DRIVERS\netbt.sys\SystemRoot\system32\drivers\afd.sys\SystemRoot\system32\DRIVERS\wfplwf.sys\SystemRoot\system32\DRIVERS\pacer.sys\SystemRoot\system32\DRIVERS\vwififlt.sys\SystemRoot\system32\DRIVERS\netbios.sys\SystemRoot\system32\DRIVERS\wanarp.sys\SystemRoot\system32\DRIVERS\tmtdi.sys\SystemRoot\system32\drivers\termdd.sys\SystemRoot\system32\DRIVERS\rdbss.sys\SystemRoot\system32\drivers\nsiproxy.sys\SystemRoot\system32\drivers\mssmbios.sys\SystemRoot\System32\drivers\discache.sys\SystemRoot\System32\Drivers\dfsc.sys\SystemRoot\system32\DRIVERS\blbdrive.sys\SystemRoot\system32\DRIVERS\avgldx64.sys\SystemRoot\system32\DRIVERS\avgidsdrivera.sys\SystemRoot\system32\DRIVERS\tunnel.sys\SystemRoot\system32\DRIVERS\igdkmd64.sys\SystemRoot\System32\drivers\dxgkrnl.sys\SystemRoot\System32\drivers\dxgmms1.sys\SystemRoot\system32\DRIVERS\HECIx64.sys\SystemRoot\system32\drivers\usbehci.sys\SystemRoot\system32\drivers\USBPORT.SYS\SystemRoot\system32\drivers\HDAudBus.sys\SystemRoot\system32\DRIVERS\athrx.sys\SystemRoot\system32\DRIVERS\vwifibus.sys\SystemRoot\system32\DRIVERS\jmcr.sys\SystemRoot\system32\DRIVERS\SCSIPORT.SYS\SystemRoot\system32\DRIVERS\JME.sys\SystemRoot\system32\DRIVERS\i8042prt.sys\SystemRoot\system32\DRIVERS\ETD.sys\SystemRoot\system32\DRIVERS\mouclass.sys\SystemRoot\system32\DRIVERS\kbfiltr.sys\SystemRoot\system32\drivers\kbdclass.sys\SystemRoot\system32\DRIVERS\Impcd.sys\SystemRoot\system32\DRIVERS\CmBatt.sys\SystemRoot\system32\DRIVERS\intelppm.sys\SystemRoot\system32\DRIVERS\ATK64AMD.sys\SystemRoot\system32\drivers\CompositeBus.sys\SystemRoot\system32\DRIVERS\AgileVpn.sys\SystemRoot\system32\DRIVERS\rasl2tp.sys\SystemRoot\system32\DRIVERS\ndistapi.sys\SystemRoot\system32\DRIVERS\ndiswan.sys\SystemRoot\system32\DRIVERS\raspppoe.sys\SystemRoot\system32\DRIVERS\raspptp.sys\SystemRoot\system32\DRIVERS\rassstp.sys\SystemRoot\system32\drivers\swenum.sys\SystemRoot\system32\drivers\ks.sys\SystemRoot\system32\drivers\umbus.sys\SystemRoot\system32\DRIVERS\usbhub.sys\SystemRoot\System32\Drivers\NDProxy.SYS\SystemRoot\system32\drivers\CHDRT64.sys\SystemRoot\system32\drivers\portcls.sys\SystemRoot\system32\drivers\drmk.sys\SystemRoot\system32\drivers\ksthunk.sys\SystemRoot\system32\DRIVERS\IntcDAud.sys\SystemRoot\system32\DRIVERS\usbccgp.sys\SystemRoot\system32\DRIVERS\USBD.SYS\SystemRoot\system32\DRIVERS\snp2uvc.sys\SystemRoot\system32\DRIVERS\STREAM.SYS\SystemRoot\system32\DRIVERS\sncduvc.SYS\SystemRoot\System32\Drivers\crashdmp.sys\SystemRoot\System32\Drivers\dump_iaStor.sys\SystemRoot\System32\Drivers\dump_dumpfve.sys\SystemRoot\System32\win32k.sys\SystemRoot\System32\drivers\Dxapi.sys\SystemRoot\system32\DRIVERS\monitor.sys\SystemRoot\System32\TSDDD.dll\SystemRoot\System32\cdd.dll\SystemRoot\system32\drivers\luafv.sys\??\C:\Windows\system32\drivers\mbam.sys\SystemRoot\system32\DRIVERS\Sftvollh.sys\SystemRoot\system32\drivers\WudfPf.sys\SystemRoot\system32\DRIVERS\lltdio.sys\SystemRoot\system32\DRIVERS\nwifi.sys\SystemRoot\system32\DRIVERS\ndisuio.sys\SystemRoot\system32\DRIVERS\rspndr.sys\??\C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys\SystemRoot\system32\DRIVERS\vwifimp.sys\SystemRoot\system32\drivers\HTTP.sys\SystemRoot\System32\DRIVERS\srvnet.sys\SystemRoot\system32\DRIVERS\bowser.sys\SystemRoot\system32\DRIVERS\mrxsmb.sys\SystemRoot\system32\DRIVERS\mrxsmb10.sys\SystemRoot\system32\DRIVERS\mrxsmb20.sys\SystemRoot\System32\DRIVERS\srv2.sys\SystemRoot\System32\DRIVERS\srv.sys\SystemRoot\system32\DRIVERS\tmcomm.sys\SystemRoot\system32\DRIVERS\tmevtmgr.sys\SystemRoot\system32\DRIVERS\tmactmon.sys\SystemRoot\system32\drivers\peauth.sys\SystemRoot\System32\Drivers\secdrv.SYS\SystemRoot\system32\DRIVERS\Sftfslh.sys\SystemRoot\system32\DRIVERS\Sftplaylh.sys\SystemRoot\System32\drivers\tcpipreg.sys\SystemRoot\system32\DRIVERS\Sftredirlh.sys\SystemRoot\System32\Drivers\fastfat.SYS\SystemRoot\system32\drivers\spsys.sys\??\C:\Windows\system32\drivers\mbamchameleon.sys\??\C:\Windows\system32\drivers\mbamswissarmy.sys\Windows\System32\ntdll.dll\Windows\System32\smss.exe\Windows\System32\apisetschema.dll----------- End -----------<<<1>>>Upper Device Name: \Device\Harddisk0\DR0Upper Device Object: 0xfffffa80032fb410Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\Ide\IAAStorageDevice-1\Lower Device Object: 0xfffffa8002d6a050Lower Device Driver Name: \Driver\iaStor\Driver name found: iaStorDriverEntry returned 0x0Function returned 0x0Downloaded database version: v2012.11.12.05Initializing...Done!Scanning directory: C:\Windows\system32\drivers...<<<2>>>Device number: 0, partition: 2Physical Sector Size: 512Drive: 0, DevicePointer: 0xfffffa80032fb410, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xfffffa80032fc040, DeviceName: Unknown, DriverName: \Driver\partmgr\DevicePointer: 0xfffffa80032fb410, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\DevicePointer: 0xfffffa800232a040, DeviceName: Unknown, DriverName: \Driver\ACPI\DevicePointer: 0xfffffa8002d6a050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\------------ End ----------Upper DeviceData: 0xfffff8a00a399830, 0xfffffa80032fb410, 0xfffffa8002fa8790Lower DeviceData: 0xfffff8a00a2b84e0, 0xfffffa8002d6a050, 0xfffffa8002969950<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesDone!Drive 0Scanning MBR on drive 0...Inspecting partition table:MBR Signature: 55AADisk Signature: 8627C646Partition information: Partition 0 type is Other (0x1c) Partition is NOT ACTIVE. Partition starts at LBA: 64 Numsec = 45056000 Partition 1 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 45056064 Numsec = 251022139 Partition file system is NTFS Partition is bootable Partition 2 type is Extended with LBA (0xf) Partition is NOT ACTIVE. Partition starts at LBA: 296078203 Numsec = 680694965 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0Disk Size: 500107862016 bytesSector size: 512 bytesScanning physical sectors of unpartitioned space on drive 0 (1-63-976753168-976773168)...Done!Performing system, memory and registry scan...Read File: File "C:\ProgramData\{073730B2-6CAE-4854-85C6-D25002372130}\BearShare_V10_en_Setup.dat" is compressed (flags = 1)Read File: File "C:\ProgramData\{073730B2-6CAE-4854-85C6-D25002372130}\BearShare_V10_en_Setup.lnk" is compressed (flags = 1)Read File: File "C:\ProgramData\{073730B2-6CAE-4854-85C6-D25002372130}\instance.dat" is compressed (flags = 1)Read File: File "C:\ProgramData\{FEC7DA28-87AB-47BB-8C6C-FFE15BF1037D}\Best Buy pc app Setup.dat" is compressed (flags = 1)Read File: File "C:\ProgramData\{FEC7DA28-87AB-47BB-8C6C-FFE15BF1037D}\instance.dat" is compressed (flags = 1)Done!Scan finished=======================================Malwarebytes Anti-Rootkit 1.1.0.1009www.malwarebytes.orgDatabase version: v2012.11.12.04Windows 7 Service Pack 1 x64 NTFSInternet Explorer 9.0.8112.16421Owner :: OWNER-PC [administrator]11/12/2012 7:35:01 AMmbar-log-2012-11-12 (07-35-01).txtScan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/ShurikenScan options disabled: PUP | PUM | P2PObjects scanned: 25732Time elapsed: 18 minute(s),Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 4C:\Windows\Installer\{9ae93be4-e136-43f7-255a-d8bb95c97099}\L (Backdoor.0Access) -> Delete on reboot. [f2a98c29e47945f1b1cf54ac2ad66898]C:\Windows\Installer\{9ae93be4-e136-43f7-255a-d8bb95c97099}\U (Backdoor.0Access) -> Delete on reboot. [e7b4684d70ede05682ff56aac13f6c94]C:\Users\Owner\Local Settings\Application Data\{9ae93be4-e136-43f7-255a-d8bb95c97099}\U (Backdoor.0Access) -> Delete on reboot. [1f7c595cc09dee48384c926e2fd17a86]C:\Users\Owner\Local Settings\Application Data\{9ae93be4-e136-43f7-255a-d8bb95c97099}\L (Backdoor.0Access) -> Delete on reboot. [316a2095491402340d7802fef10f9769]Files Detected: 15C:\Windows\System32\services.exe (Rootkit.0Access.S) -> Delete on reboot. [014a9cb92514e27c0107614df764bc06]C:\Windows\Installer\{9ae93be4-e136-43f7-255a-d8bb95c97099}\@ (Backdoor.0Access) -> Delete on reboot. [bdded8dd2835bb7b5cfd08f845bb29d7]C:\Windows\Installer\{9ae93be4-e136-43f7-255a-d8bb95c97099}\L\00000004.@ (Backdoor.0Access) -> Delete on reboot. [2e6d288d1746af871047b44ce719eb15]C:\Windows\Installer\{9ae93be4-e136-43f7-255a-d8bb95c97099}\U\00000004.@ (Backdoor.0Access) -> Delete on reboot. [3368684d85d813238cca4cb4fd03fe02]C:\Windows\Installer\{9ae93be4-e136-43f7-255a-d8bb95c97099}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Delete on reboot. [cecd8332401dbd7997c4921fc13f51af]C:\Windows\Installer\{9ae93be4-e136-43f7-255a-d8bb95c97099}\U\000000cb.@ (Backdoor.0Access) -> Delete on reboot. [e2b9f6bf5904d462de7837c9966a659b]C:\Windows\Installer\{9ae93be4-e136-43f7-255a-d8bb95c97099}\U\80000000.@ (Backdoor.0Access) -> Delete on reboot. [46550ca91a43340256001ce439c77090]C:\Windows\Installer\{9ae93be4-e136-43f7-255a-d8bb95c97099}\U\80000032.@ (Rootkit.0Access) -> Delete on reboot. [3a612392104d38fe4377bb0ffc0457a9]C:\Windows\Installer\{9ae93be4-e136-43f7-255a-d8bb95c97099}\U\80000064.@ (Backdoor.0Access) -> Delete on reboot. [77245b5a441940f6aea8da26a8586799]C:\Windows\assembly\GAC_32\Desktop.ini (Trojan.0access) -> Delete on reboot. [67349322ea739f97a6e76b4645bbb947]C:\Windows\assembly\GAC_64\Desktop.ini (Rootkit.0access) -> Delete on reboot. [5447a51099c4da5c7e425374b34d13ed]C:\Users\Owner\Local Settings\{9ae93be4-e136-43f7-255a-d8bb95c97099}\@ (Backdoor.0Access) -> Delete on reboot. [633872434b12b87e27e607f92dd3b54b]C:\Users\Owner\Local Settings\Application Data\{9ae93be4-e136-43f7-255a-d8bb95c97099}\@ (Backdoor.0Access) -> Delete on reboot. [4c4f5e57b2ab82b40d00ec14da26e818]C:\Windows\Installer\{9ae93be4-e136-43f7-255a-d8bb95c97099}\L\1afb2d56 (Backdoor.0Access) -> Delete on reboot. [f2a98c29e47945f1b1cf54ac2ad66898]C:\Windows\Installer\{9ae93be4-e136-43f7-255a-d8bb95c97099}\L\201d3dde (Backdoor.0Access) -> Delete on reboot. [f2a98c29e47945f1b1cf54ac2ad66898](end) Link to post Share on other sites More sharing options...
MrCharlie Posted November 12, 2012 ID:612547 Share Posted November 12, 2012 Did you run MBAR twice?If so.............Please run the fixdamage tool in the Malwarebytes Anti-Rootkit folder and reboot.MrC Link to post Share on other sites More sharing options...
MrF3rrari Posted November 12, 2012 Author ID:612626 Share Posted November 12, 2012 sure did and it came back with no results.....which is a good thing, right? Link to post Share on other sites More sharing options...
MrF3rrari Posted November 12, 2012 Author ID:612628 Share Posted November 12, 2012 Ran the fix damage tool Link to post Share on other sites More sharing options...
MrCharlie Posted November 12, 2012 ID:612634 Share Posted November 12, 2012 sure did and it came back with no results.....which is a good thing, right?Ran the fix damage toolGreat!Please download AdwCleaner from here and save it on your Desktop. Right-click on adwcleaner.exe and select Run As Administrator (for XP just double click) to launch the application.Now click on the Search tab.Please post the contents of the log-file created in your next post.Note: The log can also be located at C:\ >> AdwCleaner[XX].txt >> XX <-- Denotes the number of times the application has been ran, so in this should be something like R1.MrC Link to post Share on other sites More sharing options...
MrF3rrari Posted November 13, 2012 Author ID:612762 Share Posted November 13, 2012 Also complete MrC Link to post Share on other sites More sharing options...
MrF3rrari Posted November 13, 2012 Author ID:612763 Share Posted November 13, 2012 I'll post the log when I'm off of work. Link to post Share on other sites More sharing options...
MrF3rrari Posted November 13, 2012 Author ID:612765 Share Posted November 13, 2012 # AdwCleaner v2.007 - Logfile created 11/12/2012 at 21:24:38# Updated 06/11/2012 by Xplode# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)# User : Owner - OWNER-PC# Boot Mode : Normal# Running from : C:\Users\Owner\Desktop\adwcleaner.exe# Option [search]***** [services] ********** [Files / Folders] *****Folder Found : C:\Program Files (x86)\Ask.comFolder Found : C:\ProgramData\AskFolder Found : C:\ProgramData\boost_interprocessFolder Found : C:\Users\Owner\AppData\Local\Temp\AskSearchFolder Found : C:\Users\Owner\AppData\LocalLow\AskToolbarFolder Found : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}***** [Registry] *****Key Found : HKCU\Software\APNKey Found : HKCU\Software\AppDataLow\Software\AskToolbarKey Found : HKCU\Software\Ask.comKey Found : HKCU\Software\DataMngrKey Found : HKCU\Software\DataMngr_ToolbarKey Found : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B939CF93-F2CB-443d-956C-DC523D85C9DB}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C2D64FF7-0AB8-4263-89C9-EA3B0F8F050C}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B939CF93-F2CB-443d-956C-DC523D85C9DB}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C2D64FF7-0AB8-4263-89C9-EA3B0F8F050C}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}Key Found : HKLM\Software\APNKey Found : HKLM\Software\AskToolbarKey Found : HKLM\SOFTWARE\Classes\AppID\{1FC41815-FA4C-4F8B-B143-2C045C8EA2FC}Key Found : HKLM\SOFTWARE\Classes\AppID\{21493C1F-D071-496A-9C27-450578888291}Key Found : HKLM\SOFTWARE\Classes\AppID\{403A885F-CB00-40C1-BDC1-EB09053194F7}Key Found : HKLM\SOFTWARE\Classes\AppID\{55C1727F-5535-4C2A-9601-8C2458608B48}Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}Key Found : HKLM\SOFTWARE\Classes\AppID\{A7DDCBDE-5C86-415c-8A37-763AE183E7E4}Key Found : HKLM\SOFTWARE\Classes\AppID\DiscoveryHelper.DLLKey Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLLKey Found : HKLM\SOFTWARE\Classes\AppID\GIFAnimator.DLLKey Found : HKLM\SOFTWARE\Classes\AppID\IMTrProgress.DLLKey Found : HKLM\SOFTWARE\Classes\AppID\IMWeb.DLLKey Found : HKLM\SOFTWARE\Classes\AppID\WMHelper.DLLKey Found : HKLM\SOFTWARE\Classes\DiscoveryHelper.iMesh6DiscoveryKey Found : HKLM\SOFTWARE\Classes\DiscoveryHelper.iMesh6Discovery.1Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWndKey Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1Key Found : HKLM\SOFTWARE\Classes\imweb.imwebcontrolKey Found : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEFKey Found : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEFKey Found : HKLM\SOFTWARE\Classes\TypeLib\{252C2315-CCE0-4446-8DA7-C00292A690BA}Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}Key Found : HKLM\SOFTWARE\Classes\TypeLib\{403A885F-CB00-40C1-BDC1-EB09053194F7}Key Found : HKLM\SOFTWARE\Classes\TypeLib\{55C1727F-5535-4C2A-9601-8C2458608B48}Key Found : HKLM\SOFTWARE\Classes\TypeLib\{96F7FABC-5789-EFA4-B6ED-1272F4C1D27B}Key Found : HKLM\Software\DataMngrKey Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{872F3C0B-4462-424C-BB9F-74C6899B9F92}Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B6F8DA9F-2696-419e-A8A3-19BE41EF51BD}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2656B92B-0207-4afb-BEBF-F5FD231ECD39}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{27BF8F8D-58B8-D41C-F913-B7EEB57EF6F6}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{34CB0620-E343-4772-BBA8-D3074BC47516}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3BF72F68-72D8-461D-A884-329D936C5581}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{412CD209-DDA4-4275-8C79-55F1C93FBD47}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{59570C1F-B692-48c9-91B4-7809E6945287}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{63A0F7FA-2C95-4d7e-AF25-EFCC303D20A1}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6559E502-6EE1-46b8-A83C-F3A45BDA23EE}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{78E9D883-93CD-4072-BEF3-38EE581E2839}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{83AC1413-FCE4-4A46-9DD5-4F31F306E71F}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A2858A72-758F-4486-B6A1-7F1DCC0924FA}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B6F8DA9F-2696-419e-A8A3-19BE41EF51BD}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B939CF93-F2CB-443d-956C-DC523D85C9DB}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C2D64FF7-0AB8-4263-89C9-EA3B0F8F050C}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C63CA8A4-AB4E-49e5-A6C0-33FC86D80205}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C6A7847E-8931-4a9a-B4EF-72A91E3CCF4D}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DD0F1D24-E250-4e93-966C-65615720AEFB}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EC1277BB-1C71-4c0d-BA6D-BFEA16E773A6}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5E8CD073-21DF-4117-9BBD-D03C45D36CAE}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{CA1CE38C-F04C-471F-B9F3-083C58165C10}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2}Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C2D64FF7-0AB8-4263-89C9-EA3B0F8F050C}Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B939CF93-F2CB-443d-956C-DC523D85C9DB}Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C2D64FF7-0AB8-4263-89C9-EA3B0F8F050C}Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Wincore MediaBarKey Found : HKLM\SOFTWARE\Classes\CLSID\{B939CF93-F2CB-443d-956C-DC523D85C9DB}Key Found : HKLM\SOFTWARE\Classes\Interface\{5E8CD073-21DF-4117-9BBD-D03C45D36CAE}Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}Key Found : HKLM\SOFTWARE\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3}Key Found : HKLM\SOFTWARE\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA}Key Found : HKLM\SOFTWARE\Classes\Interface\{CA1CE38C-F04C-471F-B9F3-083C58165C10}Key Found : HKLM\SOFTWARE\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2}Key Found : HKLM\SOFTWARE\DataMngrKey Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B939CF93-F2CB-443d-956C-DC523D85C9DB}Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEFKey Found : HKU\S-1-5-21-1598159867-904018426-487419563-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [DataMngr]Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{C2D64FF7-0AB8-4263-89C9-EA3B0F8F050C}]Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]***** [internet Browsers] *****-\\ Internet Explorer v9.0.8112.16421[OK] Registry is clean.-\\ Google Chrome v23.0.1271.64File : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Preferences[OK] File is clean.*************************AdwCleaner[R1].txt - [9841 octets] - [12/11/2012 21:24:38]########## EOF - C:\AdwCleaner[R1].txt - [9901 octets] ########## Link to post Share on other sites More sharing options...
MrCharlie Posted November 13, 2012 ID:612804 Share Posted November 13, 2012 Lots of adware found....lets clear it out..... Please re-run AdwCleanerClick on Delete button.Confirm each time with OK if asked.Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply.Note: You can find the logfile at C:\AdwCleaner[sn].txt as well - n is the order number.~~~~~~~~~~~~~~~~~~~~~~~~~~~~Then..............Lets check your computers security before you go and we have a little cleanup to do also:Download Security Check by screen317 from HERE or HERE.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt.Please Post the contents of that document.Do Not Attach It!!!MrC Link to post Share on other sites More sharing options...
MrF3rrari Posted November 13, 2012 Author ID:612827 Share Posted November 13, 2012 Results of screen317's Security Check version 0.99.54 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Disabled! AVG Internet Security 2013 Trend Micro Titanium Antivirus up to date! (On Access scanning disabled!)`````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.65.1.1000 Java 6 Update 32 Java 7 Update 9 Adobe Flash Player 10 Flash Player out of Date! Google Chrome 21.0.1180.83 Google Chrome 21.0.1180.89 Google Chrome 22.0.1229.94 Google Chrome 23.0.1271.64 ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe AVG avgwdsvc.exe Malwarebytes' Anti-Malware mbamscheduler.exe Trend Micro AMSP coreServiceShell.exe Trend Micro UniClient UiFrmWrk uiWatchDog.exe Trend Micro AMSP coreFrameworkHost.exe Trend Micro UniClient UiFrmWrk uiSeAgnt.exe Trend Micro AMSP AMSP_LogServer.exe Trend Micro Titanium UIFramework uiWinMgr.exe`````````````````System Health check````````````````` Total Fragmentation on Drive C: 10%````````````````````End of Log``````````````````````# AdwCleaner v2.007 - Logfile created 11/13/2012 at 07:22:55# Updated 06/11/2012 by Xplode# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)# User : Owner - OWNER-PC# Boot Mode : Normal# Running from : C:\Users\Owner\Downloads\adwcleaner.exe# Option [Delete]***** [services] ********** [Files / Folders] *****Folder Deleted : C:\Program Files (x86)\Ask.comFolder Deleted : C:\ProgramData\AskFolder Deleted : C:\ProgramData\boost_interprocessFolder Deleted : C:\Users\Owner\AppData\Local\Temp\AskSearchFolder Deleted : C:\Users\Owner\AppData\LocalLow\AskToolbarFolder Deleted : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}***** [Registry] *****Key Deleted : HKCU\Software\APNKey Deleted : HKCU\Software\AppDataLow\Software\AskToolbarKey Deleted : HKCU\Software\Ask.comKey Deleted : HKCU\Software\DataMngrKey Deleted : HKCU\Software\DataMngr_ToolbarKey Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B939CF93-F2CB-443d-956C-DC523D85C9DB}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C2D64FF7-0AB8-4263-89C9-EA3B0F8F050C}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B939CF93-F2CB-443d-956C-DC523D85C9DB}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C2D64FF7-0AB8-4263-89C9-EA3B0F8F050C}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}Key Deleted : HKLM\Software\APNKey Deleted : HKLM\Software\AskToolbarKey Deleted : HKLM\SOFTWARE\Classes\AppID\{1FC41815-FA4C-4F8B-B143-2C045C8EA2FC}Key Deleted : HKLM\SOFTWARE\Classes\AppID\{21493C1F-D071-496A-9C27-450578888291}Key Deleted : HKLM\SOFTWARE\Classes\AppID\{403A885F-CB00-40C1-BDC1-EB09053194F7}Key Deleted : HKLM\SOFTWARE\Classes\AppID\{55C1727F-5535-4C2A-9601-8C2458608B48}Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}Key Deleted : HKLM\SOFTWARE\Classes\AppID\{A7DDCBDE-5C86-415c-8A37-763AE183E7E4}Key Deleted : HKLM\SOFTWARE\Classes\AppID\DiscoveryHelper.DLLKey Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLLKey Deleted : HKLM\SOFTWARE\Classes\AppID\GIFAnimator.DLLKey Deleted : HKLM\SOFTWARE\Classes\AppID\IMTrProgress.DLLKey Deleted : HKLM\SOFTWARE\Classes\AppID\IMWeb.DLLKey Deleted : HKLM\SOFTWARE\Classes\AppID\WMHelper.DLLKey Deleted : HKLM\SOFTWARE\Classes\DiscoveryHelper.iMesh6DiscoveryKey Deleted : HKLM\SOFTWARE\Classes\DiscoveryHelper.iMesh6Discovery.1Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWndKey Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1Key Deleted : HKLM\SOFTWARE\Classes\imweb.imwebcontrolKey Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEFKey Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEFKey Deleted : HKLM\SOFTWARE\Classes\TypeLib\{252C2315-CCE0-4446-8DA7-C00292A690BA}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{403A885F-CB00-40C1-BDC1-EB09053194F7}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{55C1727F-5535-4C2A-9601-8C2458608B48}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{96F7FABC-5789-EFA4-B6ED-1272F4C1D27B}Key Deleted : HKLM\Software\DataMngrKey Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{872F3C0B-4462-424C-BB9F-74C6899B9F92}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B6F8DA9F-2696-419e-A8A3-19BE41EF51BD}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2656B92B-0207-4afb-BEBF-F5FD231ECD39}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{27BF8F8D-58B8-D41C-F913-B7EEB57EF6F6}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{34CB0620-E343-4772-BBA8-D3074BC47516}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3BF72F68-72D8-461D-A884-329D936C5581}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{412CD209-DDA4-4275-8C79-55F1C93FBD47}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{59570C1F-B692-48c9-91B4-7809E6945287}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{63A0F7FA-2C95-4d7e-AF25-EFCC303D20A1}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6559E502-6EE1-46b8-A83C-F3A45BDA23EE}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{78E9D883-93CD-4072-BEF3-38EE581E2839}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{83AC1413-FCE4-4A46-9DD5-4F31F306E71F}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A2858A72-758F-4486-B6A1-7F1DCC0924FA}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B6F8DA9F-2696-419e-A8A3-19BE41EF51BD}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B939CF93-F2CB-443d-956C-DC523D85C9DB}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C2D64FF7-0AB8-4263-89C9-EA3B0F8F050C}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C63CA8A4-AB4E-49e5-A6C0-33FC86D80205}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C6A7847E-8931-4a9a-B4EF-72A91E3CCF4D}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DD0F1D24-E250-4e93-966C-65615720AEFB}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EC1277BB-1C71-4c0d-BA6D-BFEA16E773A6}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5E8CD073-21DF-4117-9BBD-D03C45D36CAE}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{CA1CE38C-F04C-471F-B9F3-083C58165C10}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C2D64FF7-0AB8-4263-89C9-EA3B0F8F050C}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B939CF93-F2CB-443d-956C-DC523D85C9DB}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C2D64FF7-0AB8-4263-89C9-EA3B0F8F050C}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Wincore MediaBarKey Deleted : HKLM\SOFTWARE\Classes\CLSID\{B939CF93-F2CB-443d-956C-DC523D85C9DB}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5E8CD073-21DF-4117-9BBD-D03C45D36CAE}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CA1CE38C-F04C-471F-B9F3-083C58165C10}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2}Key Deleted : HKLM\SOFTWARE\DataMngrKey Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B939CF93-F2CB-443d-956C-DC523D85C9DB}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEFValue Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [DataMngr]Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{C2D64FF7-0AB8-4263-89C9-EA3B0F8F050C}]Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]***** [internet Browsers] *****-\\ Internet Explorer v9.0.8112.16421[OK] Registry is clean.-\\ Google Chrome v23.0.1271.64File : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Preferences[OK] File is clean.*************************AdwCleaner[R1].txt - [9944 octets] - [13/11/2012 07:22:10]AdwCleaner[s1].txt - [9962 octets] - [13/11/2012 07:22:55]########## EOF - C:\AdwCleaner[s1].txt - [10022 octets] ########## Link to post Share on other sites More sharing options...
MrCharlie Posted November 13, 2012 ID:612854 Share Posted November 13, 2012 Java™ 6 Update 32 <----please uninstall from add/remove programsJava 7 Update 9 <----OKAdobe Flash Player 10 Flash Player out of Date! <----please check for an updateYou have out dated programs on the system which are vulnerable to malware.Please update or uninstall themInfo on doing that can be found in my Preventive Maintenance~~~~~~~~~~~~~~~~~~~~~A little clean up to do....Please Uninstall ComboFix: (if you used it)Press the Windows logo key + R to bring up the "run box"Copy and paste next command in the field:ComboFix /uninstallMake sure there's a space between Combofix and /Then hit enter.This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall)---------------------------------Please download OTL from one of the links below: (you may already have OTL on the system)http://oldtimer.geekstogo.com/OTL.exehttp://oldtimer.geekstogo.com/OTL.comhttp://www.itxassoci...T-Tools/OTL.exeSave it to your desktop.Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)Any other programs or logs you can manually delete.IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST, etc....-------------------------------Any questions...please post back.If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.Take a look at My Preventive Maintenance to avoid being infected again.Good Luck and Thanks for using the forum, MrC Link to post Share on other sites More sharing options...
Maurice Naggar Posted November 14, 2012 ID:613201 Share Posted November 14, 2012 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts