ravenschyld Posted November 14, 2012 ID:613276 Share Posted November 14, 2012 Not sure what is actually going on, but I keep getting the BSOD, as it is so lovingly refered to. Any Help would be greatly appreciated to see if it is something that can be handled here or not. Thank you in advance for your time.attach.txtdds.txt Link to post Share on other sites More sharing options...
Maniac Posted November 14, 2012 ID:613295 Share Posted November 14, 2012 Hello ravenschyld! My name is Maniac and I will be glad to help you solve your malware problem.Please note:If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.Make sure you read all of the instructions and fixes thoroughly before continuing with them.Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.Step 1Please uninstall LimeWire 5.6.2.http://forums.malwarebytes.org/index.php?showtopic=97700Step 2Please download Junkware Removal Tool to your desktop.Shut down your protection software now to avoid potential conflicts.Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.The tool will open and start scanning your system.Please be patient as this can take a while to complete depending on your system's specifications.On completion, a log (JRT.txt) is saved to your desktop and will automatically open.Post the contents of JRT.txt into your next message.Step 3Please download Malwarebytes Anti-Rootkit here.Unzip the contents to a folder in a convenient location.Open the folder where the contents were unzipped and run mbar.exe ( right click and select Run as adminsistrator for Vista and Windows 7)Follow the instructions in the wizard to update and allow the program to scan your computer for threats.Click on the Cleanup button to remove any threats and reboot if prompted to do so.Wait while the system shuts down and the cleanup process is performed.Please post the two logs produced.In your next reply, post the following log files:Junkware Removal Tool logMalwarebytes Anti-Rootkit logDDS log (a new fresh) Link to post Share on other sites More sharing options...
ravenschyld Posted November 15, 2012 Author ID:613322 Share Posted November 15, 2012 dds -DDS (Ver_2012-11-07.01) - NTFS_AMD64Internet Explorer: 9.0.8112.16450 BrowserJavaVersion: 1.6.0_37Run by Drew at 19:14:55 on 2012-11-14Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.8191.6855 [GMT -5:00].SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.============== Running Processes ===============.C:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\AUDIODG.EXEC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Windows\System32\svchost.exe -k HPZ12C:\Windows\System32\svchost.exe -k HPZ12C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exeC:\Windows\system32\svchost.exe -k imgsvcC:\Windows\System32\svchost.exe -k secsvcsC:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exeC:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXEC:\Windows\system32\WUDFHost.exeC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\system32\taskhost.exeC:\Windows\system32\taskeng.exeC:\Windows\system32\taskeng.exeC:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exeC:\Program Files (x86)\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Users\Drew\AppData\Local\Apps\2.0\W228WO51.YK2\WL821MM7.H1W\curs..tion_9e9e83ddf3ed3ead_0005.0001_161f1f0e4761792c\CurseClient.exeC:\Windows\system32\SearchIndexer.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Windows\system32\SearchProtocolHost.exeC:\Windows\system32\SearchFilterHost.exeC:\Windows\System32\svchost.exe -k LocalServicePeerNetC:\Windows\system32\wbem\wmiprvse.exeC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Windows\System32\svchost.exe -k WerSvcGroupC:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exeC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Windows\system32\sppsvc.exeC:\Windows\System32\cscript.exe.============== Pseudo HJT Report ===============.BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dllBHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllBHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dllBHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dllBHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dllStartupFolder: C:\Users\Drew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccipuPolicies-Explorer: NoDrives = dword:0mPolicies-Explorer: NoDrives = dword:0mPolicies-System: ConsentPromptBehaviorAdmin = dword:5mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableUIADesktopToggle = dword:0IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllDPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - hxxp://support.asus.com/common/asusTek_sys_ctrl.cabDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cabTCP: NameServer = 192.168.254.254TCP: Interfaces\{13278409-1DC1-4AA4-83BD-E0BE72EE68BA} : DHCPNameServer = 192.168.254.254SSODL: WebCheck - <orphaned>x64-BHO: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dllx64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch.================= FIREFOX ===================.FF - ProfilePath - C:\Users\Drew\AppData\Roaming\Mozilla\Firefox\Profiles\gyjynieh.default\FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLLFF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dllFF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dllFF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dllFF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dllFF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dllFF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dllFF - plugin: C:\Users\Drew\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dllFF - plugin: C:\Windows\SysWOW64\npdeployJava1.dllFF - plugin: C:\Windows\SysWOW64\npmproxy.dll.============= SERVICES / DRIVERS ===============.R0 SCMNdisP;General NDIS Protocol Driver;C:\Windows\System32\drivers\SCMNdisP.sys [2010-12-20 25312]R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2010-12-20 38456]R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\drivers\viahduaa.sys [2010-7-30 1301504]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;C:\Windows\System32\drivers\bcmwlhigh664.sys [2010-12-20 838136]S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2010-7-30 61280]S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2009-8-6 704864]S3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;C:\Windows\System32\drivers\netr28x.sys [2009-6-10 620544]S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-12-23 1255736]S4 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-7-30 202752]S4 Device Handle Service;Device Handle Service;C:\Windows\SysWOW64\AsHookDevice.exe [2010-7-30 203392]S4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-7-9 248936]S4 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-10-7 2754984]S4 WSWNDA3100;WSWNDA3100;C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe [2010-12-20 278528].=============== Created Last 30 ================.2012-11-14 23:58:08 -------- d-----w- C:\Windows\ERUNT2012-11-14 23:58:02 -------- d-----w- C:\JRT2012-11-13 10:40:25 9291768 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3E779913-B096-4E89-B042-1D738636F201}\mpengine.dll2012-11-07 18:12:57 -------- d-----w- C:\Program Files (x86)\Xelerated Warcraft Guides2012-11-01 14:36:45 -------- d-sh--w- C:\$RECYCLE.BIN2012-10-28 18:25:31 -------- d-----w- C:\TDSSKiller_Quarantine2012-10-28 15:49:55 -------- d-----w- C:\Users\Drew\AppData\Roaming\Malwarebytes2012-10-28 15:49:49 -------- d-----w- C:\ProgramData\Malwarebytes2012-10-28 15:16:05 -------- d-----w- C:\Windows\pss.==================== Find3M ====================.2012-10-13 02:37:37 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2012-10-13 02:37:37 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe2012-09-24 19:32:24 477168 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll2012-09-24 19:32:20 473072 ----a-w- C:\Windows\SysWow64\deployJava1.dll2012-09-20 20:02:06 1832760 ----a-w- C:\Windows\System32\LogiLDA.DLL2012-09-14 19:23:40 2048 ----a-w- C:\Windows\System32\tzres.dll2012-09-14 18:30:38 2048 ----a-w- C:\Windows\SysWow64\tzres.dll2012-08-31 18:02:20 1656688 ----a-w- C:\Windows\System32\drivers\ntfs.sys2012-08-30 18:11:29 5505904 ----a-w- C:\Windows\System32\ntoskrnl.exe2012-08-30 17:18:33 3958128 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe2012-08-30 17:18:33 3902832 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe2012-08-24 18:05:28 220160 ----a-w- C:\Windows\System32\wintrust.dll2012-08-24 17:10:47 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll2012-08-21 17:01:20 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys2012-08-21 17:01:20 125872 ----a-w- C:\Windows\System32\GEARAspi64.dll2012-08-21 17:01:20 106928 ----a-w- C:\Windows\SysWow64\GEARAspi.dll2012-08-18 15:43:05 362496 ----a-w- C:\Windows\System32\wow64win.dll2012-08-18 15:43:05 243200 ----a-w- C:\Windows\System32\wow64.dll2012-08-18 15:43:05 13312 ----a-w- C:\Windows\System32\wow64cpu.dll2012-08-18 15:42:31 215040 ----a-w- C:\Windows\System32\winsrv.dll2012-08-18 15:40:26 16384 ----a-w- C:\Windows\System32\ntvdm64.dll2012-08-18 15:37:49 425984 ----a-w- C:\Windows\System32\KernelBase.dll2012-08-18 15:34:13 338432 ----a-w- C:\Windows\System32\conhost.exe2012-08-18 11:22:55 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll2012-08-18 11:19:45 44032 ----a-w- C:\Windows\apppatch\acwow64.dll2012-08-18 11:19:22 25600 ----a-w- C:\Windows\SysWow64\setup16.exe2012-08-18 11:17:56 5120 ----a-w- C:\Windows\SysWow64\wow32.dll2012-08-18 11:17:56 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll2012-08-18 09:12:09 7680 ----a-w- C:\Windows\SysWow64\instnm.exe2012-08-18 09:12:09 2048 ----a-w- C:\Windows\SysWow64\user.exe2012-08-18 09:07:02 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll2012-08-18 09:07:02 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll2012-08-18 09:07:02 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll2012-08-18 09:07:02 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll.============= FINISH: 19:16:15.16 ===============mbar log -Malwarebytes Anti-Rootkit 1.1.0.1009www.malwarebytes.orgDatabase version: v2012.11.14.07Windows 7 x64 NTFSInternet Explorer 9.0.8112.16421Drew :: DREW-PC [administrator]11/14/2012 7:10:23 PMmbar-log-2012-11-14 (19-10-23).txtScan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/ShurikenScan options disabled: PUP | PUM | P2PObjects scanned: 26908Time elapsed: 5 minute(s), 17 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)mbar log 2 ----------------------------------------Malwarebytes Anti-Rootkit BETA 1.01.0.1009© Malwarebytes Corporation 2011-2012OS version: 6.1.7600 Windows 7 x64Account is AdministrativeInternet Explorer version: 9.0.8112.16421Java version: 1.6.0_37File system is: NTFSDisk drives: C:\ DRIVE_FIXED, Q:\ DRIVE_FIXEDCPU speed: 2.812000 GHzMemory total: 8589070336, free: 6614851584------------ Kernel report ------------ 11/14/2012 19:04:21------------ Loaded modules -----------\SystemRoot\system32\ntoskrnl.exe\SystemRoot\system32\hal.dll\SystemRoot\system32\kdcom.dll\SystemRoot\system32\mcupdate_AuthenticAMD.dll\SystemRoot\system32\PSHED.dll\SystemRoot\system32\CLFS.SYS\SystemRoot\system32\CI.dll\SystemRoot\system32\drivers\Wdf01000.sys\SystemRoot\system32\drivers\WDFLDR.SYS\SystemRoot\system32\DRIVERS\ACPI.sys\SystemRoot\system32\DRIVERS\WMILIB.SYS\SystemRoot\system32\DRIVERS\msisadrv.sys\SystemRoot\system32\DRIVERS\pci.sys\SystemRoot\system32\DRIVERS\vdrvroot.sys\SystemRoot\System32\drivers\partmgr.sys\SystemRoot\system32\DRIVERS\volmgr.sys\SystemRoot\System32\drivers\volmgrx.sys\SystemRoot\system32\DRIVERS\pciide.sys\SystemRoot\system32\DRIVERS\PCIIDEX.SYS\SystemRoot\System32\drivers\mountmgr.sys\SystemRoot\system32\DRIVERS\atapi.sys\SystemRoot\system32\DRIVERS\ataport.SYS\SystemRoot\system32\drivers\amdxata.sys\SystemRoot\system32\drivers\fltmgr.sys\SystemRoot\system32\drivers\fileinfo.sys\SystemRoot\System32\Drivers\Ntfs.sys\SystemRoot\System32\Drivers\msrpc.sys\SystemRoot\System32\Drivers\ksecdd.sys\SystemRoot\System32\Drivers\cng.sys\SystemRoot\System32\drivers\pcw.sys\SystemRoot\System32\Drivers\Fs_Rec.sys\SystemRoot\system32\drivers\ndis.sys\SystemRoot\system32\drivers\NETIO.SYS\SystemRoot\System32\Drivers\ksecpkg.sys\SystemRoot\System32\drivers\tcpip.sys\SystemRoot\System32\drivers\fwpkclnt.sys\SystemRoot\system32\DRIVERS\scmndisp.sys\SystemRoot\system32\DRIVERS\volsnap.sys\SystemRoot\System32\Drivers\spldr.sys\SystemRoot\System32\drivers\rdyboost.sys\SystemRoot\System32\Drivers\mup.sys\SystemRoot\System32\drivers\hwpolicy.sys\SystemRoot\System32\DRIVERS\fvevol.sys\SystemRoot\system32\DRIVERS\disk.sys\SystemRoot\system32\DRIVERS\CLASSPNP.SYS\SystemRoot\system32\DRIVERS\AtiPcie.sys\SystemRoot\system32\DRIVERS\cdrom.sys\SystemRoot\System32\Drivers\Null.SYS\SystemRoot\System32\Drivers\Beep.SYS\SystemRoot\System32\drivers\vga.sys\SystemRoot\System32\drivers\VIDEOPRT.SYS\SystemRoot\System32\drivers\watchdog.sys\SystemRoot\System32\DRIVERS\RDPCDD.sys\SystemRoot\system32\drivers\rdpencdd.sys\SystemRoot\system32\drivers\rdprefmp.sys\SystemRoot\System32\Drivers\Msfs.SYS\SystemRoot\System32\Drivers\Npfs.SYS\SystemRoot\system32\DRIVERS\tdx.sys\SystemRoot\system32\DRIVERS\TDI.SYS\SystemRoot\system32\drivers\afd.sys\SystemRoot\System32\DRIVERS\netbt.sys\SystemRoot\system32\drivers\ws2ifsl.sys\SystemRoot\system32\DRIVERS\wfplwf.sys\SystemRoot\system32\DRIVERS\pacer.sys\SystemRoot\system32\DRIVERS\vwififlt.sys\SystemRoot\system32\DRIVERS\netbios.sys\SystemRoot\system32\DRIVERS\wanarp.sys\SystemRoot\system32\DRIVERS\termdd.sys\SystemRoot\system32\DRIVERS\rdbss.sys\SystemRoot\system32\drivers\nsiproxy.sys\SystemRoot\system32\DRIVERS\mssmbios.sys\SystemRoot\System32\drivers\discache.sys\SystemRoot\System32\Drivers\dfsc.sys\SystemRoot\system32\DRIVERS\blbdrive.sys\SystemRoot\SysWow64\drivers\AsUpIO.sys\SystemRoot\SysWow64\drivers\AsIO.sys\SystemRoot\system32\DRIVERS\tunnel.sys\SystemRoot\system32\DRIVERS\amdppm.sys\SystemRoot\system32\DRIVERS\nvlddmkm.sys\SystemRoot\System32\Drivers\nvBridge.kmd\SystemRoot\System32\drivers\dxgkrnl.sys\SystemRoot\System32\drivers\dxgmms1.sys\SystemRoot\system32\DRIVERS\HDAudBus.sys\SystemRoot\system32\DRIVERS\Rt64win7.sys\SystemRoot\system32\DRIVERS\usbohci.sys\SystemRoot\system32\DRIVERS\USBPORT.SYS\SystemRoot\system32\DRIVERS\usbfilter.sys\SystemRoot\system32\DRIVERS\usbehci.sys\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys\SystemRoot\system32\DRIVERS\ASACPI.sys\SystemRoot\system32\DRIVERS\wmiacpi.sys\SystemRoot\system32\DRIVERS\CompositeBus.sys\SystemRoot\system32\DRIVERS\AgileVpn.sys\SystemRoot\system32\DRIVERS\rasl2tp.sys\SystemRoot\system32\DRIVERS\ndistapi.sys\SystemRoot\system32\DRIVERS\ndiswan.sys\SystemRoot\system32\DRIVERS\raspppoe.sys\SystemRoot\system32\DRIVERS\raspptp.sys\SystemRoot\system32\DRIVERS\rassstp.sys\SystemRoot\system32\DRIVERS\kbdclass.sys\SystemRoot\system32\DRIVERS\mouclass.sys\SystemRoot\system32\DRIVERS\swenum.sys\SystemRoot\system32\DRIVERS\ks.sys\SystemRoot\system32\DRIVERS\umbus.sys\SystemRoot\system32\DRIVERS\usbhub.sys\SystemRoot\System32\Drivers\NDProxy.SYS\SystemRoot\system32\drivers\nvhda64v.sys\SystemRoot\system32\drivers\portcls.sys\SystemRoot\system32\drivers\drmk.sys\SystemRoot\system32\drivers\ksthunk.sys\SystemRoot\system32\drivers\viahduaa.sys\SystemRoot\System32\win32k.sys\SystemRoot\System32\drivers\Dxapi.sys\SystemRoot\System32\Drivers\crashdmp.sys\SystemRoot\System32\Drivers\dump_dumpata.sys\SystemRoot\System32\Drivers\dump_atapi.sys\SystemRoot\System32\Drivers\dump_dumpfve.sys\SystemRoot\system32\DRIVERS\USBSTOR.SYS\SystemRoot\system32\DRIVERS\USBD.SYS\SystemRoot\system32\DRIVERS\usbccgp.sys\SystemRoot\system32\DRIVERS\dc3d.sys\SystemRoot\system32\DRIVERS\HIDPARSE.SYS\SystemRoot\system32\DRIVERS\hidusb.sys\SystemRoot\system32\DRIVERS\HIDCLASS.SYS\SystemRoot\system32\DRIVERS\kbdhid.sys\SystemRoot\system32\DRIVERS\mouhid.sys\SystemRoot\system32\DRIVERS\point64k.sys\SystemRoot\System32\TSDDD.dll\SystemRoot\System32\cdd.dll\SystemRoot\System32\ATMFD.DLL\SystemRoot\system32\drivers\luafv.sys\SystemRoot\system32\DRIVERS\Sftvollh.sys\SystemRoot\system32\drivers\WudfPf.sys\SystemRoot\system32\DRIVERS\lltdio.sys\SystemRoot\system32\DRIVERS\nwifi.sys\SystemRoot\system32\DRIVERS\ndisuio.sys\SystemRoot\system32\DRIVERS\rspndr.sys\SystemRoot\system32\drivers\HTTP.sys\SystemRoot\system32\DRIVERS\bowser.sys\SystemRoot\System32\drivers\mpsdrv.sys\SystemRoot\system32\DRIVERS\mrxsmb.sys\SystemRoot\system32\DRIVERS\mrxsmb10.sys\SystemRoot\system32\DRIVERS\mrxsmb20.sys\SystemRoot\system32\drivers\peauth.sys\SystemRoot\System32\Drivers\secdrv.SYS\SystemRoot\system32\DRIVERS\Sftfslh.sys\SystemRoot\system32\DRIVERS\Sftplaylh.sys\SystemRoot\System32\DRIVERS\srvnet.sys\SystemRoot\System32\drivers\tcpipreg.sys\SystemRoot\System32\DRIVERS\srv2.sys\SystemRoot\System32\DRIVERS\srv.sys\SystemRoot\system32\DRIVERS\Sftredirlh.sys\SystemRoot\system32\DRIVERS\WUDFRd.sys\SystemRoot\system32\DRIVERS\asyncmac.sys\SystemRoot\system32\DRIVERS\monitor.sys\??\C:\Windows\system32\drivers\mbamchameleon.sys\??\C:\Windows\system32\drivers\mbamswissarmy.sys\Windows\System32\ntdll.dll\Windows\System32\smss.exe\Windows\System32\apisetschema.dll\Windows\System32\autochk.exe\Windows\System32\msvcrt.dll\Windows\System32\wininet.dll\Windows\System32\setupapi.dll\Windows\System32\gdi32.dll\Windows\System32\comdlg32.dll\Windows\System32\kernel32.dll\Windows\System32\usp10.dll\Windows\System32\iertutil.dll\Windows\System32\user32.dll\Windows\System32\normaliz.dll\Windows\System32\Wldap32.dll\Windows\System32\clbcatq.dll\Windows\System32\ws2_32.dll\Windows\System32\shell32.dll\Windows\System32\lpk.dll\Windows\System32\nsi.dll\Windows\System32\msctf.dll\Windows\System32\difxapi.dll\Windows\System32\rpcrt4.dll\Windows\System32\ole32.dll\Windows\System32\urlmon.dll\Windows\System32\psapi.dll\Windows\System32\imm32.dll\Windows\System32\advapi32.dll\Windows\System32\imagehlp.dll\Windows\System32\shlwapi.dll\Windows\System32\sechost.dll\Windows\System32\oleaut32.dll\Windows\System32\devobj.dll\Windows\System32\cfgmgr32.dll\Windows\System32\comctl32.dll\Windows\System32\crypt32.dll\Windows\System32\KernelBase.dll\Windows\System32\wintrust.dll\Windows\System32\msasn1.dll----------- End -----------<<<1>>>Upper Device Name: \Device\Harddisk1\DR6Upper Device Object: 0xfffffa800701d310Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\000000af\Lower Device Object: 0xfffffa800a421750Lower Device Driver Name: \Driver\USBSTOR\Driver name found: USBSTORDriverEntry returned 0x0Function returned 0x0<<<1>>>Upper Device Name: \Device\Harddisk5\DR5Upper Device Object: 0xfffffa8008fe6790Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\00000087\Lower Device Object: 0xfffffa8008fd5b60Lower Device Driver Name: \Driver\USBSTOR\Driver name found: USBSTOR<<<1>>>Upper Device Name: \Device\Harddisk4\DR4Upper Device Object: 0xfffffa8008fe5790Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\00000086\Lower Device Object: 0xfffffa8008fdc060Lower Device Driver Name: \Driver\USBSTOR\Driver name found: USBSTOR<<<1>>>Upper Device Name: \Device\Harddisk3\DR3Upper Device Object: 0xfffffa8008fe4790Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\00000085\Lower Device Object: 0xfffffa8008fbc060Lower Device Driver Name: \Driver\USBSTOR\Driver name found: USBSTOR<<<1>>>Upper Device Name: \Device\Harddisk2\DR2Upper Device Object: 0xfffffa8008fe3510Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\00000084\Lower Device Object: 0xfffffa8008fd4060Lower Device Driver Name: \Driver\USBSTOR\Driver name found: USBSTOR<<<1>>>Upper Device Name: \Device\Harddisk0\DR0Upper Device Object: 0xfffffa80078b6060Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\Lower Device Object: 0xfffffa80078a6060Lower Device Driver Name: \Driver\atapi\Driver name found: atapiDriverEntry returned 0x0Function returned 0x0Downloaded database version: v2012.11.14.07Downloaded database version: v2012.11.12.01Initializing...Done!Scanning directory: C:\Windows\system32\drivers...<<<2>>>Device number: 0, partition: 2Physical Sector Size: 512Drive: 0, DevicePointer: 0xfffffa80078b6060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xfffffa80078b6a50, DeviceName: Unknown, DriverName: \Driver\partmgr\DevicePointer: 0xfffffa80078b6060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\DevicePointer: 0xfffffa800789f440, DeviceName: Unknown, DriverName: \Driver\ACPI\DevicePointer: 0xfffffa80078a6060, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\------------ End ----------Upper DeviceData: 0xfffff8a00e9ca060, 0xfffffa80078b6060, 0xfffffa800a95e5c0Lower DeviceData: 0xfffff8a003c5da80, 0xfffffa80078a6060, 0xfffffa8008ab5460<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesDone!Drive 0Scanning MBR on drive 0...Inspecting partition table:MBR Signature: 55AADisk Signature: CB5BD2B2Partition information: Partition 0 type is Other (0x1b) Partition is NOT ACTIVE. Partition starts at LBA: 2048 Numsec = 38961152 Partition 1 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 38963200 Numsec = 1426182144 Partition file system is NTFS Partition is bootable Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0Disk Size: 750156374016 bytesSector size: 512 bytesScanning physical sectors of unpartitioned space on drive 0 (1-2047-1465129168-1465149168)...Physical Sector Size: 0Drive: 1, DevicePointer: 0xfffffa800701d310, DeviceName: \Device\Harddisk1\DR6\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xfffffa8006f6d040, DeviceName: Unknown, DriverName: \Driver\partmgr\DevicePointer: 0xfffffa800701d310, DeviceName: \Device\Harddisk1\DR6\, DriverName: \Driver\Disk\DevicePointer: 0xfffffa8007b663b0, DeviceName: Unknown, DriverName: \Driver\usbfilter\DevicePointer: 0xfffffa800a421750, DeviceName: \Device\000000af\, DriverName: \Driver\USBSTOR\------------ End ----------Physical Sector Size: 0Drive: 2, DevicePointer: 0xfffffa8008fe3510, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xfffffa8008fe4040, DeviceName: Unknown, DriverName: \Driver\partmgr\DevicePointer: 0xfffffa8008fe3510, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\DevicePointer: 0xfffffa8008fbc5e0, DeviceName: Unknown, DriverName: \Driver\usbfilter\DevicePointer: 0xfffffa8008fd4060, DeviceName: \Device\00000084\, DriverName: \Driver\USBSTOR\------------ End ----------Physical Sector Size: 0Drive: 3, DevicePointer: 0xfffffa8008fe4790, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xfffffa8008fe5040, DeviceName: Unknown, DriverName: \Driver\partmgr\DevicePointer: 0xfffffa8008fe4790, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\DevicePointer: 0xfffffa8008fd9ab0, DeviceName: Unknown, DriverName: \Driver\usbfilter\DevicePointer: 0xfffffa8008fbc060, DeviceName: \Device\00000085\, DriverName: \Driver\USBSTOR\------------ End ----------Physical Sector Size: 0Drive: 4, DevicePointer: 0xfffffa8008fe5790, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xfffffa8008fe6040, DeviceName: Unknown, DriverName: \Driver\partmgr\DevicePointer: 0xfffffa8008fe5790, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\DevicePointer: 0xfffffa8008fdcbf0, DeviceName: Unknown, DriverName: \Driver\usbfilter\DevicePointer: 0xfffffa8008fdc060, DeviceName: \Device\00000086\, DriverName: \Driver\USBSTOR\------------ End ----------Physical Sector Size: 0Drive: 5, DevicePointer: 0xfffffa8008fe6790, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xfffffa8008fe7040, DeviceName: Unknown, DriverName: \Driver\partmgr\DevicePointer: 0xfffffa8008fe6790, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\DevicePointer: 0xfffffa8008fdc7a0, DeviceName: Unknown, DriverName: \Driver\usbfilter\DevicePointer: 0xfffffa8008fd5b60, DeviceName: \Device\00000087\, DriverName: \Driver\USBSTOR\------------ End ----------Done!Performing system, memory and registry scan...Infected: C:\Windows\Installer\AMDEx3.msi --> [Malware.Generic]Read File: File "C:\ProgramData\{FBF3739B-717D-4429-BCEB-98D514E65F29}\Best Buy pc app Setup.dat" is compressed (flags = 1)Read File: File "C:\ProgramData\{FBF3739B-717D-4429-BCEB-98D514E65F29}\instance.dat" is compressed (flags = 1)Infected: C:\Users\Drew\Favorites\FREE PORN! FREE SEX! Perfect Girls Tube - 100 000 porn movies online.url --> [Rogue.Link]Done!Scan finishedCreating System Restore point...Scheduling clean up...<<<2>>>Device number: 0, partition: 2<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesRemoval scheduling successful. System shutdown needed.System shutdown occured=======================================---------------------------------------Malwarebytes Anti-Rootkit BETA 1.01.0.1009© Malwarebytes Corporation 2011-2012OS version: 6.1.7600 Windows 7 x64Account is AdministrativeInternet Explorer version: 9.0.8112.16421Java version: 1.6.0_37File system is: NTFSDisk drives: C:\ DRIVE_FIXED, Q:\ DRIVE_FIXEDCPU speed: 2.812000 GHzMemory total: 8589070336, free: 7583887360JRT log -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 3.0.9 (11.13.2012)OS: Windows 7 Home Premium x64Ran by Drew on Wed 11/14/2012 at 18:58:09.53Blog: http://thisisudax.blogspot.com~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Services~~~ Registry ValuesSuccessfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{ef99bd32-c1fb-11d2-892f-0090271d4f88}Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{d4027c7f-154a-4066-a1ad-4243d8127440}~~~ Registry KeysSuccessfully deleted: [Registry Key] hkey_classes_root\clsid\{ef99bd32-c1fb-11d2-892f-0090271d4f88}Successfully deleted: [Registry Key] hkey_classes_root\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}Successfully deleted: [Registry Key] hkey_classes_root\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{d4027c7f-154a-4066-a1ad-4243d8127440}Successfully deleted: [Registry Key] "hkey_current_user\software\ask.com"Successfully deleted: [Registry Key] "hkey_local_machine\software\apn"Successfully deleted: [Registry Key] "hkey_local_machine\software\asktoolbar"Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\appid\genericasktoolbar.dll"~~~ FilesSuccessfully deleted: [File] C:\eula.1028.txtSuccessfully deleted: [File] C:\eula.1031.txtSuccessfully deleted: [File] C:\eula.1033.txtSuccessfully deleted: [File] C:\eula.1036.txtSuccessfully deleted: [File] C:\eula.1040.txtSuccessfully deleted: [File] C:\eula.1041.txtSuccessfully deleted: [File] C:\eula.1042.txtSuccessfully deleted: [File] C:\eula.2052.txtSuccessfully deleted: [File] C:\install.res.1028.dllSuccessfully deleted: [File] C:\install.res.1031.dllSuccessfully deleted: [File] C:\install.res.1033.dllSuccessfully deleted: [File] C:\install.res.1036.dllSuccessfully deleted: [File] C:\install.res.1040.dllSuccessfully deleted: [File] C:\install.res.1041.dllSuccessfully deleted: [File] C:\install.res.1042.dllSuccessfully deleted: [File] C:\install.res.2052.dllSuccessfully deleted: [File] C:\install.res.3082.dllSuccessfully deleted: [File] "C:\users\default user\start menu\programs\startup\best buy pc app.lnk"~~~ FoldersSuccessfully deleted: [Folder] "C:\ProgramData\best buy pc app"Successfully deleted: [Folder] "C:\Users\Drew\appdata\local\best buy pc app"Successfully deleted: [Folder] "C:\Users\Drew\appdata\locallow\playready"~~~ Event Viewer Logs were cleared~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on Wed 11/14/2012 at 19:01:59.35End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~I believe I completed everything asked. Please let me know if I missed something. Link to post Share on other sites More sharing options...
Maniac Posted November 15, 2012 ID:613493 Share Posted November 15, 2012 Good! Any progress? Link to post Share on other sites More sharing options...
ravenschyld Posted November 15, 2012 Author ID:613627 Share Posted November 15, 2012 So far, no more blue screens, so all is running good. One other question though, could you recomend a good free AV that I could get ahold of? Link to post Share on other sites More sharing options...
Maniac Posted November 16, 2012 ID:613779 Share Posted November 16, 2012 Glad I could help!Good free antivirus solutions are Microsoft Security Essentials and avast! Anti-Virus.Please manually delete Junkware Removal Tool and DDS.Some malware prevention tips:users.telenet.be/bluepatchy/miekiemoes/prevention.htmlSafe surfing! Link to post Share on other sites More sharing options...
ravenschyld Posted November 17, 2012 Author ID:614045 Share Posted November 17, 2012 I do appreciate all the help, but since I got your response, it has gotten worse. I got about 5 BS in about 20 mins. and now i cannot even logon to that comp. I keep getting the windows startup repair, and it runs, but cannot fix the problem. This is what i get, ( I wrote it down so I could let you see it and see if there is anything I can do.)Problem Event Name: StartupRepaiOfflineProblem Signature 01: 6.1.7600.16385Problem Singature 02: 6.1.7600.16385Problem Signature 03: unknownProblem Signature 04: 77Problem Signature 05: AutoFailOverProblem Signature 06: 1Problem Signature 07: MissingOSLoaderOSVersion: Link to post Share on other sites More sharing options...
ravenschyld Posted November 17, 2012 Author ID:614046 Share Posted November 17, 2012 OSVersion: 6.1.7600.2.0.0.265.1LocaleID: 1033sorry it got split into 2 posts, accidentally hit the wrong button and don't know how to go back and edit the other post.Not sure if this will help or if there is anything that can be done at this point, but any and all help will be greatly appreciated! Link to post Share on other sites More sharing options...
Maniac Posted November 19, 2012 ID:614762 Share Posted November 19, 2012 Note: Please do not run this tool without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look herePlease visit this webpage for download links, and instructions for running the tool:http://www.bleepingc...to-use-combofix* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.Please post the C:\ComboFix.txt in your next reply for further review.Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error. Link to post Share on other sites More sharing options...
LDTate Posted November 27, 2012 ID:617714 Share Posted November 27, 2012 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts