Jump to content

svchost.exe trojan


Recommended Posts

Hi, my computer seems to be infected with this svchost.exe trojan. Every 15 or so seconds I get a pop-up from malwarebytes telling me that it has stopped and quarantined it. When I run a malwarebytes scan it doesnt find anything and when I click on the quarantine tab it freezes and closes saying it is not responding. If I run an eset scan it seems to find it but it doesn't delete it. Also I'm not sure if it means anything but today when I turned my computer on it blue screened. Any help would be appreciated, thanks.

Link to post
Share on other sites

  • Replies 50
  • Created
  • Last Reply

Top Posters In This Topic

  • Staff

Let's get some diagnostic scans first before we fix anything.

Please do the following:

Please download DDS from either of these links

LINK 1

LINK 2

and save it to your desktop.

  • Disable any script blocking protection
  • Double click dds to run the tool.
  • When done, two DDS.txt's will open.
  • Save both reports to your desktop.

---------------------------------------------------

Please include the contents of the following in your next reply:

DDS.txt

Attach.txt.

NEXT

Please download aswMBR to your desktop.

  • Double click the aswMBR.exe icon to run it
  • When asked if you want to download Avast's virus definitions please select Yes.
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.
  • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well

Link to post
Share on other sites

Thanks for the help, here is the DDS log, I'll put the attach log as an attachment.

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16457

Run by Chappy at 16:52:25 on 2013-01-01

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8055.5411 [GMT -8:00]

.

AV: ESET NOD32 Antivirus 5.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}

SP: ESET NOD32 Antivirus 5.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Program Files\Dell\DellDock\DockLogin.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\system32\Dwm.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE

C:\Windows\System32\WUDFHost.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Program Files (x86)\Logitech\Vid HD\Vid.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe

C:\Program Files (x86)\Steam\Steam.exe

C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe

C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe

C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe

C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe

C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxps://www.google.com/

mWinlogon: Userinit = userinit.exe,

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: ooVoo Toolbar Helper: {92B514FD-A316-4736-99EB-2A6532D02E7D} - LocalServer32 - <no file>

BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll

BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} -

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: PricePeep: {FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} - C:\Program Files (x86)\PricePeep\pricepeep.dll

BHO: SimpleAdblock Class: {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files (x86)\Common Files\Simple Adblock\SimpleAdblock.dll

TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} -

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -

TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

uRun: [Facebook Update] "C:\Users\Chappy\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver

uRun: [Logitech Vid] "C:\Program Files (x86)\Logitech\Vid HD\Vid.exe" -bootmode

uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe

uRun: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent

mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m

mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"

mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"

mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide

mRun: [ooVooToolbarHelper] "C:\Program Files (x86)\ooVoo Toolbar\ToolbarHelper.exe"

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"

dRun: [ElevatedDiagnostics] rundll32.exe "C:\Users\Chappy\AppData\Local\ESET\ElevatedDiagnostics\htphcrjz.dll",DllRegisterServerW

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

uPolicies-Explorer: HideSCAHealth = dword:1

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:0

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableLUA = dword:0

mPolicies-System: EnableUIADesktopToggle = dword:0

mPolicies-System: PromptOnSecureDesktop = dword:0

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

LSP: mswsock.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

TCP: NameServer = 209.18.47.61 209.18.47.62 192.168.1.1

TCP: Interfaces\{8F26CEFC-06C2-4897-A737-0B0FADE93A20} : DHCPNameServer = 209.18.47.61 209.18.47.62 192.168.1.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SSODL: WebCheck - <orphaned>

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL

x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL

x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

x64-BHO: SimpleAdblock Class: {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files (x86)\Common Files\Simple Adblock\SimpleAdblockx64.dll

x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

x64-Run: [intelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"

x64-Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice

x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

x64-DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

x64-Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - <orphaned>

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll

x64-SSODL: WebCheck - <orphaned>

x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL

.

============= SERVICES / DRIVERS ===============

.

R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]

R2 eamonm;eamonm;C:\Windows\System32\drivers\eamonm.sys [2011-8-9 202576]

R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-9-22 974944]

R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-17 398184]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-17 682344]

R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-4-19 1692480]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-11-30 382824]

R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-8-19 450848]

R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE [2012-6-11 240208]

R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-4-19 56344]

R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2010-4-19 321064]

R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-8-14 24176]

S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE [2012-6-11 193616]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 epfwwfpr;epfwwfpr;C:\Windows\System32\drivers\epfwwfpr.sys [2011-8-4 137144]

S2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.12.27\SymcPCCULaunchSvc.exe /s --> C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.12.27\SymcPCCULaunchSvc.exe [?]

S2 PCCUJobMgr;Common Client Job Manager Service;"C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.12.27\ccSvcHst.exe" /s "PCCUJobMgr" /m "C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.12.27\diMaster.dll" /prefetch:1 --> C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.12.27\ccSvcHst.exe [?]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-3 160944]

S2 Updater Service for ooVoo Toolbar;Updater Service for ooVoo Toolbar;C:\Program Files (x86)\ooVoo Toolbar\ToolbarUpdaterService.exe --> C:\Program Files (x86)\ooVoo Toolbar\ToolbarUpdaterService.exe [?]

S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2011-4-18 48488]

S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]

S3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\System32\drivers\LVPr2M64.sys [2010-5-7 30304]

S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2011-8-19 351136]

S3 LVUVC64;Logitech HD Webcam C310(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2011-8-19 4869024]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-25 59392]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-5-22 1255736]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2013-01-01 02:15:58 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui

2013-01-01 02:15:57 9728 ----a-w- C:\Windows\System32\Wdfres.dll

2013-01-01 02:15:57 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys

2013-01-01 02:15:57 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys

2013-01-01 02:07:57 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll

2013-01-01 02:07:56 46080 ----a-w- C:\Windows\System32\atmlib.dll

2013-01-01 02:07:56 367616 ----a-w- C:\Windows\System32\atmfd.dll

2013-01-01 02:07:55 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll

2013-01-01 02:07:41 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys

2013-01-01 02:07:41 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll

2013-01-01 02:07:41 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys

2013-01-01 02:07:40 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll

2013-01-01 02:07:40 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll

2013-01-01 02:07:39 744448 ----a-w- C:\Windows\System32\WUDFx.dll

2013-01-01 02:07:39 229888 ----a-w- C:\Windows\System32\WUDFHost.exe

2013-01-01 02:02:57 478208 ----a-w- C:\Windows\System32\dpnet.dll

2013-01-01 02:02:57 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll

2013-01-01 02:02:55 3149824 ----a-w- C:\Windows\System32\win32k.sys

2013-01-01 02:00:37 95744 ----a-w- C:\Windows\System32\synceng.dll

2013-01-01 02:00:37 78336 ----a-w- C:\Windows\SysWow64\synceng.dll

2012-12-28 12:04:42 -------- d-----w- C:\Users\Chappy\AppData\Local\Programs

2012-12-26 05:51:52 74072 ----a-w- C:\Windows\SysWow64\XAPOFX1_5.dll

2012-12-26 05:51:52 527192 ----a-w- C:\Windows\SysWow64\XAudio2_7.dll

2012-12-26 05:51:51 2106216 ----a-w- C:\Windows\SysWow64\D3DCompiler_43.dll

2012-12-26 05:51:50 248672 ----a-w- C:\Windows\SysWow64\d3dx11_43.dll

2012-12-26 05:51:50 22360 ----a-w- C:\Windows\SysWow64\X3DAudio1_7.dll

2012-12-26 05:51:50 1998168 ----a-w- C:\Windows\SysWow64\D3DX9_43.dll

2012-12-21 21:56:03 442368 ----a-r- C:\Windows\SysWow64\vp6vfw.dll

2012-12-21 06:54:39 -------- d-----w- C:\Users\Chappy\AppData\Local\DayZCommander

2012-12-21 06:54:11 -------- d-----w- C:\Program Files (x86)\Dotjosh Studios

2012-12-19 21:33:23 -------- d-----w- C:\Program Files\iPod

2012-12-19 21:33:20 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2012-12-19 21:33:20 -------- d-----w- C:\Program Files\iTunes

2012-12-19 21:33:20 -------- d-----w- C:\Program Files (x86)\iTunes

.

==================== Find3M ====================

.

2012-12-26 04:24:35 298280 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr

2012-12-26 04:24:35 298280 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe

2012-12-25 22:20:45 298280 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0

2012-12-15 00:49:28 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-12-11 21:30:30 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-12-11 21:30:30 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-12-01 06:43:52 438632 ----a-w- C:\Windows\SysWow64\nvStreaming.exe

2012-12-01 05:49:25 63336 ----a-w- C:\Windows\System32\nvshext.dll

2012-12-01 05:49:25 118120 ----a-w- C:\Windows\System32\nvmctray.dll

2012-12-01 05:49:24 890216 ----a-w- C:\Windows\System32\nvvsvc.exe

2012-12-01 05:48:41 6223208 ----a-w- C:\Windows\System32\nvcpl.dll

2012-12-01 05:48:37 3311464 ----a-w- C:\Windows\System32\nvsvc64.dll

2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll

2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll

2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-11-09 05:45:09 2048 ----a-w- C:\Windows\System32\tzres.dll

2012-11-09 04:42:49 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2012-10-16 08:38:37 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll

2012-10-16 08:38:34 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll

2012-10-16 07:39:52 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll

2012-10-15 02:41:54 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe

2012-10-15 02:31:47 3360624 ----a-w- C:\Windows\SysWow64\pbsvc.exe

2012-10-09 18:17:13 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll

2012-10-09 18:17:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll

2012-10-09 17:40:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll

2012-10-09 17:40:31 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll

2012-10-04 17:46:16 362496 ----a-w- C:\Windows\System32\wow64win.dll

2012-10-04 17:46:15 243200 ----a-w- C:\Windows\System32\wow64.dll

2012-10-04 17:46:15 13312 ----a-w- C:\Windows\System32\wow64cpu.dll

2012-10-04 17:45:55 215040 ----a-w- C:\Windows\System32\winsrv.dll

2012-10-04 17:43:28 16384 ----a-w- C:\Windows\System32\ntvdm64.dll

2012-10-04 17:41:16 424960 ----a-w- C:\Windows\System32\KernelBase.dll

2012-10-04 16:47:41 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2012-10-04 16:47:41 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll

2012-10-04 15:21:55 338432 ----a-w- C:\Windows\System32\conhost.exe

2012-10-04 14:46:46 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2012-10-04 14:46:46 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2012-10-04 14:46:44 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2012-10-04 14:46:43 2048 ----a-w- C:\Windows\SysWow64\user.exe

2012-10-04 14:41:50 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

2012-10-04 14:41:50 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

2012-10-04 14:41:50 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

2012-10-04 14:41:50 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

.

============= FINISH: 16:52:57.89 ===============

attach.txt

Link to post
Share on other sites

Nevermind! Was just being impatient, sorry about that. Tried it again and it worked, here is the log, will put the .dat file as an attachment.

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software

Run date: 2013-01-01 19:14:43

-----------------------------

19:14:43.958 OS Version: Windows x64 6.1.7601 Service Pack 1

19:14:43.958 Number of processors: 4 586 0x2502

19:14:43.958 ComputerName: KILLERHIPPO UserName: Chappy

19:14:46.238 Initialize success

19:14:55.022 AVAST engine defs: 13010101

19:14:58.820 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0

19:14:58.824 Disk 0 Vendor: ST31000528AS CC45 Size: 953869MB BusType: 3

19:14:58.827 Device \Driver\atapi -> MajorFunction fffffa80087355e8

19:14:58.829 Disk 0 MBR read successfully

19:14:58.831 Disk 0 MBR scan

19:14:58.835 Disk 0 Windows VISTA default MBR code

19:14:58.837 Disk 0 MBR hidden

19:14:58.839 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 298 MB offset 63

19:14:58.852 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 612352

19:14:58.861 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 938569 MB offset 31332352

19:14:58.878 Disk 0 scanning C:\Windows\system32\drivers

19:15:18.365 Service scanning

19:15:55.659 Modules scanning

19:15:55.678 Disk 0 trace - called modules:

19:15:55.682 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa80087355e8]<<

19:15:55.685 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007cda060]

19:15:55.688 3 CLASSPNP.SYS[fffff8800160143f] -> nt!IofCallDriver -> [0xfffffa8006bd1d10]

19:15:55.691 5 ACPI.sys[fffff8800118d7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80079f0060]

19:15:55.704 \Driver\atapi[0xfffffa800856f4d0] -> IRP_MJ_CREATE -> 0xfffffa80087355e8

19:15:57.388 AVAST engine scan C:\Windows

19:16:00.158 AVAST engine scan C:\Windows\system32

19:21:44.684 AVAST engine scan C:\Windows\system32\drivers

19:22:17.732 AVAST engine scan C:\Users\Chappy

19:30:17.093 AVAST engine scan C:\ProgramData

19:50:25.730 Scan finished successfully

19:51:19.825 Disk 0 MBR has been saved successfully to "C:\Users\Chappy\Desktop\MBR.dat"

19:51:19.842 The log file has been saved successfully to "C:\Users\Chappy\Desktop\aswMBR.txt"

MBR.zip

Link to post
Share on other sites

  • Staff

Please run the following:

Please download Malwarebytes Anti-Rootkit and save it to your desktop.

  • Be sure to print out and follow the instructions provided on that same page for performing a scan.
  • Caution: This is a beta version so also read the disclaimer and back up all your data before using.
  • When the scan completes, click on the Cleanup button to remove any threats found and reboot the computer if prompted to do so.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • If there are problems with Internet access, Windows Update, Windows Firewall or other system issues, run the fixdamage tool located in the folder Malwarebytes Anti-Rootkit was run from and reboot your computer.
  • Two files (mbar-log-YYYY-MM-DD, system-log.txt) will be created and saved within that same folder.
  • Copy and paste the contents of these two log files in your next reply.

Note: Further documentation can be found in the ReadMe.rtf file which is located in the Malwarebytes Anti-Rootkit folder.

Link to post
Share on other sites

mbar log

Malwarebytes Anti-Rootkit 1.01.0.1011

www.malwarebytes.org

Database version: v2013.01.02.10

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Chappy :: KILLERHIPPO [administrator]

1/2/2013 4:22:51 PM

mbar-log-2013-01-02 (16-22-51).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P

Scan options disabled:

Objects scanned: 30067

Time elapsed: 14 minute(s), 21 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 6

HKCR\Interface\HKLM\SOFTWARE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550055225558}\TypeLib (Adware.GamePlayLab) -> Delete on reboot.

HKCR\TypeLib\{44444444-4444-4444-4444-440044224458} (Adware.GamePlayLab) -> Delete on reboot.

HKLM\SOFTWARE\CLASSES\INTERFACE\HKLM\SOFTWARE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550055225558}\TypeLib (Adware.GamePlayLab) -> Delete on reboot.

HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\HKLM\SOFTWARE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550055225558}\TypeLib (Adware.GamePlayLab) -> Delete on reboot.

HKCU\SOFTWARE\CLASSES\INTERFACE\HKLM\SOFTWARE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550055225558}\TypeLib (Adware.GamePlayLab) -> Delete on reboot.

HKCU\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\HKLM\SOFTWARE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550055225558}\TypeLib (Adware.GamePlayLab) -> Delete on reboot.

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

system-log.txt

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.01.0.1011

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 9.0.8112.16421

Java version: 1.6.0_30

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED

CPU speed: 3.192000 GHz

Memory total: 8446402560, free: 6202155008

------------ Kernel report ------------

01/02/2013 15:15:50

------------ Loaded modules -----------

\SystemRoot\system32\ntoskrnl.exe

\SystemRoot\system32\hal.dll

\SystemRoot\system32\kdcom.dll

\SystemRoot\system32\mcupdate_GenuineIntel.dll

\SystemRoot\system32\PSHED.dll

\SystemRoot\system32\CLFS.SYS

\SystemRoot\system32\CI.dll

\SystemRoot\system32\drivers\Wdf01000.sys

\SystemRoot\system32\drivers\WDFLDR.SYS

\SystemRoot\system32\drivers\ACPI.sys

\SystemRoot\system32\drivers\WMILIB.SYS

\SystemRoot\system32\drivers\msisadrv.sys

\SystemRoot\system32\drivers\pci.sys

\SystemRoot\system32\drivers\vdrvroot.sys

\SystemRoot\System32\drivers\partmgr.sys

\SystemRoot\system32\drivers\volmgr.sys

\SystemRoot\System32\drivers\volmgrx.sys

\SystemRoot\system32\drivers\pciide.sys

\SystemRoot\system32\drivers\PCIIDEX.SYS

\SystemRoot\System32\drivers\mountmgr.sys

\SystemRoot\system32\drivers\atapi.sys

\SystemRoot\system32\drivers\ataport.SYS

\SystemRoot\system32\drivers\amdxata.sys

\SystemRoot\system32\drivers\fltmgr.sys

\SystemRoot\system32\drivers\fileinfo.sys

\SystemRoot\System32\Drivers\Ntfs.sys

\SystemRoot\System32\Drivers\msrpc.sys

\SystemRoot\System32\Drivers\ksecdd.sys

\SystemRoot\System32\Drivers\cng.sys

\SystemRoot\System32\drivers\pcw.sys

\SystemRoot\System32\Drivers\Fs_Rec.sys

\SystemRoot\system32\drivers\ndis.sys

\SystemRoot\system32\drivers\NETIO.SYS

\SystemRoot\System32\Drivers\ksecpkg.sys

\SystemRoot\System32\drivers\tcpip.sys

\SystemRoot\System32\drivers\fwpkclnt.sys

\SystemRoot\system32\drivers\volsnap.sys

\SystemRoot\System32\Drivers\spldr.sys

\SystemRoot\System32\drivers\rdyboost.sys

\SystemRoot\System32\Drivers\mup.sys

\SystemRoot\System32\drivers\hwpolicy.sys

\SystemRoot\System32\DRIVERS\fvevol.sys

\SystemRoot\system32\DRIVERS\disk.sys

\SystemRoot\system32\DRIVERS\CLASSPNP.SYS

\SystemRoot\system32\drivers\cdrom.sys

\SystemRoot\System32\Drivers\Null.SYS

\SystemRoot\System32\Drivers\Beep.SYS

\SystemRoot\system32\DRIVERS\ehdrv.sys

\SystemRoot\System32\drivers\vga.sys

\SystemRoot\System32\drivers\VIDEOPRT.SYS

\SystemRoot\System32\drivers\watchdog.sys

\SystemRoot\System32\DRIVERS\RDPCDD.sys

\SystemRoot\system32\drivers\rdpencdd.sys

\SystemRoot\system32\drivers\rdprefmp.sys

\SystemRoot\System32\Drivers\Msfs.SYS

\SystemRoot\System32\Drivers\Npfs.SYS

\SystemRoot\system32\DRIVERS\tdx.sys

\SystemRoot\system32\DRIVERS\TDI.SYS

\SystemRoot\system32\drivers\afd.sys

\SystemRoot\System32\DRIVERS\netbt.sys

\SystemRoot\system32\DRIVERS\wfplwf.sys

\SystemRoot\system32\DRIVERS\pacer.sys

\SystemRoot\system32\DRIVERS\vwififlt.sys

\SystemRoot\system32\DRIVERS\netbios.sys

\SystemRoot\system32\DRIVERS\wanarp.sys

\SystemRoot\system32\drivers\termdd.sys

\SystemRoot\system32\DRIVERS\rdbss.sys

\SystemRoot\system32\drivers\nsiproxy.sys

\SystemRoot\system32\drivers\mssmbios.sys

\SystemRoot\System32\drivers\discache.sys

\SystemRoot\System32\Drivers\dfsc.sys

\SystemRoot\system32\DRIVERS\blbdrive.sys

\SystemRoot\system32\DRIVERS\tunnel.sys

\SystemRoot\system32\DRIVERS\intelppm.sys

\SystemRoot\system32\DRIVERS\nvlddmkm.sys

\SystemRoot\System32\Drivers\nvBridge.kmd

\SystemRoot\System32\drivers\dxgkrnl.sys

\SystemRoot\System32\drivers\dxgmms1.sys

\SystemRoot\system32\drivers\HDAudBus.sys

\SystemRoot\system32\DRIVERS\HECIx64.sys

\SystemRoot\system32\drivers\usbehci.sys

\SystemRoot\system32\drivers\USBPORT.SYS

\SystemRoot\system32\DRIVERS\athrx.sys

\SystemRoot\system32\DRIVERS\vwifibus.sys

\SystemRoot\system32\DRIVERS\k57nd60a.sys

\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys

\SystemRoot\system32\drivers\CompositeBus.sys

\SystemRoot\system32\DRIVERS\AgileVpn.sys

\SystemRoot\system32\DRIVERS\rasl2tp.sys

\SystemRoot\system32\DRIVERS\ndistapi.sys

\SystemRoot\system32\DRIVERS\ndiswan.sys

\SystemRoot\system32\DRIVERS\raspppoe.sys

\SystemRoot\system32\DRIVERS\raspptp.sys

\SystemRoot\system32\DRIVERS\rassstp.sys

\SystemRoot\system32\DRIVERS\kbdclass.sys

\SystemRoot\system32\DRIVERS\mouclass.sys

\SystemRoot\system32\drivers\swenum.sys

\SystemRoot\system32\drivers\ks.sys

\SystemRoot\system32\drivers\umbus.sys

\SystemRoot\system32\DRIVERS\usbhub.sys

\SystemRoot\System32\Drivers\NDProxy.SYS

\SystemRoot\system32\drivers\nvhda64v.sys

\SystemRoot\system32\drivers\portcls.sys

\SystemRoot\system32\drivers\drmk.sys

\SystemRoot\system32\drivers\ksthunk.sys

\SystemRoot\system32\drivers\RTKVHD64.sys

\SystemRoot\system32\drivers\HdAudio.sys

\SystemRoot\system32\DRIVERS\hidusb.sys

\SystemRoot\system32\DRIVERS\HIDCLASS.SYS

\SystemRoot\system32\DRIVERS\HIDPARSE.SYS

\SystemRoot\system32\DRIVERS\USBD.SYS

\SystemRoot\system32\DRIVERS\kbdhid.sys

\SystemRoot\System32\win32k.sys

\SystemRoot\System32\drivers\Dxapi.sys

\SystemRoot\system32\DRIVERS\mouhid.sys

\SystemRoot\System32\Drivers\crashdmp.sys

\SystemRoot\System32\Drivers\dump_dumpata.sys

\SystemRoot\System32\Drivers\dump_atapi.sys

\SystemRoot\System32\Drivers\dump_dumpfve.sys

\SystemRoot\system32\drivers\USBSTOR.SYS

\SystemRoot\system32\DRIVERS\usbccgp.sys

\SystemRoot\system32\drivers\usbaudio.sys

\SystemRoot\system32\DRIVERS\monitor.sys

\SystemRoot\System32\TSDDD.dll

\SystemRoot\System32\cdd.dll

\SystemRoot\System32\ATMFD.DLL

\SystemRoot\system32\drivers\luafv.sys

\SystemRoot\system32\DRIVERS\eamonm.sys

\??\C:\Windows\system32\drivers\mbam.sys

\SystemRoot\system32\drivers\WudfPf.sys

\SystemRoot\system32\DRIVERS\lltdio.sys

\SystemRoot\system32\DRIVERS\nwifi.sys

\SystemRoot\system32\DRIVERS\ndisuio.sys

\SystemRoot\system32\DRIVERS\rspndr.sys

\SystemRoot\system32\DRIVERS\vwifimp.sys

\SystemRoot\system32\drivers\HTTP.sys

\SystemRoot\System32\DRIVERS\srvnet.sys

\SystemRoot\system32\DRIVERS\bowser.sys

\SystemRoot\system32\DRIVERS\mrxsmb.sys

\SystemRoot\system32\DRIVERS\mrxsmb10.sys

\SystemRoot\system32\DRIVERS\mrxsmb20.sys

\SystemRoot\System32\DRIVERS\srv2.sys

\SystemRoot\System32\DRIVERS\srv.sys

\SystemRoot\system32\drivers\peauth.sys

\SystemRoot\System32\Drivers\secdrv.SYS

\SystemRoot\System32\drivers\tcpipreg.sys

\SystemRoot\system32\DRIVERS\WUDFRd.sys

\SystemRoot\System32\Drivers\fastfat.SYS

\??\C:\Windows\system32\drivers\mbamchameleon.sys

\??\C:\Windows\system32\drivers\mbamswissarmy.sys

\Windows\System32\ntdll.dll

\Windows\System32\smss.exe

\Windows\System32\apisetschema.dll

\Windows\System32\autochk.exe

\Windows\System32\imagehlp.dll

\Windows\System32\msctf.dll

\Windows\System32\advapi32.dll

\Windows\System32\difxapi.dll

\Windows\System32\oleaut32.dll

\Windows\System32\setupapi.dll

\Windows\System32\ws2_32.dll

\Windows\System32\kernel32.dll

\Windows\System32\urlmon.dll

\Windows\System32\comdlg32.dll

\Windows\System32\shell32.dll

\Windows\System32\wininet.dll

\Windows\System32\clbcatq.dll

\Windows\System32\lpk.dll

\Windows\System32\imm32.dll

\Windows\System32\shlwapi.dll

\Windows\System32\nsi.dll

\Windows\System32\psapi.dll

\Windows\System32\ole32.dll

\Windows\System32\sechost.dll

\Windows\System32\Wldap32.dll

\Windows\System32\rpcrt4.dll

\Windows\System32\gdi32.dll

\Windows\System32\msvcrt.dll

\Windows\System32\user32.dll

\Windows\System32\usp10.dll

\Windows\System32\normaliz.dll

\Windows\System32\iertutil.dll

\Windows\System32\crypt32.dll

\Windows\System32\cfgmgr32.dll

\Windows\System32\wintrust.dll

\Windows\System32\comctl32.dll

\Windows\System32\KernelBase.dll

\Windows\System32\devobj.dll

\Windows\System32\msasn1.dll

\Windows\SysWOW64\normaliz.dll

----------- End -----------

<<<1>>>

Upper Device Name: \Device\Harddisk4\DR4

Upper Device Object: 0xfffffa800941d060

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\00000079\

Lower Device Object: 0xfffffa800941ab60

Lower Device Driver Name: \Driver\USBSTOR\

Driver name found: USBSTOR

DriverEntry returned 0x0

Function returned 0x0

<<<1>>>

Upper Device Name: \Device\Harddisk3\DR3

Upper Device Object: 0xfffffa800941c060

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\00000078\

Lower Device Object: 0xfffffa8009427b60

Lower Device Driver Name: \Driver\USBSTOR\

Driver name found: USBSTOR

<<<1>>>

Upper Device Name: \Device\Harddisk2\DR2

Upper Device Object: 0xfffffa800941b060

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\00000077\

Lower Device Object: 0xfffffa8009429b60

Lower Device Driver Name: \Driver\USBSTOR\

Driver name found: USBSTOR

<<<1>>>

Upper Device Name: \Device\Harddisk1\DR1

Upper Device Object: 0xfffffa800941a060

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\00000076\

Lower Device Object: 0xfffffa8006c530a0

Lower Device Driver Name: \Driver\USBSTOR\

Driver name found: USBSTOR

<<<1>>>

Upper Device Name: \Device\Harddisk0\DR0

Upper Device Object: 0xfffffa8007cd2060

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\

Lower Device Object: 0xfffffa80079ea060

Lower Device Driver Name: \00000436\

Driver name found: atapi

DriverEntry returned 0x0

Function returned 0x0

Downloaded database version: v2013.01.02.10

Downloaded database version: v2012.12.27.02

Initializing...

Done!

<<<2>>>

Device number: 0, partition: 3

Physical Sector Size: 512

Drive: 0, DevicePointer: 0xfffffa8007cd2060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa8007cd2b90, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa8007cd2060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa80079e5670, DeviceName: Unknown, DriverName: \Driver\ACPI\

DevicePointer: 0xfffffa80079ea060, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \00000436\

------------ End ----------

Upper DeviceData: 0xfffff8a0027135e0, 0xfffffa8007cd2060, 0xfffffa800b816790

Lower DeviceData: 0xfffff8a0049508d0, 0xfffffa80079ea060, 0xfffffa8009add810

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Scanning directory: C:\Windows\system32\drivers...

Done!

Drive 0

Scanning MBR on drive 0...

MBR buffers are not equal

MBR is forged! [4333f673a96dbe57f4d0023e55e5303d]

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: 57493372

Partition information:

Partition 0 type is Empty (0x0)

Partition is ACTIVE.

Partition starts at LBA: 50 Numsec = 0

Partition is not bootable

Infected: VBR on Empty active partition --> [Rootkit.Pihar.c.MBR]

Changing partition to empty and not active. New active partition is 1 on drive 0 ...

Partition 0 type is Other (0xde)

Partition is NOT ACTIVE.

Partition starts at LBA: 63 Numsec = 610407

Partition 1 type is Primary (0x7)

Partition is ACTIVE.

Partition starts at LBA: 612352 Numsec = 30720000

Partition file system is NTFS

Partition is bootable

Partition 2 type is Primary (0x7)

Partition is NOT ACTIVE.

Partition starts at LBA: 31332352 Numsec = 1922190768

Partition 3 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

MBR infection found on drive 0

Disk Size: 1000204886016 bytes

Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-49-1953505168-1953525168)...

Sector 1953524916 --> [Forged physical sector]

Sector 1953524917 --> [Forged physical sector]

Sector 1953524918 --> [Forged physical sector]

Sector 1953524919 --> [Forged physical sector]

Sector 1953524920 --> [Forged physical sector]

Sector 1953524921 --> [Forged physical sector]

Sector 1953524922 --> [Forged physical sector]

Sector 1953524923 --> [Forged physical sector]

Sector 1953524924 --> [Forged physical sector]

Sector 1953524925 --> [Forged physical sector]

Sector 1953524926 --> [Forged physical sector]

Sector 1953524927 --> [Forged physical sector]

Sector 1953524928 --> [Forged physical sector]

Sector 1953524929 --> [Forged physical sector]

Sector 1953524930 --> [Forged physical sector]

Sector 1953524931 --> [Forged physical sector]

Sector 1953524932 --> [Forged physical sector]

Sector 1953524933 --> [Forged physical sector]

Sector 1953524934 --> [Forged physical sector]

Sector 1953524935 --> [Forged physical sector]

Sector 1953524936 --> [Forged physical sector]

Sector 1953524937 --> [Forged physical sector]

Sector 1953524938 --> [Forged physical sector]

Sector 1953524939 --> [Forged physical sector]

Sector 1953524940 --> [Forged physical sector]

Sector 1953524941 --> [Forged physical sector]

Sector 1953524942 --> [Forged physical sector]

Sector 1953524943 --> [Forged physical sector]

Sector 1953524944 --> [Forged physical sector]

Sector 1953524945 --> [Forged physical sector]

Sector 1953524946 --> [Forged physical sector]

Sector 1953524947 --> [Forged physical sector]

Sector 1953524948 --> [Forged physical sector]

Sector 1953524949 --> [Forged physical sector]

Sector 1953524950 --> [Forged physical sector]

Sector 1953524951 --> [Forged physical sector]

Sector 1953524952 --> [Forged physical sector]

Sector 1953524953 --> [Forged physical sector]

Sector 1953524954 --> [Forged physical sector]

Sector 1953524955 --> [Forged physical sector]

Sector 1953524956 --> [Forged physical sector]

Sector 1953524957 --> [Forged physical sector]

Sector 1953524958 --> [Forged physical sector]

Sector 1953524959 --> [Forged physical sector]

Sector 1953524960 --> [Forged physical sector]

Sector 1953524961 --> [Forged physical sector]

Sector 1953524962 --> [Forged physical sector]

Sector 1953524963 --> [Forged physical sector]

Sector 1953524964 --> [Forged physical sector]

Sector 1953524965 --> [Forged physical sector]

Sector 1953524966 --> [Forged physical sector]

Sector 1953524967 --> [Forged physical sector]

Sector 1953524968 --> [Forged physical sector]

Sector 1953524969 --> [Forged physical sector]

Sector 1953524970 --> [Forged physical sector]

Sector 1953524971 --> [Forged physical sector]

Sector 1953524972 --> [Forged physical sector]

Sector 1953524973 --> [Forged physical sector]

Sector 1953524974 --> [Forged physical sector]

Sector 1953524975 --> [Forged physical sector]

Sector 1953524976 --> [Forged physical sector]

Sector 1953524977 --> [Forged physical sector]

Sector 1953524978 --> [Forged physical sector]

Sector 1953524979 --> [Forged physical sector]

Sector 1953524980 --> [Forged physical sector]

Sector 1953524981 --> [Forged physical sector]

Sector 1953524982 --> [Forged physical sector]

Sector 1953524983 --> [Forged physical sector]

Sector 1953524984 --> [Forged physical sector]

Sector 1953524985 --> [Forged physical sector]

Sector 1953524986 --> [Forged physical sector]

Sector 1953524987 --> [Forged physical sector]

Sector 1953524988 --> [Forged physical sector]

Sector 1953524989 --> [Forged physical sector]

Sector 1953524990 --> [Forged physical sector]

Sector 1953524991 --> [Forged physical sector]

Sector 1953524992 --> [Forged physical sector]

Sector 1953524993 --> [Forged physical sector]

Sector 1953524994 --> [Forged physical sector]

Sector 1953524995 --> [Forged physical sector]

Sector 1953524996 --> [Forged physical sector]

Sector 1953524997 --> [Forged physical sector]

Sector 1953524998 --> [Forged physical sector]

Sector 1953524999 --> [Forged physical sector]

Sector 1953525000 --> [Forged physical sector]

Sector 1953525001 --> [Forged physical sector]

Sector 1953525002 --> [Forged physical sector]

Sector 1953525003 --> [Forged physical sector]

Sector 1953525004 --> [Forged physical sector]

Sector 1953525005 --> [Forged physical sector]

Sector 1953525006 --> [Forged physical sector]

Sector 1953525007 --> [Forged physical sector]

Sector 1953525008 --> [Forged physical sector]

Sector 1953525009 --> [Forged physical sector]

Sector 1953525010 --> [Forged physical sector]

Sector 1953525011 --> [Forged physical sector]

Sector 1953525012 --> [Forged physical sector]

Sector 1953525013 --> [Forged physical sector]

Sector 1953525014 --> [Forged physical sector]

Sector 1953525015 --> [Forged physical sector]

Sector 1953525016 --> [Forged physical sector]

Sector 1953525017 --> [Forged physical sector]

Sector 1953525018 --> [Forged physical sector]

Sector 1953525019 --> [Forged physical sector]

Sector 1953525020 --> [Forged physical sector]

Sector 1953525021 --> [Forged physical sector]

Sector 1953525022 --> [Forged physical sector]

Sector 1953525023 --> [Forged physical sector]

Sector 1953525024 --> [Forged physical sector]

Sector 1953525025 --> [Forged physical sector]

Sector 1953525026 --> [Forged physical sector]

Sector 1953525027 --> [Forged physical sector]

Sector 1953525028 --> [Forged physical sector]

Sector 1953525029 --> [Forged physical sector]

Sector 1953525030 --> [Forged physical sector]

Sector 1953525031 --> [Forged physical sector]

Sector 1953525032 --> [Forged physical sector]

Sector 1953525033 --> [Forged physical sector]

Sector 1953525034 --> [Forged physical sector]

Sector 1953525035 --> [Forged physical sector]

Sector 1953525036 --> [Forged physical sector]

Sector 1953525037 --> [Forged physical sector]

Sector 1953525038 --> [Forged physical sector]

Sector 1953525039 --> [Forged physical sector]

Sector 1953525040 --> [Forged physical sector]

Sector 1953525041 --> [Forged physical sector]

Sector 1953525042 --> [Forged physical sector]

Sector 1953525043 --> [Forged physical sector]

Sector 1953525044 --> [Forged physical sector]

Sector 1953525045 --> [Forged physical sector]

Sector 1953525046 --> [Forged physical sector]

Sector 1953525047 --> [Forged physical sector]

Sector 1953525048 --> [Forged physical sector]

Sector 1953525049 --> [Forged physical sector]

Sector 1953525050 --> [Forged physical sector]

Sector 1953525051 --> [Forged physical sector]

Sector 1953525052 --> [Forged physical sector]

Sector 1953525053 --> [Forged physical sector]

Sector 1953525054 --> [Forged physical sector]

Sector 1953525055 --> [Forged physical sector]

Sector 1953525056 --> [Forged physical sector]

Sector 1953525057 --> [Forged physical sector]

Sector 1953525058 --> [Forged physical sector]

Sector 1953525059 --> [Forged physical sector]

Sector 1953525060 --> [Forged physical sector]

Sector 1953525061 --> [Forged physical sector]

Sector 1953525062 --> [Forged physical sector]

Sector 1953525063 --> [Forged physical sector]

Sector 1953525064 --> [Forged physical sector]

Sector 1953525065 --> [Forged physical sector]

Sector 1953525066 --> [Forged physical sector]

Sector 1953525067 --> [Forged physical sector]

Sector 1953525068 --> [Forged physical sector]

Sector 1953525069 --> [Forged physical sector]

Sector 1953525070 --> [Forged physical sector]

Sector 1953525071 --> [Forged physical sector]

Sector 1953525072 --> [Forged physical sector]

Sector 1953525073 --> [Forged physical sector]

Sector 1953525074 --> [Forged physical sector]

Sector 1953525075 --> [Forged physical sector]

Sector 1953525076 --> [Forged physical sector]

Sector 1953525077 --> [Forged physical sector]

Sector 1953525078 --> [Forged physical sector]

Sector 1953525079 --> [Forged physical sector]

Sector 1953525080 --> [Forged physical sector]

Sector 1953525081 --> [Forged physical sector]

Sector 1953525082 --> [Forged physical sector]

Sector 1953525083 --> [Forged physical sector]

Sector 1953525084 --> [Forged physical sector]

Sector 1953525085 --> [Forged physical sector]

Sector 1953525086 --> [Forged physical sector]

Sector 1953525087 --> [Forged physical sector]

Sector 1953525088 --> [Forged physical sector]

Sector 1953525089 --> [Forged physical sector]

Sector 1953525090 --> [Forged physical sector]

Sector 1953525091 --> [Forged physical sector]

Sector 1953525092 --> [Forged physical sector]

Sector 1953525093 --> [Forged physical sector]

Sector 1953525094 --> [Forged physical sector]

Sector 1953525095 --> [Forged physical sector]

Sector 1953525096 --> [Forged physical sector]

Sector 1953525097 --> [Forged physical sector]

Sector 1953525098 --> [Forged physical sector]

Sector 1953525099 --> [Forged physical sector]

Sector 1953525100 --> [Forged physical sector]

Sector 1953525101 --> [Forged physical sector]

Sector 1953525102 --> [Forged physical sector]

Sector 1953525103 --> [Forged physical sector]

Sector 1953525104 --> [Forged physical sector]

Sector 1953525105 --> [Forged physical sector]

Sector 1953525106 --> [Forged physical sector]

Sector 1953525107 --> [Forged physical sector]

Sector 1953525108 --> [Forged physical sector]

Sector 1953525109 --> [Forged physical sector]

Sector 1953525110 --> [Forged physical sector]

Sector 1953525111 --> [Forged physical sector]

Sector 1953525112 --> [Forged physical sector]

Sector 1953525113 --> [Forged physical sector]

Sector 1953525114 --> [Forged physical sector]

Sector 1953525115 --> [Forged physical sector]

Sector 1953525116 --> [Forged physical sector]

Sector 1953525117 --> [Forged physical sector]

Sector 1953525118 --> [Forged physical sector]

Sector 1953525119 --> [Forged physical sector]

Sector 1953525120 --> [Forged physical sector]

Sector 1953525121 --> [Forged physical sector]

Sector 1953525122 --> [Forged physical sector]

Sector 1953525123 --> [Forged physical sector]

Sector 1953525124 --> [Forged physical sector]

Sector 1953525125 --> [Forged physical sector]

Sector 1953525126 --> [Forged physical sector]

Sector 1953525127 --> [Forged physical sector]

Sector 1953525128 --> [Forged physical sector]

Sector 1953525129 --> [Forged physical sector]

Sector 1953525130 --> [Forged physical sector]

Sector 1953525131 --> [Forged physical sector]

Sector 1953525132 --> [Forged physical sector]

Sector 1953525133 --> [Forged physical sector]

Sector 1953525134 --> [Forged physical sector]

Sector 1953525135 --> [Forged physical sector]

Sector 1953525136 --> [Forged physical sector]

Sector 1953525137 --> [Forged physical sector]

Sector 1953525138 --> [Forged physical sector]

Sector 1953525139 --> [Forged physical sector]

Sector 1953525140 --> [Forged physical sector]

Sector 1953525141 --> [Forged physical sector]

Sector 1953525142 --> [Forged physical sector]

Sector 1953525143 --> [Forged physical sector]

Sector 1953525144 --> [Forged physical sector]

Sector 1953525145 --> [Forged physical sector]

Sector 1953525146 --> [Forged physical sector]

Sector 1953525147 --> [Forged physical sector]

Sector 1953525148 --> [Forged physical sector]

Sector 1953525149 --> [Forged physical sector]

Sector 1953525150 --> [Forged physical sector]

Sector 1953525151 --> [Forged physical sector]

Sector 1953525152 --> [Forged physical sector]

Sector 1953525153 --> [Forged physical sector]

Sector 1953525154 --> [Forged physical sector]

Sector 1953525155 --> [Forged physical sector]

Sector 1953525156 --> [Forged physical sector]

Sector 1953525157 --> [Forged physical sector]

Sector 1953525158 --> [Forged physical sector]

Sector 1953525159 --> [Forged physical sector]

Sector 1953525160 --> [Forged physical sector]

Sector 1953525161 --> [Forged physical sector]

Sector 1953525162 --> [Forged physical sector]

Sector 1953525163 --> [Forged physical sector]

Sector 1953525164 --> [Forged physical sector]

Sector 1953525165 --> [Forged physical sector]

Sector 1953525166 --> [Forged physical sector]

Sector 1953525167 --> [Forged physical sector]

Physical Sector Size: 0

Drive: 1, DevicePointer: 0xfffffa800941a060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa8009449b90, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa800941a060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa8006c530a0, DeviceName: \Device\00000076\, DriverName: \Driver\USBSTOR\

------------ End ----------

Physical Sector Size: 0

Drive: 2, DevicePointer: 0xfffffa800941b060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa800941bb90, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa800941b060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa8009429b60, DeviceName: \Device\00000077\, DriverName: \Driver\USBSTOR\

------------ End ----------

Physical Sector Size: 0

Drive: 3, DevicePointer: 0xfffffa800941c060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa800941cb90, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa800941c060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa8009427b60, DeviceName: \Device\00000078\, DriverName: \Driver\USBSTOR\

------------ End ----------

Physical Sector Size: 0

Drive: 4, DevicePointer: 0xfffffa800941d060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa800941db90, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa800941d060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa800941ab60, DeviceName: \Device\00000079\, DriverName: \Driver\USBSTOR\

------------ End ----------

Done!

Performing system, memory and registry scan...

Infected: HKCR\Interface\HKLM\SOFTWARE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550055225558}\TypeLib --> [Adware.GamePlayLab]

Infected: HKCR\TypeLib\{44444444-4444-4444-4444-440044224458} --> [Adware.GamePlayLab]

Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\HKLM\SOFTWARE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550055225558}\TypeLib --> [Adware.GamePlayLab]

Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\HKLM\SOFTWARE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550055225558}\TypeLib --> [Adware.GamePlayLab]

Infected: HKCU\SOFTWARE\CLASSES\INTERFACE\HKLM\SOFTWARE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550055225558}\TypeLib --> [Adware.GamePlayLab]

Infected: HKCU\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\HKLM\SOFTWARE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550055225558}\TypeLib --> [Adware.GamePlayLab]

Read File: File "C:\ProgramData\{D19C2D22-6043-47E7-B400-83A351841204}\delldock.dat" is compressed (flags = 1)

Read File: File "C:\ProgramData\{D19C2D22-6043-47E7-B400-83A351841204}\instance.dat" is compressed (flags = 1)

Infected: C:\$Recycle.Bin\S-1-5-21-2214422115-321876402-1557215952-1001\$c8ec1f45ba17d39feb4ec2ba1cb08ee4\@ --> [Trojan.Siredef.C]

Backup file found for a file C:\Windows\System32\services.exe

Infected: C:\Windows\Installer\{c8ec1f45-ba17-d39f-eb4e-c2ba1cb08ee4}\@ --> [backdoor.0Access]

Infected: C:\Windows\Installer\{c8ec1f45-ba17-d39f-eb4e-c2ba1cb08ee4}\L\00000004.@ --> [backdoor.0Access]

Infected: C:\Windows\Installer\{c8ec1f45-ba17-d39f-eb4e-c2ba1cb08ee4}\U\00000008.@ --> [Trojan.Dropper.BCMiner]

Infected: C:\Windows\Installer\{c8ec1f45-ba17-d39f-eb4e-c2ba1cb08ee4}\U\000000cb.@ --> [backdoor.0Access]

Infected: C:\Windows\Installer\{c8ec1f45-ba17-d39f-eb4e-c2ba1cb08ee4}\U\80000064.@ --> [backdoor.0Access]

Infected: C:\Windows\assembly\GAC_32\Desktop.ini --> [Trojan.0access]

Infected: C:\Windows\assembly\GAC_64\Desktop.ini --> [Rootkit.0access]

Infected: C:\Users\Chappy\Local Settings\{c8ec1f45-ba17-d39f-eb4e-c2ba1cb08ee4}\@ --> [backdoor.0Access]

Infected: C:\Users\Chappy\Local Settings\Application Data\{c8ec1f45-ba17-d39f-eb4e-c2ba1cb08ee4}\@ --> [backdoor.0Access]

Infected: C:\Windows\svchost.exe --> [Trojan.Agent]

Infected: C:\Windows\svchost.exe --> [Trojan.Agent]

Infected: HKCU\SOFTWARE\CLASSES\CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1}\INPROCSERVER32| --> [Trojan.Zaccess]

Infected: HKCU\SOFTWARE\CLASSES\CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1}\INPROCSERVER32 --> [Trojan.Zaccess]

Infected: C:\Windows\Installer\{c8ec1f45-ba17-d39f-eb4e-c2ba1cb08ee4}\L --> [backdoor.0Access]

Infected: C:\Windows\Installer\{c8ec1f45-ba17-d39f-eb4e-c2ba1cb08ee4}\L\201d3dde --> [backdoor.0Access]

Infected: C:\Windows\Installer\{c8ec1f45-ba17-d39f-eb4e-c2ba1cb08ee4}\L\4cce1f70 --> [backdoor.0Access]

Infected: C:\Windows\Installer\{c8ec1f45-ba17-d39f-eb4e-c2ba1cb08ee4}\L\76603ac3 --> [backdoor.0Access]

Infected: C:\Windows\Installer\{c8ec1f45-ba17-d39f-eb4e-c2ba1cb08ee4}\U --> [backdoor.0Access]

Infected: C:\Users\Chappy\Local Settings\Application Data\{c8ec1f45-ba17-d39f-eb4e-c2ba1cb08ee4}\U --> [backdoor.0Access]

Infected: C:\Users\Chappy\Local Settings\Application Data\{c8ec1f45-ba17-d39f-eb4e-c2ba1cb08ee4}\L --> [backdoor.0Access]

Infected: C:\$Recycle.Bin\S-1-5-21-2214422115-321876402-1557215952-1001\$c8ec1f45ba17d39feb4ec2ba1cb08ee4\U --> [Trojan.Siredef.C]

Infected: C:\$Recycle.Bin\S-1-5-21-2214422115-321876402-1557215952-1001\$c8ec1f45ba17d39feb4ec2ba1cb08ee4\L --> [Trojan.Siredef.C]

Infected: C:\$Recycle.Bin\S-1-5-21-2214422115-321876402-1557215952-1001\$c8ec1f45ba17d39feb4ec2ba1cb08ee4 --> [Trojan.Siredef.C]

Infected: HKCU\SOFTWARE\CLASSES\CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1}\INPROCSERVER32| --> [Trojan.Zaccess]

Done!

Scan finished

Creating System Restore point...

Scheduling clean up...

<<<2>>>

Device number: 0, partition: 3

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Removal scheduling successful. System shutdown needed.

System shutdown occurred

=======================================

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.01.0.1011

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 9.0.8112.16421

Java version: 1.6.0_30

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED

CPU speed: 3.192000 GHz

Memory total: 8446402560, free: 7050993664

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.01.0.1011

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 9.0.8112.16421

Java version: 1.6.0_30

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED

CPU speed: 3.192000 GHz

Memory total: 8446402560, free: 6240567296

------------ Kernel report ------------

01/02/2013 16:08:21

------------ Loaded modules -----------

\SystemRoot\system32\ntoskrnl.exe

\SystemRoot\system32\hal.dll

\SystemRoot\system32\kdcom.dll

\SystemRoot\system32\mcupdate_GenuineIntel.dll

\SystemRoot\system32\PSHED.dll

\SystemRoot\system32\CLFS.SYS

\SystemRoot\system32\CI.dll

\SystemRoot\system32\drivers\Wdf01000.sys

\SystemRoot\system32\drivers\WDFLDR.SYS

\SystemRoot\system32\drivers\ACPI.sys

\SystemRoot\system32\drivers\WMILIB.SYS

\SystemRoot\system32\drivers\msisadrv.sys

\SystemRoot\system32\drivers\pci.sys

\SystemRoot\system32\drivers\vdrvroot.sys

\SystemRoot\System32\drivers\partmgr.sys

\SystemRoot\system32\drivers\volmgr.sys

\SystemRoot\System32\drivers\volmgrx.sys

\SystemRoot\system32\drivers\pciide.sys

\SystemRoot\system32\drivers\PCIIDEX.SYS

\SystemRoot\System32\drivers\mountmgr.sys

\SystemRoot\system32\drivers\atapi.sys

\SystemRoot\system32\drivers\ataport.SYS

\SystemRoot\system32\drivers\amdxata.sys

\SystemRoot\system32\drivers\fltmgr.sys

\SystemRoot\system32\drivers\fileinfo.sys

\SystemRoot\System32\Drivers\Ntfs.sys

\SystemRoot\System32\Drivers\msrpc.sys

\SystemRoot\System32\Drivers\ksecdd.sys

\SystemRoot\System32\Drivers\cng.sys

\SystemRoot\System32\drivers\pcw.sys

\SystemRoot\System32\Drivers\Fs_Rec.sys

\SystemRoot\system32\drivers\ndis.sys

\SystemRoot\system32\drivers\NETIO.SYS

\SystemRoot\System32\Drivers\ksecpkg.sys

\SystemRoot\System32\drivers\tcpip.sys

\SystemRoot\System32\drivers\fwpkclnt.sys

\SystemRoot\system32\drivers\volsnap.sys

\SystemRoot\System32\Drivers\spldr.sys

\SystemRoot\System32\drivers\rdyboost.sys

\SystemRoot\System32\Drivers\mup.sys

\SystemRoot\System32\drivers\hwpolicy.sys

\SystemRoot\System32\DRIVERS\fvevol.sys

\SystemRoot\system32\DRIVERS\disk.sys

\SystemRoot\system32\DRIVERS\CLASSPNP.SYS

\SystemRoot\system32\drivers\cdrom.sys

\SystemRoot\System32\Drivers\Null.SYS

\SystemRoot\System32\Drivers\Beep.SYS

\SystemRoot\system32\DRIVERS\ehdrv.sys

\SystemRoot\System32\drivers\vga.sys

\SystemRoot\System32\drivers\VIDEOPRT.SYS

\SystemRoot\System32\drivers\watchdog.sys

\SystemRoot\System32\DRIVERS\RDPCDD.sys

\SystemRoot\system32\drivers\rdpencdd.sys

\SystemRoot\system32\drivers\rdprefmp.sys

\SystemRoot\System32\Drivers\Msfs.SYS

\SystemRoot\System32\Drivers\Npfs.SYS

\SystemRoot\system32\DRIVERS\tdx.sys

\SystemRoot\system32\DRIVERS\TDI.SYS

\SystemRoot\system32\drivers\afd.sys

\SystemRoot\System32\DRIVERS\netbt.sys

\SystemRoot\system32\DRIVERS\wfplwf.sys

\SystemRoot\system32\DRIVERS\pacer.sys

\SystemRoot\system32\DRIVERS\vwififlt.sys

\SystemRoot\system32\DRIVERS\netbios.sys

\SystemRoot\system32\DRIVERS\wanarp.sys

\SystemRoot\system32\drivers\termdd.sys

\SystemRoot\system32\DRIVERS\rdbss.sys

\SystemRoot\system32\drivers\nsiproxy.sys

\SystemRoot\system32\drivers\mssmbios.sys

\SystemRoot\System32\drivers\discache.sys

\SystemRoot\System32\Drivers\dfsc.sys

\SystemRoot\system32\DRIVERS\blbdrive.sys

\SystemRoot\system32\DRIVERS\tunnel.sys

\SystemRoot\system32\DRIVERS\intelppm.sys

\SystemRoot\system32\DRIVERS\nvlddmkm.sys

\SystemRoot\System32\Drivers\nvBridge.kmd

\SystemRoot\System32\drivers\dxgkrnl.sys

\SystemRoot\System32\drivers\dxgmms1.sys

\SystemRoot\system32\drivers\HDAudBus.sys

\SystemRoot\system32\DRIVERS\HECIx64.sys

\SystemRoot\system32\drivers\usbehci.sys

\SystemRoot\system32\drivers\USBPORT.SYS

\SystemRoot\system32\DRIVERS\athrx.sys

\SystemRoot\system32\DRIVERS\vwifibus.sys

\SystemRoot\system32\DRIVERS\k57nd60a.sys

\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys

\SystemRoot\system32\drivers\CompositeBus.sys

\SystemRoot\system32\DRIVERS\AgileVpn.sys

\SystemRoot\system32\DRIVERS\rasl2tp.sys

\SystemRoot\system32\DRIVERS\ndistapi.sys

\SystemRoot\system32\DRIVERS\ndiswan.sys

\SystemRoot\system32\DRIVERS\raspppoe.sys

\SystemRoot\system32\DRIVERS\raspptp.sys

\SystemRoot\system32\DRIVERS\rassstp.sys

\SystemRoot\system32\DRIVERS\kbdclass.sys

\SystemRoot\system32\DRIVERS\mouclass.sys

\SystemRoot\system32\drivers\swenum.sys

\SystemRoot\system32\drivers\ks.sys

\SystemRoot\system32\drivers\umbus.sys

\SystemRoot\system32\DRIVERS\usbhub.sys

\SystemRoot\System32\Drivers\NDProxy.SYS

\SystemRoot\system32\drivers\nvhda64v.sys

\SystemRoot\system32\drivers\portcls.sys

\SystemRoot\system32\drivers\drmk.sys

\SystemRoot\system32\drivers\ksthunk.sys

\SystemRoot\system32\drivers\RTKVHD64.sys

\SystemRoot\system32\drivers\HdAudio.sys

\SystemRoot\system32\DRIVERS\hidusb.sys

\SystemRoot\system32\DRIVERS\HIDCLASS.SYS

\SystemRoot\system32\DRIVERS\HIDPARSE.SYS

\SystemRoot\system32\DRIVERS\USBD.SYS

\SystemRoot\system32\DRIVERS\kbdhid.sys

\SystemRoot\System32\win32k.sys

\SystemRoot\System32\drivers\Dxapi.sys

\SystemRoot\system32\DRIVERS\mouhid.sys

\SystemRoot\System32\Drivers\crashdmp.sys

\SystemRoot\System32\Drivers\dump_dumpata.sys

\SystemRoot\System32\Drivers\dump_atapi.sys

\SystemRoot\System32\Drivers\dump_dumpfve.sys

\SystemRoot\system32\drivers\USBSTOR.SYS

\SystemRoot\system32\DRIVERS\usbccgp.sys

\SystemRoot\system32\drivers\usbaudio.sys

\SystemRoot\system32\DRIVERS\monitor.sys

\SystemRoot\System32\TSDDD.dll

\SystemRoot\System32\cdd.dll

\SystemRoot\System32\ATMFD.DLL

\SystemRoot\system32\drivers\luafv.sys

\SystemRoot\system32\DRIVERS\eamonm.sys

\??\C:\Windows\system32\drivers\mbam.sys

\SystemRoot\system32\drivers\WudfPf.sys

\SystemRoot\system32\DRIVERS\lltdio.sys

\SystemRoot\system32\DRIVERS\nwifi.sys

\SystemRoot\system32\DRIVERS\ndisuio.sys

\SystemRoot\system32\DRIVERS\rspndr.sys

\SystemRoot\system32\DRIVERS\vwifimp.sys

\SystemRoot\system32\drivers\HTTP.sys

\SystemRoot\System32\DRIVERS\srvnet.sys

\SystemRoot\system32\DRIVERS\bowser.sys

\SystemRoot\system32\DRIVERS\mrxsmb.sys

\SystemRoot\system32\DRIVERS\mrxsmb10.sys

\SystemRoot\system32\DRIVERS\mrxsmb20.sys

\SystemRoot\System32\DRIVERS\srv2.sys

\SystemRoot\System32\DRIVERS\srv.sys

\SystemRoot\system32\drivers\peauth.sys

\SystemRoot\System32\Drivers\secdrv.SYS

\SystemRoot\System32\drivers\tcpipreg.sys

\SystemRoot\system32\DRIVERS\WUDFRd.sys

\SystemRoot\System32\Drivers\fastfat.SYS

\SystemRoot\system32\drivers\spsys.sys

\??\C:\Windows\system32\drivers\mbamchameleon.sys

\??\C:\Windows\system32\drivers\mbamswissarmy.sys

\Windows\System32\ntdll.dll

\Windows\System32\smss.exe

\Windows\System32\apisetschema.dll

\Windows\System32\autochk.exe

\Windows\System32\advapi32.dll

\Windows\System32\imm32.dll

\Windows\System32\Wldap32.dll

\Windows\System32\ws2_32.dll

\Windows\System32\msvcrt.dll

\Windows\System32\ole32.dll

\Windows\System32\imagehlp.dll

\Windows\System32\difxapi.dll

\Windows\System32\usp10.dll

\Windows\System32\sechost.dll

\Windows\System32\comdlg32.dll

\Windows\System32\setupapi.dll

\Windows\System32\psapi.dll

\Windows\System32\oleaut32.dll

\Windows\System32\user32.dll

\Windows\System32\rpcrt4.dll

\Windows\System32\wininet.dll

\Windows\System32\lpk.dll

\Windows\System32\normaliz.dll

\Windows\System32\urlmon.dll

\Windows\System32\clbcatq.dll

\Windows\System32\msctf.dll

\Windows\System32\iertutil.dll

\Windows\System32\shlwapi.dll

\Windows\System32\nsi.dll

\Windows\System32\kernel32.dll

\Windows\System32\shell32.dll

\Windows\System32\gdi32.dll

\Windows\System32\cfgmgr32.dll

\Windows\System32\devobj.dll

\Windows\System32\KernelBase.dll

\Windows\System32\crypt32.dll

\Windows\System32\comctl32.dll

\Windows\System32\wintrust.dll

\Windows\System32\msasn1.dll

\Windows\SysWOW64\normaliz.dll

----------- End -----------

<<<1>>>

Upper Device Name: \Device\Harddisk4\DR4

Upper Device Object: 0xfffffa8006c56060

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\00000079\

Lower Device Object: 0xfffffa8008b962b0

Lower Device Driver Name: \Driver\USBSTOR\

Driver name found: USBSTOR

DriverEntry returned 0x0

Function returned 0x0

<<<1>>>

Upper Device Name: \Device\Harddisk3\DR3

Upper Device Object: 0xfffffa80092c7790

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\00000078\

Lower Device Object: 0xfffffa8008b6ab60

Lower Device Driver Name: \Driver\USBSTOR\

Driver name found: USBSTOR

<<<1>>>

Upper Device Name: \Device\Harddisk2\DR2

Upper Device Object: 0xfffffa8009347790

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\00000077\

Lower Device Object: 0xfffffa8008b982b0

Lower Device Driver Name: \Driver\USBSTOR\

Driver name found: USBSTOR

<<<1>>>

Upper Device Name: \Device\Harddisk1\DR1

Upper Device Object: 0xfffffa8009349790

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\00000076\

Lower Device Object: 0xfffffa8008b9c2b0

Lower Device Driver Name: \Driver\USBSTOR\

Driver name found: USBSTOR

<<<1>>>

Upper Device Name: \Device\Harddisk0\DR0

Upper Device Object: 0xfffffa8007ca9060

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\

Lower Device Object: 0xfffffa80079f4060

Lower Device Driver Name: \Driver\atapi\

Driver name found: atapi

DriverEntry returned 0x0

Function returned 0x0

Initializing...

Done!

<<<2>>>

Device number: 0, partition: 3

Physical Sector Size: 512

Drive: 0, DevicePointer: 0xfffffa8007ca9060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa8007ca9b90, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa8007ca9060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa80079f2580, DeviceName: Unknown, DriverName: \Driver\ACPI\

DevicePointer: 0xfffffa80079f4060, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\

------------ End ----------

Upper DeviceData: 0xfffff8a00d695240, 0xfffffa8007ca9060, 0xfffffa800875e790

Lower DeviceData: 0xfffff8a01020bda0, 0xfffffa80079f4060, 0xfffffa8007c5e660

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Scanning directory: C:\Windows\system32\drivers...

Done!

Drive 0

Scanning MBR on drive 0...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: 57493372

Partition information:

Partition 0 type is Other (0xde)

Partition is NOT ACTIVE.

Partition starts at LBA: 63 Numsec = 610407

Partition 1 type is Primary (0x7)

Partition is ACTIVE.

Partition starts at LBA: 612352 Numsec = 30720000

Partition file system is NTFS

Partition is bootable

Partition 2 type is Primary (0x7)

Partition is NOT ACTIVE.

Partition starts at LBA: 31332352 Numsec = 1922190768

Partition 3 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Disk Size: 1000204886016 bytes

Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-1953505168-1953525168)...

Physical Sector Size: 0

Drive: 1, DevicePointer: 0xfffffa8009349790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa8008b65b90, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa8009349790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa8008b9c2b0, DeviceName: \Device\00000076\, DriverName: \Driver\USBSTOR\

------------ End ----------

Physical Sector Size: 0

Drive: 2, DevicePointer: 0xfffffa8009347790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa80093472c0, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa8009347790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa8008b982b0, DeviceName: \Device\00000077\, DriverName: \Driver\USBSTOR\

------------ End ----------

Physical Sector Size: 0

Drive: 3, DevicePointer: 0xfffffa80092c7790, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa8009341b90, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa80092c7790, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa8008b6ab60, DeviceName: \Device\00000078\, DriverName: \Driver\USBSTOR\

------------ End ----------

Physical Sector Size: 0

Drive: 4, DevicePointer: 0xfffffa8006c56060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa8008b952e0, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa8006c56060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa8008b962b0, DeviceName: \Device\00000079\, DriverName: \Driver\USBSTOR\

------------ End ----------

Done!

Performing system, memory and registry scan...

Infected: HKCR\Interface\HKLM\SOFTWARE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550055225558}\TypeLib --> [Adware.GamePlayLab]

Infected: HKCR\TypeLib\{44444444-4444-4444-4444-440044224458} --> [Adware.GamePlayLab]

Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\HKLM\SOFTWARE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550055225558}\TypeLib --> [Adware.GamePlayLab]

Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\HKLM\SOFTWARE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550055225558}\TypeLib --> [Adware.GamePlayLab]

Infected: HKCU\SOFTWARE\CLASSES\INTERFACE\HKLM\SOFTWARE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550055225558}\TypeLib --> [Adware.GamePlayLab]

Infected: HKCU\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\HKLM\SOFTWARE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550055225558}\TypeLib --> [Adware.GamePlayLab]

Read File: File "C:\ProgramData\{D19C2D22-6043-47E7-B400-83A351841204}\delldock.dat" is compressed (flags = 1)

Read File: File "C:\ProgramData\{D19C2D22-6043-47E7-B400-83A351841204}\instance.dat" is compressed (flags = 1)

Done!

Scan finished

Creating System Restore point...

Scheduling clean up...

<<<2>>>

Device number: 0, partition: 3

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Removal successful. No system shutdown is required.

=======================================

Link to post
Share on other sites

  • Staff

Please run the following

Refer to the ComboFix User's Guide

  1. Download ComboFix from the following location:
    Link
    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  2. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  3. Double click on ComboFix.exe & follow the prompts.
  4. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  5. When finished, it shall produce a log for you. Post that log in your next reply
    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
    ---------------------------------------------------------------------------------------------
  6. Ensure your AntiVirus and AntiSpyware applications are re-enabled.
    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Link to post
Share on other sites

combofix log

ComboFix 13-01-02.02 - Chappy 01/02/2013 18:11:38.1.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8055.6057 [GMT -8:00]

Running from: c:\users\Chappy\Downloads\ComboFix.exe

AV: ESET NOD32 Antivirus 5.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}

SP: ESET NOD32 Antivirus 5.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\Install.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-12-03 to 2013-01-03 )))))))))))))))))))))))))))))))

.

.

2013-01-03 02:25 . 2013-01-03 02:25 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2013-01-03 02:25 . 2013-01-03 02:25 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-01-03 02:07 . 2013-01-03 02:07 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9EABB530-6A68-43BB-A570-43F94477DD14}\offreg.dll

2013-01-01 02:15 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui

2013-01-01 02:15 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys

2013-01-01 02:15 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys

2013-01-01 02:15 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll

2013-01-01 02:07 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll

2013-01-01 02:07 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll

2013-01-01 02:07 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll

2013-01-01 02:07 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll

2013-01-01 02:07 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll

2013-01-01 02:07 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys

2013-01-01 02:07 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys

2013-01-01 02:07 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll

2013-01-01 02:07 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll

2013-01-01 02:07 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe

2013-01-01 02:07 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll

2013-01-01 02:02 . 2012-11-02 05:59 478208 ----a-w- c:\windows\system32\dpnet.dll

2013-01-01 02:02 . 2012-11-02 05:11 376832 ----a-w- c:\windows\SysWow64\dpnet.dll

2013-01-01 02:02 . 2012-11-22 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys

2013-01-01 02:00 . 2012-09-25 22:47 78336 ----a-w- c:\windows\SysWow64\synceng.dll

2013-01-01 02:00 . 2012-09-25 22:46 95744 ----a-w- c:\windows\system32\synceng.dll

2012-12-28 12:04 . 2012-12-28 12:04 -------- d-----w- c:\users\Chappy\AppData\Local\Programs

2012-12-27 00:19 . 2012-12-27 00:19 -------- d-----w- c:\program files (x86)\AGEIA Technologies

2012-12-26 05:51 . 2010-06-02 12:55 74072 ----a-w- c:\windows\SysWow64\XAPOFX1_5.dll

2012-12-26 05:51 . 2010-06-02 12:55 527192 ----a-w- c:\windows\SysWow64\XAudio2_7.dll

2012-12-26 05:51 . 2010-05-26 19:41 2106216 ----a-w- c:\windows\SysWow64\D3DCompiler_43.dll

2012-12-26 05:51 . 2010-05-26 19:41 248672 ----a-w- c:\windows\SysWow64\d3dx11_43.dll

2012-12-26 05:51 . 2010-05-26 19:41 1998168 ----a-w- c:\windows\SysWow64\D3DX9_43.dll

2012-12-26 05:51 . 2010-02-04 18:01 22360 ----a-w- c:\windows\SysWow64\X3DAudio1_7.dll

2012-12-21 21:56 . 2004-08-18 02:14 442368 ----a-r- c:\windows\SysWow64\vp6vfw.dll

2012-12-21 06:54 . 2012-12-21 06:54 -------- d-----w- c:\users\Chappy\AppData\Local\DayZCommander

2012-12-21 06:54 . 2012-12-21 06:54 -------- d-----w- c:\program files (x86)\Dotjosh Studios

2012-12-19 21:33 . 2012-12-19 21:33 -------- d-----w- c:\program files\iPod

2012-12-19 21:33 . 2012-12-19 21:33 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69

2012-12-19 21:33 . 2012-12-19 21:33 -------- d-----w- c:\program files\iTunes

2012-12-19 21:33 . 2012-12-19 21:33 -------- d-----w- c:\program files (x86)\iTunes

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-01-02 02:05 . 2012-10-15 02:41 298280 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr

2013-01-02 02:05 . 2012-10-15 02:37 298280 ----a-w- c:\windows\SysWow64\PnkBstrB.exe

2013-01-01 02:13 . 2010-05-28 21:37 67413224 ----a-w- c:\windows\system32\MRT.exe

2012-12-26 04:24 . 2012-10-15 02:37 298280 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0

2012-12-15 00:49 . 2012-08-15 05:53 24176 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-12-11 21:30 . 2012-06-24 03:12 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-12-11 21:30 . 2011-07-25 19:27 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-12-03 15:47 . 2010-04-19 17:46 15016256 ----a-w- c:\windows\system32\nvwgf2umx.dll

2012-12-03 15:47 . 2010-04-19 17:46 12603960 ----a-w- c:\windows\SysWow64\nvwgf2um.dll

2012-12-03 15:47 . 2010-04-19 17:46 15122280 ----a-w- c:\windows\SysWow64\nvd3dum.dll

2012-12-03 15:47 . 2010-04-19 17:46 2816824 ----a-w- c:\windows\system32\nvapi64.dll

2012-12-01 06:43 . 2012-12-01 06:43 438632 ----a-w- c:\windows\SysWow64\nvStreaming.exe

2012-12-01 05:49 . 2009-07-08 21:01 118120 ----a-w- c:\windows\system32\nvmctray.dll

2012-12-01 05:49 . 2009-07-08 20:01 63336 ----a-w- c:\windows\system32\nvshext.dll

2012-12-01 05:49 . 2009-07-08 21:01 890216 ----a-w- c:\windows\system32\nvvsvc.exe

2012-12-01 05:48 . 2009-07-08 21:01 6223208 ----a-w- c:\windows\system32\nvcpl.dll

2012-12-01 05:48 . 2009-07-08 21:01 3311464 ----a-w- c:\windows\system32\nvsvc64.dll

2012-10-16 08:38 . 2013-01-01 02:02 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll

2012-10-16 08:38 . 2013-01-01 02:02 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll

2012-10-16 07:39 . 2013-01-01 02:02 561664 ----a-w- c:\windows\apppatch\AcLayers.dll

2012-10-15 02:41 . 2012-10-15 02:37 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe

2012-10-15 02:31 . 2012-10-15 02:37 3360624 ----a-w- c:\windows\SysWow64\pbsvc.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}]

2012-04-09 18:53 483656 ----a-w- c:\program files (x86)\PricePeep\pricepeep.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-07-03 39408]

"Facebook Update"="c:\users\Chappy\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-11 138096]

"Logitech Vid"="c:\program files (x86)\Logitech\Vid HD\Vid.exe" [2010-10-29 5915480]

"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]

"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-12-03 1354736]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-11-13 1807600]

"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-12-29 140520]

"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-30 421888]

"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2012-02-23 59240]

"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2011-05-17 395144]

"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-08-12 205336]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]

"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-10-04 559616]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe [2012-06-11 193616]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.12.27\SymcPCCULaunchSvc.exe [x]

R2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.12.27\ccSvcHst.exe [x]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-03 160944]

R2 Updater Service for ooVoo Toolbar;Updater Service for ooVoo Toolbar;c:\program files (x86)\ooVoo Toolbar\ToolbarUpdaterService.exe [x]

R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]

R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [2010-05-08 30304]

R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2011-08-19 351136]

R3 LVUVC64;Logitech HD Webcam C310(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2011-08-19 4869024]

R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-21 1255736]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2011-08-04 146432]

S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]

S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2011-08-09 202576]

S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-09-22 974944]

S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2011-08-04 137144]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-15 398184]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-15 682344]

S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-12-01 382824]

S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-08-19 450848]

S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe [2012-06-11 240208]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]

S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-10-16 321064]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-15 24176]

.

.

Contents of the 'Scheduled Tasks' folder

.

2013-01-03 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-24 21:30]

.

2013-01-02 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2214422115-321876402-1557215952-1001Core.job

- c:\users\Chappy\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-23 20:58]

.

2013-01-03 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2214422115-321876402-1557215952-1001UA.job

- c:\users\Chappy\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-23 20:58]

.

2013-01-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-03 06:09]

.

2013-01-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-03 06:09]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-07 8158240]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]

"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-09-22 4035152]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = https://www.google.com/

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1

.

- - - - ORPHANS REMOVED - - - -

.

BHO-{92B514FD-A316-4736-99EB-2A6532D02E7D} - (no file)

BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files (x86)\Ask.com\GenericAskToolbar.dll

Toolbar-Locked - (no file)

Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files (x86)\Ask.com\GenericAskToolbar.dll

Wow6432Node-HKLM-Run-ooVooToolbarHelper - c:\program files (x86)\ooVoo Toolbar\ToolbarHelper.exe

Wow6432Node-HKU-Default-Run-ElevatedDiagnostics - c:\users\Chappy\AppData\Local\ESET\ElevatedDiagnostics\htphcrjz.dll

SafeBoot-mcmscsvc

SafeBoot-MCODS

Toolbar-Locked - (no file)

AddRemove-NortonPCCheckup - c:\program files (x86)\NortonInstaller\{170fa89a-6886-4c9e-b17b-12bccdd80788}\NortonPCCheckup\LicenseType\2.0.12.27\InstStub.exe

AddRemove-ooVoo Toolbar - c:\program files (x86)\ooVoo Toolbar\ooVooToolbarUninstall.exe

AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe

AddRemove-{1A36CF15-DF66-4756-9482-A9ABF3DDACE6}_is1 - c:\program files (x86)\Driver Robot\2.5.4.1\unins000.exe

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCCUJobMgr]

"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.12.27\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.12.27\diMaster.dll\" /prefetch:1"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2013-01-02 18:35:51

ComboFix-quarantined-files.txt 2013-01-03 02:35

.

Pre-Run: 369,697,800,192 bytes free

Post-Run: 376,707,543,040 bytes free

.

- - End Of File - - 656E6858B0BAEE944FDC494E5EC8AEB6

Link to post
Share on other sites

  • Staff

do a couple of reboots and see if it resets, if not, you may have to uninstall then re-install ESET

please run the following:

Please download Junkware Removal Tool to your desktop.

  • Shutdown your antivirus to avoid any conflicts.
  • Right-mouse click JRT.exe and select Run as administrator
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message

NEXT

Download AdwCleaner from here and save it to your desktop.

  • Run AdwCleaner and select Delete
  • Once done it will ask to reboot, allow the reboot
  • On reboot a log will be produced, please attach the content of the log to your next reply

NEXT

  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

NEXT

Go here to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Link to post
Share on other sites

JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 4.3.5 (01.02.2013:3)

OS: Windows 7 Home Premium x64

Ran by Chappy on Wed 01/02/2013 at 19:07:21.89

Blog: http://thisisudax.blogspot.com

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\windows\currentversion\run\\apnupdater

Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\\DefaultScope

Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\\DefaultScope

Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\searchscopes\\DefaultScope

Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\searchscopes\\DefaultScope

Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\searchscopes\\DefaultScope

Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\searchscopes\\DefaultScope

Successfully repaired: [Registry Value] hkey_users\S-1-5-21-2214422115-321876402-1557215952-1001\software\microsoft\internet explorer\searchscopes\\DefaultScope

Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{d4027c7f-154a-4066-a1ad-4243d8127440}

~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_classes_root\appid\babylonhelper.exe

Successfully deleted: [Registry Key] hkey_current_user\software\installedbrowserextensions

Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\crossrider

Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\i want this

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\dealscout.dll

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\toolbar.dll

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\installer\features\a28b4d68debaa244eb686953b7074fef

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\installer\products\a28b4d68debaa244eb686953b7074fef

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\prod.cap

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\toolbar.bandobject

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\toolbar.bandobject.1

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\toolbar.toolbarhelperobject

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\toolbar.toolbarhelperobject.1

Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\babylon_rasapi32

Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\babylon_rasmancs

Successfully deleted: [Registry Key] hkey_local_machine\software\wow6432node\microsoft\tracing\babylontc_rasapi32

Successfully deleted: [Registry Key] hkey_local_machine\software\wow6432node\microsoft\tracing\babylontc_rasmancs

Successfully deleted: [Registry Key] hkey_classes_root\clsid\{3d475351-3508-4de9-a7c0-b0ceb0859fbe}

Successfully deleted: [Registry Key] hkey_classes_root\clsid\{92b514fd-a316-4736-99eb-2a6532d02e7d}

Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{92b514fd-a316-4736-99eb-2a6532d02e7d}

Successfully deleted: [Registry Key] hkey_classes_root\clsid\{fd6d90c0-e6ee-4bc6-b9f7-9ed319698007}

Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{fd6d90c0-e6ee-4bc6-b9f7-9ed319698007}

Successfully deleted: [Registry Key] hkey_classes_root\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}

Successfully deleted: [Registry Key] hkey_classes_root\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}

Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{d4027c7f-154a-4066-a1ad-4243d8127440}

Successfully deleted: [Registry Key] "hkey_current_user\software\apn"

Successfully deleted: [Registry Key] "hkey_current_user\software\appdatalow\software\asktoolbar"

Successfully deleted: [Registry Key] "hkey_current_user\software\ask.com"

Successfully deleted: [Registry Key] "hkey_local_machine\software\apn"

Successfully deleted: [Registry Key] "hkey_local_machine\software\asktoolbar"

Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\appid\genericasktoolbar.dll"

~~~ Files

Successfully deleted: [File] C:\eula.1028.txt

Successfully deleted: [File] C:\eula.1031.txt

Successfully deleted: [File] C:\eula.1033.txt

Successfully deleted: [File] C:\eula.1036.txt

Successfully deleted: [File] C:\eula.1040.txt

Successfully deleted: [File] C:\eula.1041.txt

Successfully deleted: [File] C:\eula.1042.txt

Successfully deleted: [File] C:\eula.2052.txt

Successfully deleted: [File] C:\install.res.1028.dll

Successfully deleted: [File] C:\install.res.1031.dll

Successfully deleted: [File] C:\install.res.1033.dll

Successfully deleted: [File] C:\install.res.1036.dll

Successfully deleted: [File] C:\install.res.1040.dll

Successfully deleted: [File] C:\install.res.1041.dll

Successfully deleted: [File] C:\install.res.1042.dll

Successfully deleted: [File] C:\install.res.2052.dll

Successfully deleted: [File] C:\install.res.3082.dll

~~~ Folders

Successfully deleted: [Folder] "C:\Program Files (x86)\pricepeep"

Successfully deleted: [Folder] "C:\Users\Chappy\appdata\locallow\asktoolbar"

Successfully deleted: [Folder] "C:\Program Files (x86)\ask.com"

Successfully deleted: [Folder] "C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}"

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Wed 01/02/2013 at 19:13:42.19

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

AdwCleaner log

# AdwCleaner v2.104 - Logfile created 01/02/2013 at 19:16:39

# Updated 29/12/2012 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : Chappy - KILLERHIPPO

# Boot Mode : Normal

# Running from : C:\Users\Chappy\Desktop\adwcleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

Folder Deleted : C:\Program Files\Babylon

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\PricePeep

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{38A066B0-DD5F-4226-AC4F-6A27C1BFB892}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{7E8A36EA-2501-4ED3-A3C8-CFA9143FB169}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6857AC4A-95B4-4E2C-B2D2-8A235FCCEF4A}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1B97A696-5576-43AC-A73B-E1D2C78F21E8}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1C888195-0160-4883-91B7-294C0CE2F277}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{75BF416E-4326-45B5-8A2D-AE32D05B930B}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{99ACA0F7-D864-45CB-8C40-FD42A077E7CA}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\PricePeep

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1B97A696-5576-43AC-A73B-E1D2C78F21E8}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1C888195-0160-4883-91B7-294C0CE2F277}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550055225558}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5F339F0B-716F-408F-A627-DEEB5DEB4020}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066226658}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{75BF416E-4326-45B5-8A2D-AE32D05B930B}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{77777777-7777-7777-7777-770077227758}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{99ACA0F7-D864-45CB-8C40-FD42A077E7CA}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

*************************

AdwCleaner[s1].txt - [3947 octets] - [02/01/2013 19:16:39]

########## EOF - C:\AdwCleaner[s1].txt - [4007 octets] ##########

MBAM log

Malwarebytes Anti-Malware (PRO) 1.70.0.1100

www.malwarebytes.org

Database version: v2013.01.02.10

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Chappy :: KILLERHIPPO [administrator]

Protection: Enabled

1/2/2013 7:22:10 PM

mbam-log-2013-01-02 (19-22-10).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 241760

Time elapsed: 3 minute(s), 11 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

The ESET site would not load.

Link to post
Share on other sites

  • Staff

it does reset certain settings that malware is known to compromise

so try the following:

  1. Click the Microsoft Start logo in the bottom left corner of the screen
  2. Click All Programs
  3. Click Accessories
  4. RIGHT-click on Command Prompt
  5. Select Run As Administrator
  6. In the command window type the following commands and then hit enter after each command:
    netsh int ip reset reset.log
    netsh winsock reset catalog
    IPconfig /release. (Note the space between the "g" and the slash / it needs to be there)
    IPconfig /Renew (Note the space between the "g" and the slash / it needs to be there)
    ipconfig /flushdns
  7. You will see the following confirmation:

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

Reboot the computer

Let me know if that makes any difference

Link to post
Share on other sites

Allright well my computer is completely screwed. It was working fine after I used the anti-rootkit and I messed up when i was using combofix, which I think screwed up my computer because after that ESET started having problems and for some reason this and google are literally the only two sites that load.

Link to post
Share on other sites

  • Staff

let's go back to the restore point that ComboFix would have made prior to running it, but I suspect it has more to do with the removal of the rootkit as quite often doing so, breaks a number of services

Navigate to the Start -> All Programs -> Accessories -> System Tools program group.

Click on the System Restore program icon.

Click Next > on the Restore system files and settings window.

Choose the restore point that you want to use. (it will be the one made just prior to running ComboFix)

(Note: Check the Show more restore points checkbox to see more than the most recent restore points if you don't see it right away).

Click Next >.

Click Finish on the Confirm your restore point window to begin the System Restore.

Note: Windows 7 will shut down to complete the System Restore so be sure to save any work you might have open in other programs before continuing.

Click Yes to the Once started, System Restore cannot be interrupted. Do you want to continue? dialog box.

System Restore will now restore Windows 7 to the state that was recorded in the restore point you chose

Note: The System Restore process could take several minutes as you see the "Please wait while your Windows files and settings are being restored" message. Your computer will then reboot as normal when complete.

Immediately after logging in to Windows 7 after the reboot, you should see a message that System Restore completed successfully.

Click Close.

Let me know if that resolves the issues.

If this restoration causes more of a problem, you can always undo this particular System Restore.

Link to post
Share on other sites

  • Staff

uninstall ESET entirely, then run the Temp File Cleaner

Download TFC to your desktop

  • Close any open windows.
  • Double click the TFC icon to run the program
  • TFC will close all open programs itself in order to run,
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted.
  • The program should not take long to finish it's job
  • Once its finished it should automatically reboot your machine,
  • if it doesn't, manually reboot to ensure a complete clean

now try and load a couple of known safe websites that you weren't able to load before to see if the problem is with the ESET program (it may have been corrupted by malware) or if the problem is with the browser

(don't surf without the AV, just check a couple of sites)

Now run the following:

  • Download RogueKiller and save it to your desktop.
  • Quit all other programs
  • Start RogueKiller.exe
  • Wait until the Prescan has finished ...
  • Click on Scan
    RGKRScan.png
  • Wait for the end of the scan
  • A report will be created on your desktop.
  • Click on the Delete button
    RGKRDelete.png
  • Next click on the ShortcutsFix
    RGKRShortcutsFix.png
  • another report will be created on your desktop.

Please post: All RKreport.txt text files located on your desktop.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.