Jump to content

Could greatly use some assistance.


Recommended Posts

Currently having some major issues with my computer. It all started a day or two ago by it simply de-selecting my currently active window. Really only a minor annoyance while I am typing (as I am now) or playing a full screen game. However, now every 3-5 minutes Avast! and Mbam are blocking multiple threats. Quick scan with Mbam is showing nothing, however the bulk majority of the infections seem to be centered around "C/Windows/Installer". I tried running a bootscan with Avast!, and it was coming up with infected files, however, it doesn't seem to have done anything as the same files are still infected. I do not have the log for that bootscan as it has dissappeared -_-. Dds.txt is attached, hoping my computer isn't too far gone to repair. Thanks for checking this out for me.

dds.txt

Link to post
Share on other sites

Hello Inochi and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.

Please post the content of Attach.txt.

Link to post
Share on other sites

Ah gotcha, sorry about that. I am currently not a paying customer, however, seriously thinking of going pro come payday.

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 4/14/2010 2:28:17 AM

System Uptime: 1/2/2013 8:01:44 AM (0 hours ago)

.

Motherboard: SAMSUNG ELECTRONICS CO., LTD. | | R780/R778

Processor: Intel® Core i5 CPU M 430 @ 2.27GHz | CPU 1 | 2267/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 451 GiB total, 168.878 GiB free.

D: is CDROM ()

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP86: 12/27/2012 1:44:26 AM - Scheduled Checkpoint

RP87: 12/29/2012 1:33:09 PM - Removed Assassin's Creed ® III

RP88: 12/29/2012 1:34:49 PM - Removed Assassin's Creed ® III

RP89: 12/29/2012 1:48:46 PM - Removed Assassin's Creed ® III

RP90: 12/29/2012 1:52:36 PM - Installed DirectX

RP91: 12/29/2012 2:01:27 PM - Installed Assassin's Creed ® III

.

==== Installed Programs ======================

.

7-Zip 9.20 (x64 edition)

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader 9.5.2

AnyPC Client

Assassin's Creed ® III

Atheros Client Installation Program

avast! Free Antivirus

BatteryLifeExtender

Call of Duty: Black Ops II

Call of Duty: Black Ops II - Multiplayer

Call of Duty: Black Ops II - Zombies

CCleaner

ChargeableUSB

CPUID CPU-Z 1.58

CursorFX

CyberLink DVD Suite

CyberLink YouCam

D3DX10

Dead Island Save Editor

DragonNest

Easy Display Manager

Easy Network Manager

Easy SpeedUp Manager

EasyBatteryManager

Far Cry 3

Google Chrome

Google Drive

Google Update Helper

Hawken

InnoGames International Toolbar

Intel® Rapid Storage Technology

Intel® Turbo Boost Technology Driver

Java 7 Update 9

Java Auto Updater

Junk Mail filter update

League of Legends

Lexmark 5600-6600 Series

Lexmark Printable Web

lightshot-3.2.0.0

Malwarebytes Anti-Malware version 1.70.0.1100

ManageEngine NetFlow Analyzer 9

Marvell Miniport Driver

MechWarrior Online

Microsoft .NET Framework 4.5

Microsoft Application Error Reporting

Microsoft Silverlight

Microsoft SkyDrive

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Movie Maker

MSI Afterburner 2.3.0

MSI Kombustor 2.4.2

MSVCRT

MSVCRT_amd64

MSVCRT110

MSVCRT110_amd64

Nexon Game Manager

NVIDIA Control Panel 310.70

NVIDIA Graphics Driver 310.70

NVIDIA HD Audio Driver 1.3.18.0

NVIDIA Install Application

NVIDIA PhysX

NVIDIA PhysX System Software 9.12.1031

NVIDIA Update 1.11.3

NVIDIA Update Components

Pando Media Booster

Photo Common

Photo Gallery

PunkBuster Services

Realtek High Definition Audio Driver

REALTEK Wireless LAN Software

Samsung R-Series

Samsung Recovery Solution 4

Samsung Support Center

Samsung Update Plus

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 4.5 (KB2729460)

Security Update for Microsoft .NET Framework 4.5 (KB2737083)

Skype™ 6.0

Spotify

SpywareBlaster 4.6

Star Wars: The Old Republic

Steam

SUPERAntiSpyware

Synaptics Pointing Device Driver

System Requirements Lab CYRI

TweakNow PowerPack 2012

Unity Web Player

Uplay

User Guide

VirtualCloneDrive

VLC media player 2.0.4

Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405)

Windows Driver Package - Broadcom Bluetooth (09/11/2009 6.2.0.9407)

Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)

Windows Live Communications Platform

Windows Live Essentials

Windows Live Family Safety

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Mail

Windows Live Messenger

Windows Live MIME IFilter

Windows Live Photo Common

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live Sync

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

.

==== End Of File ===========================

Link to post
Share on other sites

This is the one that ran this morning.

avast! Antirootkit, version 1.0

Scan started: Wednesday, January 02, 2013 8:17:24 AM

Process [0]

Process [4]

Process C:\Windows\System32\smss.exe [352]

Process C:\Windows\System32\csrss.exe [572]

Process C:\Windows\System32\wininit.exe [640]

Process C:\Windows\System32\csrss.exe [652]

Process C:\Windows\System32\winlogon.exe [708]

Process C:\Windows\System32\services.exe [756]

Process C:\Windows\System32\lsass.exe [764]

Process C:\Windows\System32\lsm.exe [776]

Process C:\Windows\System32\svchost.exe [876]

Process C:\Windows\System32\svchost.exe [992]

Process C:\Windows\System32\svchost.exe [416]

Process C:\Windows\System32\svchost.exe [656]

Process C:\Windows\System32\svchost.exe [404]

Process C:\Windows\System32\audiodg.exe [1112]

Process C:\Windows\System32\svchost.exe [1132]

Process C:\Windows\System32\svchost.exe [1180]

Process C:\Windows\System32\svchost.exe [1304]

Process C:\Installed Files\AVAST Software\Avast\AvastSvc.exe [1520]

Process C:\Windows\System32\dwm.exe [1760]

Process C:\Windows\explorer.exe [1768]

Process C:\Program Files (x86)\Windows Sidebar\sidebar.exe [1480]

Process C:\Program Files (x86)\Skype\Phone\Skype.exe [1476]

Process C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [1664]

Process C:\Windows\System32\spoolsv.exe [1752]

Process C:\Windows\System32\svchost.exe [2044]

Process C:\Installed Files\AVAST Software\Avast\AvastUI.exe [2032]

Process C:\Windows\System32\taskhost.exe [1444]

Process C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2156]

Process C:\Windows\System32\spool\drivers\x64\3\lxduserv.exe [2216]

Process C:\Windows\System32\lxducoms.exe [2268]

Process C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2316]

Process C:\Windows\System32\taskeng.exe [2324]

Process C:\Installed Files\MSI\Bundle\OSDServer\RTSS.exe [2420]

Process C:\Program Files (x86)\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe [2448]

Process C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe [2456]

Process C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe [2484]

Process C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe [2496]

Process C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2584]

Process C:\Windows\System32\mqsvc.exe [2648]

Process C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [2664]

Process C:\PROGRA~2\MANAGE~1\NetFlow\bin\wrapper.exe [2708]

Process C:\Windows\System32\conhost.exe [2820]

Process C:\Windows\System32\taskmgr.exe [2828]

Process C:\Windows\SysWOW64\PnkBstrA.exe [2892]

Process C:\Windows\System32\svchost.exe [2960]

Process C:\Windows\SysWOW64\Rezip.exe [2992]

Process C:\Windows\System32\svchost.exe [3148]

Process C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [3200]

Process C:\Program Files (x86)\AnyPC Client\APLanMgrC.exe [3256]

Process C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE [3488]

Process C:\PROGRA~2\MANAGE~1\NetFlow\jre\bin\java.exe [4080]

Process C:\Windows\System32\UI0Detect.exe [3564]

Process C:\Windows\System32\SearchIndexer.exe [4060]

Process C:\Windows\System32\svchost.exe [3500]

Process C:\Windows\System32\svchost.exe [3836]

Process C:\Windows\servicing\TrustedInstaller.exe [3844]

Process C:\Program Files\Windows Media Player\wmpnetwk.exe [4236]

Process C:\Windows\System32\wbem\WmiPrvSE.exe [3660]

Process C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe [5048]

Process C:\Program Files (x86)\ManageEngine\NetFlow\mysql\bin\mysqld-nt.exe [2548]

Process C:\Windows\System32\svchost.exe [4776]

Process C:\Windows\System32\svchost.exe [4220]

Process C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [4600]

Process C:\Windows\System32\dllhost.exe [4032]

Process C:\Windows\System32\sppsvc.exe [4660]

Process C:\Windows\System32\notepad.exe [3928]

Process C:\Windows\System32\SearchProtocolHost.exe [4744]

Process C:\Windows\System32\SearchFilterHost.exe [4276]

Disk 0 MBR

Service !SASCORE [C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE]

Service .NET CLR Data [???]

Service .NET CLR Networking [???]

Service .NET CLR Networking 4.0.0.0 [???]

Service .NET Data Provider for Oracle [???]

Service .NET Data Provider for SqlServer [???]

Service .NET Memory Cache 4.0 [???]

Service .NETFramework [???]

Service 1394ohci [C:\windows\system32\drivers\1394ohci.sys]

Service ACPI [C:\windows\system32\drivers\ACPI.sys]

Service AcpiPmi [C:\windows\system32\drivers\acpipmi.sys]

Service AdobeFlashPlayerUpdateSvc [C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]

Service adp94xx [C:\windows\system32\DRIVERS\adp94xx.sys]

Service adpahci [C:\windows\system32\DRIVERS\adpahci.sys]

Service adpu320 [C:\windows\system32\DRIVERS\adpu320.sys]

Service adsi [???]

Service AeLookupSvc [C:\windows\System32\aelupsvc.dll]

Service AFD [C:\windows\system32\drivers\afd.sys]

Service agp440 [C:\windows\system32\drivers\agp440.sys]

Service ALG [C:\windows\System32\alg.exe]

Service aliide [C:\windows\system32\drivers\aliide.sys]

Service amdide [C:\windows\system32\drivers\amdide.sys]

Service AmdK8 [C:\windows\system32\DRIVERS\amdk8.sys]

Service AmdPPM [C:\windows\system32\DRIVERS\amdppm.sys]

Service amdsata [C:\windows\system32\drivers\amdsata.sys]

Service amdsbs [C:\windows\system32\DRIVERS\amdsbs.sys]

Service amdxata [C:\windows\system32\drivers\amdxata.sys]

Service AppID [C:\windows\system32\drivers\appid.sys]

Service AppIDSvc [C:\windows\System32\appidsvc.dll]

Service Appinfo [C:\windows\System32\appinfo.dll]

Service arc [C:\windows\system32\DRIVERS\arc.sys]

Service arcsas [C:\windows\system32\DRIVERS\arcsas.sys]

Service ASP.NET [???]

Service ASP.NET_4.0.30319 [???]

Service aspnet_state [C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe]

Service aswFsBlk [C:\windows\System32\Drivers\aswFsBlk.sys]

Service aswMonFlt [C:\windows\system32\drivers\aswMonFlt.sys]

Service aswRdr [C:\windows\System32\Drivers\aswrdr2.sys]

Service aswSnx [C:\windows\System32\Drivers\aswSnx.sys]

Service aswSP [C:\windows\System32\Drivers\aswSP.sys]

Service aswTdi [C:\windows\System32\Drivers\aswTdi.sys]

Service AsyncMac [C:\windows\system32\DRIVERS\asyncmac.sys]

Service atapi [C:\windows\system32\drivers\atapi.sys]

Service AudioEndpointBuilder [C:\windows\System32\Audiosrv.dll]

Service AudioSrv [C:\windows\System32\Audiosrv.dll]

Service avast! Antivirus [C:\Installed Files\AVAST Software\Avast\AvastSvc.exe]

Service AxInstSV [C:\windows\System32\AxInstSV.dll]

Service b06bdrv [C:\windows\system32\DRIVERS\bxvbda.sys]

Service b57nd60a [C:\windows\system32\DRIVERS\b57nd60a.sys]

Service BattC [???]

Service BDESVC [C:\windows\System32\bdesvc.dll]

Service Beep [C:\windows\System32\Drivers\Beep.sys]

Service BFE [C:\windows\System32\bfe.dll]

Service blbdrive [C:\windows\system32\DRIVERS\blbdrive.sys]

Service bowser [C:\windows\system32\DRIVERS\bowser.sys]

Service BrFiltLo [C:\windows\system32\DRIVERS\BrFiltLo.sys]

Service BrFiltUp [C:\windows\system32\DRIVERS\BrFiltUp.sys]

Service Browser [C:\windows\System32\browser.dll]

Service Brserid [C:\windows\System32\Drivers\Brserid.sys]

Service BrSerWdm [C:\windows\System32\Drivers\BrSerWdm.sys]

Service BrUsbMdm [C:\windows\System32\Drivers\BrUsbMdm.sys]

Service BrUsbSer [C:\windows\System32\Drivers\BrUsbSer.sys]

Service BthEnum [C:\windows\system32\drivers\BthEnum.sys]

Service BTHMODEM [C:\windows\system32\DRIVERS\bthmodem.sys]

Service BthPan [C:\windows\system32\DRIVERS\bthpan.sys]

Service BTHPORT [C:\windows\System32\Drivers\BTHport.sys]

Service bthserv [C:\windows\system32\bthserv.dll]

Service BTHUSB [C:\windows\System32\Drivers\BTHUSB.sys]

Service btusbflt [C:\windows\system32\drivers\btusbflt.sys]

Service btwaudio [C:\windows\system32\drivers\btwaudio.sys]

Service btwavdt [C:\windows\system32\DRIVERS\btwavdt.sys]

Service btwl2cap [C:\windows\system32\DRIVERS\btwl2cap.sys]

Service btwrchid [C:\windows\system32\DRIVERS\btwrchid.sys]

Service cdfs [C:\windows\system32\DRIVERS\cdfs.sys]

Service cdrom [C:\windows\system32\DRIVERS\cdrom.sys]

Service CertPropSvc [C:\windows\System32\certprop.dll]

Service circlass [C:\windows\system32\DRIVERS\circlass.sys]

Service CLFS [C:\windows\System32\CLFS.sys]

Service clr_optimization_v2.0.50727_32 [C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe]

Service clr_optimization_v2.0.50727_64 [C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe]

Service clr_optimization_v4.0.30319_32 [C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe]

Service clr_optimization_v4.0.30319_64 [C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe]

Service CmBatt [C:\windows\system32\DRIVERS\CmBatt.sys]

Service cmdide [C:\windows\system32\drivers\cmdide.sys]

Service CNG [C:\windows\System32\Drivers\cng.sys]

Service Compbatt [C:\windows\system32\DRIVERS\compbatt.sys]

Service CompositeBus [C:\windows\system32\drivers\CompositeBus.sys]

Service COMSysApp [C:\windows\system32\dllhost.exe]

Service cpuz135 [C:\windows\system32\drivers\cpuz135_x64.sys]

Service crcdisk [C:\windows\system32\DRIVERS\crcdisk.sys]

Service crypt32 [???]

Service CryptSvc [C:\windows\system32\cryptsvc.dll]

Service DCLocator [???]

Service DcomLaunch [C:\windows\system32\rpcss.dll]

Service defragsvc [C:\windows\System32\defragsvc.dll]

Service DfsC [C:\windows\System32\Drivers\dfsc.sys]

Service Dhcp [C:\windows\system32\dhcpcore.dll]

Service discache [C:\windows\System32\drivers\discache.sys]

Service Disk [C:\windows\system32\DRIVERS\disk.sys]

Service Dnscache [C:\windows\System32\dnsrslvr.dll]

Service dot3svc [C:\windows\System32\dot3svc.dll]

Service DPS [C:\windows\system32\dps.dll]

Service drmkaud [C:\windows\system32\drivers\drmkaud.sys]

Service DXGKrnl [C:\windows\System32\drivers\dxgkrnl.sys]

Service EagleX64 [C:\windows\system32\drivers\EagleX64.sys]

Service EapHost [C:\windows\System32\eapsvc.dll]

Service ebdrv [C:\windows\system32\DRIVERS\evbda.sys]

Service EFS [C:\windows\System32\lsass.exe]

Service ehRecvr [C:\windows\ehome\ehRecvr.exe]

Service ehSched [C:\windows\ehome\ehsched.exe]

Service ElbyCDIO [C:\windows\System32\Drivers\ElbyCDIO.sys]

Service elxstor [C:\windows\system32\DRIVERS\elxstor.sys]

Service ErrDev [C:\windows\system32\drivers\errdev.sys]

Service ESENT [???]

Service eventlog [C:\windows\System32\wevtsvc.dll]

Service EventSystem [C:\windows\system32\es.dll]

Service exfat [C:\windows\System32\Drivers\exfat.sys]

Service fastfat [C:\windows\System32\Drivers\fastfat.sys]

Service Fax [C:\windows\system32\fxssvc.exe]

Service fdc [C:\windows\system32\DRIVERS\fdc.sys]

Service fdPHost [C:\windows\system32\fdPHost.dll]

Service FDResPub [C:\windows\system32\fdrespub.dll]

Service FileInfo [C:\windows\system32\drivers\fileinfo.sys]

Service Filetrace [C:\windows\system32\drivers\filetrace.sys]

Service flpydisk [C:\windows\system32\DRIVERS\flpydisk.sys]

Service FltMgr [C:\windows\system32\drivers\fltmgr.sys]

Service FontCache [C:\windows\system32\FntCache.dll]

Service FontCache3.0.0.0 [C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe]

Service FsDepends [C:\windows\System32\drivers\FsDepends.sys]

Service fssfltr [C:\windows\system32\DRIVERS\fssfltr.sys]

Service fsssvc [C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe]

Service Fs_Rec [C:\windows\System32\Drivers\Fs_Rec.sys]

Service fvevol [C:\windows\System32\DRIVERS\fvevol.sys]

Service gagp30kx [C:\windows\system32\DRIVERS\gagp30kx.sys]

Service gpsvc [C:\windows\System32\gpsvc.dll]

Service gupdate [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]

Service gupdatem [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]

Service hcw85cir [C:\windows\system32\drivers\hcw85cir.sys]

Service HdAudAddService [C:\windows\system32\drivers\HdAudio.sys]

Service HDAudBus [C:\windows\system32\drivers\HDAudBus.sys]

Service HidBatt [C:\windows\system32\DRIVERS\HidBatt.sys]

Service HidBth [C:\windows\system32\DRIVERS\hidbth.sys]

Service HidIr [C:\windows\system32\DRIVERS\hidir.sys]

Service hidserv [C:\windows\system32\hidserv.dll]

Service HidUsb [C:\windows\system32\DRIVERS\hidusb.sys]

Service hkmsvc [C:\windows\system32\kmsvc.dll]

Service HomeGroupListener [C:\windows\system32\ListSvc.dll]

Service HomeGroupProvider [C:\windows\system32\provsvc.dll]

Service HpSAMD [C:\windows\system32\drivers\HpSAMD.sys]

Service HTTP [C:\windows\system32\drivers\HTTP.sys]

Service hwpolicy [C:\windows\System32\drivers\hwpolicy.sys]

Service i8042prt [C:\windows\system32\drivers\i8042prt.sys]

Service iaStor [C:\windows\system32\DRIVERS\iaStor.sys]

Service iaStorV [C:\windows\system32\drivers\iaStorV.sys]

Service idsvc [C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe]

Service igfx [C:\windows\system32\DRIVERS\igdkmd64.sys]

Service iirsp [C:\windows\system32\DRIVERS\iirsp.sys]

Service IKEEXT [C:\windows\System32\ikeext.dll]

Service Impcd [C:\windows\system32\DRIVERS\Impcd.sys]

Service inetaccs [???]

Service IntcAzAudAddService [C:\windows\system32\drivers\RTKVHD64.sys]

Service intelide [C:\windows\system32\drivers\intelide.sys]

Service intelppm [C:\windows\system32\DRIVERS\intelppm.sys]

Service IPBusEnum [C:\windows\system32\ipbusenum.dll]

Service IpFilterDriver [C:\windows\system32\DRIVERS\ipfltdrv.sys]

Service IPMIDRV [C:\windows\system32\drivers\IPMIDrv.sys]

Service IPNAT [C:\windows\System32\drivers\ipnat.sys]

Service IRENUM [C:\windows\system32\drivers\irenum.sys]

Service isapnp [C:\windows\system32\drivers\isapnp.sys]

Service iScsiPrt [C:\windows\system32\drivers\msiscsi.sys]

Service kbdclass [C:\windows\system32\DRIVERS\kbdclass.sys]

Service kbdhid [C:\windows\system32\DRIVERS\kbdhid.sys]

Service KeyIso [C:\windows\system32\lsass.exe]

Service KSecDD [C:\windows\System32\Drivers\ksecdd.sys]

Service KSecPkg [C:\windows\System32\Drivers\ksecpkg.sys]

Service ksthunk [C:\windows\system32\drivers\ksthunk.sys]

Service KtmRm [C:\windows\system32\msdtckrm.dll]

Service LanmanServer [C:\windows\system32\srvsvc.dll]

Service LanmanWorkstation [C:\windows\System32\wkssvc.dll]

Service ldap [???]

Service lltdio [C:\windows\system32\DRIVERS\lltdio.sys]

Service lltdsvc [C:\windows\System32\lltdsvc.dll]

Service lmhosts [C:\windows\System32\lmhsvc.dll]

Service Lsa [???]

Service LSI_FC [C:\windows\system32\DRIVERS\lsi_fc.sys]

Service LSI_SAS [C:\windows\system32\DRIVERS\lsi_sas.sys]

Service LSI_SAS2 [C:\windows\system32\DRIVERS\lsi_sas2.sys]

Service LSI_SCSI [C:\windows\system32\DRIVERS\lsi_scsi.sys]

Service luafv [C:\windows\system32\drivers\luafv.sys]

Service lxduCATSCustConnectService [C:\windows\system32\spool\DRIVERS\x64\3\\lxduserv.exe]

Service lxdu_device [C:\windows\system32\lxducoms.exe]

Service MBAMProtector [C:\windows\system32\drivers\mbam.sys]

Service MBAMScheduler [C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe]

Service MBAMService [C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe]

Service Mcx2Svc [C:\windows\system32\Mcx2Svc.dll]

Service megasas [C:\windows\system32\DRIVERS\megasas.sys]

Service MegaSR [C:\windows\system32\DRIVERS\MegaSR.sys]

Service MMCSS [C:\windows\system32\mmcss.dll]

Service Modem [C:\windows\system32\drivers\modem.sys]

Service monitor [C:\windows\system32\DRIVERS\monitor.sys]

Service mouclass [C:\windows\system32\DRIVERS\mouclass.sys]

Service mouhid [C:\windows\system32\DRIVERS\mouhid.sys]

Service mountmgr [C:\windows\System32\drivers\mountmgr.sys]

Service mpio [C:\windows\system32\drivers\mpio.sys]

Service mpsdrv [C:\windows\System32\drivers\mpsdrv.sys]

Service MpsSvc [C:\windows\system32\mpssvc.dll]

Service MQAC [C:\windows\system32\drivers\mqac.sys]

Service MRxDAV [C:\windows\system32\drivers\mrxdav.sys]

Service mrxsmb [C:\windows\system32\DRIVERS\mrxsmb.sys]

Service mrxsmb10 [C:\windows\system32\DRIVERS\mrxsmb10.sys]

Service mrxsmb20 [C:\windows\system32\DRIVERS\mrxsmb20.sys]

Service msahci [C:\windows\system32\drivers\msahci.sys]

Service msdsm [C:\windows\system32\drivers\msdsm.sys]

Service MSDTC [C:\windows\System32\msdtc.exe]

Service MSDTC Bridge 3.0.0.0 [???]

Service MSDTC Bridge 4.0.0.0 [???]

Service Msfs [C:\windows\System32\Drivers\Msfs.sys]

Service mshidkmdf [C:\windows\System32\drivers\mshidkmdf.sys]

Service msisadrv [C:\windows\system32\drivers\msisadrv.sys]

Service MSiSCSI [C:\windows\system32\iscsiexe.dll]

Service msiserver [C:\windows\system32\msiexec.exe]

Service MSKSSRV [C:\windows\system32\drivers\MSKSSRV.sys]

Service MSMQ [C:\windows\system32\mqsvc.exe]

Service MSPCLOCK [C:\windows\system32\drivers\MSPCLOCK.sys]

Service MSPQM [C:\windows\system32\drivers\MSPQM.sys]

Service MsRPC [C:\windows\System32\Drivers\MsRPC.sys]

Service MSSCNTRS [???]

Service mssmbios [C:\windows\system32\drivers\mssmbios.sys]

Service MSTEE [C:\windows\system32\drivers\MSTEE.sys]

Service MTConfig [C:\windows\system32\DRIVERS\MTConfig.sys]

Service Mup [C:\windows\System32\Drivers\mup.sys]

Service napagent [C:\windows\system32\qagentRT.dll]

Service NativeWifiP [C:\windows\system32\DRIVERS\nwifi.sys]

Service NDIS [C:\windows\system32\drivers\ndis.sys]

Service NdisCap [C:\windows\system32\DRIVERS\ndiscap.sys]

Service NdisTapi [C:\windows\system32\DRIVERS\ndistapi.sys]

Service Ndisuio [C:\windows\system32\DRIVERS\ndisuio.sys]

Service NdisWan [C:\windows\system32\DRIVERS\ndiswan.sys]

Service NDProxy [C:\windows\System32\Drivers\NDProxy.sys]

Service NetBIOS [C:\windows\system32\DRIVERS\netbios.sys]

Service NetBT [C:\windows\System32\DRIVERS\netbt.sys]

Service netflowanalyzer [C:\PROGRA~2\MANAGE~1\NetFlow\bin\wrapper.exe]

Service Netlogon [C:\windows\system32\lsass.exe]

Service Netman [C:\windows\System32\netman.dll]

Service NetMsmqActivator [C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe]

Service NetPipeActivator [C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe]

Service netprofm [C:\windows\System32\netprofm.dll]

Service NetTcpActivator [C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe]

Service NetTcpPortSharing [C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe]

Service nfrd960 [C:\windows\system32\DRIVERS\nfrd960.sys]

Service NlaSvc [C:\windows\System32\nlasvc.dll]

Service Npfs [C:\windows\System32\Drivers\Npfs.sys]

Service nsi [C:\windows\system32\nsisvc.dll]

Service nsiproxy [C:\windows\system32\drivers\nsiproxy.sys]

Service NTDS [???]

Service Ntfs [C:\windows\System32\Drivers\Ntfs.sys]

Service Null [C:\windows\System32\Drivers\Null.sys]

Service NVHDA [C:\windows\system32\drivers\nvhda64v.sys]

Service nvlddmkm [C:\windows\system32\DRIVERS\nvlddmkm.sys]

Service nvraid [C:\windows\system32\drivers\nvraid.sys]

Service nvstor [C:\windows\system32\drivers\nvstor.sys]

Service nvsvc [C:\windows\system32\nvvsvc.exe]

Service nvUpdatusService [C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe]

Service nv_agp [C:\windows\system32\drivers\nv_agp.sys]

Service ohci1394 [C:\windows\system32\drivers\ohci1394.sys]

Service p2pimsvc [C:\windows\system32\pnrpsvc.dll]

Service p2psvc [C:\windows\system32\p2psvc.dll]

Service Parport [C:\windows\system32\DRIVERS\parport.sys]

Service partmgr [C:\windows\System32\drivers\partmgr.sys]

Service PcaSvc [C:\windows\System32\pcasvc.dll]

Service pci [C:\windows\system32\drivers\pci.sys]

Service pciide [C:\windows\system32\drivers\pciide.sys]

Service pcmcia [C:\windows\system32\DRIVERS\pcmcia.sys]

Service pcw [C:\windows\System32\drivers\pcw.sys]

Service PEAUTH [C:\windows\system32\drivers\peauth.sys]

Service PerfDisk [???]

Service PerfHost [C:\windows\SysWow64\perfhost.exe]

Service PerfNet [???]

Service PerfOS [???]

Service PerfProc [???]

Service pla [C:\windows\system32\pla.dll]

Service PlugPlay [C:\windows\system32\umpnpmgr.dll]

Service PnkBstrA [C:\windows\system32\PnkBstrA.exe]

Service PNRPAutoReg [C:\windows\system32\pnrpauto.dll]

Service PNRPsvc [C:\windows\system32\pnrpsvc.dll]

Service PolicyAgent [C:\windows\System32\ipsecsvc.dll]

Service PortProxy [???]

Service Power [C:\windows\system32\umpo.dll]

Service PptpMiniport [C:\windows\system32\DRIVERS\raspptp.sys]

Service Processor [C:\windows\system32\DRIVERS\processr.sys]

Service ProfSvc [C:\windows\system32\profsvc.dll]

Service ProtectedStorage [C:\windows\system32\lsass.exe]

Service Psched [C:\windows\system32\DRIVERS\pacer.sys]

Service ql2300 [C:\windows\system32\DRIVERS\ql2300.sys]

Service ql40xx [C:\windows\system32\DRIVERS\ql40xx.sys]

Service QWAVE [C:\windows\system32\qwave.dll]

Service QWAVEdrv [C:\windows\system32\drivers\qwavedrv.sys]

Service RasAcd [C:\windows\System32\DRIVERS\rasacd.sys]

Service RasAgileVpn [C:\windows\system32\DRIVERS\AgileVpn.sys]

Service RasAuto [C:\windows\System32\rasauto.dll]

Service Rasl2tp [C:\windows\system32\DRIVERS\rasl2tp.sys]

Service RasMan [C:\windows\System32\rasmans.dll]

Service RasPppoe [C:\windows\system32\DRIVERS\raspppoe.sys]

Service RasSstp [C:\windows\system32\DRIVERS\rassstp.sys]

Service rdbss [C:\windows\system32\DRIVERS\rdbss.sys]

Service rdpbus [C:\windows\system32\DRIVERS\rdpbus.sys]

Service RDPCDD [C:\windows\System32\DRIVERS\RDPCDD.sys]

Service RDPDD [???]

Service RDPENCDD [C:\windows\system32\drivers\rdpencdd.sys]

Service RDPNP [???]

Service RDPREFMP [C:\windows\system32\drivers\rdprefmp.sys]

Service RDPUDD [???]

Service RdpVideoMiniport [C:\windows\System32\drivers\rdpvideominiport.sys]

Service RDPWD [C:\windows\System32\Drivers\RDPWD.sys]

Service rdyboost [C:\windows\System32\drivers\rdyboost.sys]

Service RemoteAccess [C:\windows\System32\mprdim.dll]

Service RemoteRegistry [C:\windows\system32\regsvc.dll]

Service Rezip [C:\windows\SysWOW64\Rezip.exe]

Service RFCOMM [C:\windows\system32\DRIVERS\rfcomm.sys]

Service RpcEptMapper [C:\windows\System32\RpcEpMap.dll]

Service RpcLocator [C:\windows\system32\locator.exe]

Service RpcSs [C:\windows\system32\rpcss.dll]

Service rspndr [C:\windows\system32\DRIVERS\rspndr.sys]

Service RTL8167 [C:\windows\system32\DRIVERS\Rt64win7.sys]

Service rtl819xpn64 [C:\windows\system32\DRIVERS\rtl819xp.sys]

Service SABI [C:\windows\system32\Drivers\SABI.sys]

Service SamSs [C:\windows\system32\lsass.exe]

Service SASDIFSV [C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS]

Service SASKUTIL [C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS]

Service sbp2port [C:\windows\system32\drivers\sbp2port.sys]

Service SCardSvr [C:\windows\System32\SCardSvr.dll]

Service scfilter [C:\windows\System32\DRIVERS\scfilter.sys]

Service Schedule [C:\windows\system32\schedsvc.dll]

Service SCPolicySvc [C:\windows\System32\certprop.dll]

Service SDRSVC [C:\windows\System32\SDRSVC.dll]

Service secdrv [C:\windows\System32\Drivers\secdrv.sys]

Service seclogon [C:\windows\system32\seclogon.dll]

Service SENS [C:\windows\System32\sens.dll]

Service SensrSvc [C:\windows\system32\sensrsvc.dll]

Service Serenum [C:\windows\system32\DRIVERS\serenum.sys]

Service Serial [C:\windows\system32\DRIVERS\serial.sys]

Service sermouse [C:\windows\system32\DRIVERS\sermouse.sys]

Service ServiceModelEndpoint 3.0.0.0 [???]

Service ServiceModelOperation 3.0.0.0 [???]

Service ServiceModelService 3.0.0.0 [???]

Service SessionEnv [C:\windows\system32\sessenv.dll]

Service sffdisk [C:\windows\system32\drivers\sffdisk.sys]

Service sffp_mmc [C:\windows\system32\drivers\sffp_mmc.sys]

Service sffp_sd [C:\windows\system32\drivers\sffp_sd.sys]

Service sfloppy [C:\windows\system32\DRIVERS\sfloppy.sys]

Service SharedAccess [???]

Service ShellHWDetection [C:\windows\System32\shsvcs.dll]

Service SiSRaid2 [C:\windows\system32\DRIVERS\SiSRaid2.sys]

Service SiSRaid4 [C:\windows\system32\DRIVERS\sisraid4.sys]

Service SkypeUpdate [C:\Program Files (x86)\Skype\Updater\Updater.exe]

Service Smb [C:\windows\system32\DRIVERS\smb.sys]

Service SMSvcHost 3.0.0.0 [???]

Service SMSvcHost 4.0.0.0 [???]

Service SNMPTRAP [C:\windows\System32\snmptrap.exe]

Service SolarWinds Information Service [???]

Service SolarWinds Information Service v3 [???]

Service Solarwinds: Job Broker [???]

Service Solarwinds: Job Engine [???]

Service Solarwinds: Job Scheduler [???]

Service spldr [C:\windows\System32\Drivers\spldr.sys]

Service Spooler [C:\windows\System32\spoolsv.exe]

Service sppsvc [C:\windows\system32\sppsvc.exe]

Service sppuinotify [C:\windows\system32\sppuinotify.dll]

Service srv [C:\windows\System32\DRIVERS\srv.sys]

Service srv2 [C:\windows\System32\DRIVERS\srv2.sys]

Service srvnet [C:\windows\System32\DRIVERS\srvnet.sys]

Service SSDPSRV [C:\windows\System32\ssdpsrv.dll]

Service SstpSvc [C:\windows\system32\sstpsvc.dll]

Service Steam Client Service [C:\Program Files (x86)\Common Files\Steam\SteamService.exe]

Service stexstor [C:\windows\system32\DRIVERS\stexstor.sys]

Service stisvc [C:\windows\System32\wiaservc.dll]

Service swenum [C:\windows\system32\drivers\swenum.sys]

Service swprv [C:\windows\System32\swprv.dll]

Service SynTP [C:\windows\system32\DRIVERS\SynTP.sys]

Service SysMain [C:\windows\system32\sysmain.dll]

Service TabletInputService [C:\windows\System32\TabSvc.dll]

Service tap0901t [C:\windows\system32\DRIVERS\tap0901t.sys]

Service TapiSrv [C:\windows\System32\tapisrv.dll]

Service TBS [C:\windows\System32\tbssvc.dll]

Service Tcpip [C:\windows\System32\drivers\tcpip.sys]

Service TCPIP6 [C:\windows\system32\DRIVERS\tcpip.sys]

Service TCPIP6TUNNEL [???]

Service tcpipreg [C:\windows\System32\drivers\tcpipreg.sys]

Service TCPIPTUNNEL [???]

Service TDPIPE [C:\windows\system32\drivers\tdpipe.sys]

Service TDTCP [C:\windows\system32\drivers\tdtcp.sys]

Service tdx [C:\windows\system32\DRIVERS\tdx.sys]

Service TermDD [C:\windows\system32\drivers\termdd.sys]

Service TermService [C:\windows\System32\termsrv.dll]

Service Themes [C:\windows\system32\themeservice.dll]

Service THREADORDER [C:\windows\system32\mmcss.dll]

Service TrkWks [C:\windows\System32\trkwks.dll]

Service TrustedInstaller [C:\windows\servicing\TrustedInstaller.exe]

Service TSDDD [???]

Service tssecsrv [C:\windows\System32\DRIVERS\tssecsrv.sys]

Service TsUsbFlt [C:\windows\system32\drivers\tsusbflt.sys]

Service tunnel [C:\windows\system32\DRIVERS\tunnel.sys]

Service TunngleService [C:\Program Files (x86)\Tunngle\TnglCtrl.exe]

Service uagp35 [C:\windows\system32\DRIVERS\uagp35.sys]

Service udfs [C:\windows\system32\DRIVERS\udfs.sys]

Service UGatherer [???]

Service UGTHRSVC [???]

Service UI0Detect [C:\windows\system32\UI0Detect.exe]

Service uliagpkx [C:\windows\system32\drivers\uliagpkx.sys]

Service umbus [C:\windows\system32\drivers\umbus.sys]

Service UmPass [C:\windows\system32\DRIVERS\umpass.sys]

Service upnphost [C:\windows\System32\upnphost.dll]

Service usbccgp [C:\windows\system32\DRIVERS\usbccgp.sys]

Service usbcir [C:\windows\system32\drivers\usbcir.sys]

Service usbehci [C:\windows\system32\drivers\usbehci.sys]

Service usbhub [C:\windows\system32\DRIVERS\usbhub.sys]

Service usbohci [C:\windows\system32\drivers\usbohci.sys]

Service usbprint [C:\windows\system32\DRIVERS\usbprint.sys]

Service usbscan [C:\windows\system32\DRIVERS\usbscan.sys]

Service USBSTOR [C:\windows\system32\DRIVERS\USBSTOR.SYS]

Service usbuhci [C:\windows\system32\drivers\usbuhci.sys]

Service usbvideo [C:\windows\System32\Drivers\usbvideo.sys]

Service UxSms [C:\windows\System32\uxsms.dll]

Service VaultSvc [C:\windows\system32\lsass.exe]

Service VClone [C:\windows\system32\DRIVERS\VClone.sys]

Service vdrvroot [C:\windows\system32\drivers\vdrvroot.sys]

Service vds [C:\windows\System32\vds.exe]

Service vga [C:\windows\system32\DRIVERS\vgapnp.sys]

Service VgaSave [C:\windows\System32\drivers\vga.sys]

Service vhdmp [C:\windows\system32\drivers\vhdmp.sys]

Service viaide [C:\windows\system32\drivers\viaide.sys]

Service volmgr [C:\windows\system32\drivers\volmgr.sys]

Service volmgrx [C:\windows\System32\drivers\volmgrx.sys]

Service volsnap [C:\windows\system32\drivers\volsnap.sys]

Service vsmraid [C:\windows\system32\DRIVERS\vsmraid.sys]

Service VSS [C:\windows\system32\vssvc.exe]

Service vwifibus [C:\windows\system32\DRIVERS\vwifibus.sys]

Service vwififlt [C:\windows\system32\DRIVERS\vwififlt.sys]

Service W32Time [C:\windows\system32\w32time.dll]

Service W3SVC [???]

Service WacomPen [C:\windows\system32\DRIVERS\wacompen.sys]

Service WANARP [C:\windows\system32\DRIVERS\wanarp.sys]

Service Wanarpv6 [C:\windows\system32\DRIVERS\wanarp.sys]

Service WatAdminSvc [C:\windows\system32\Wat\WatAdminSvc.exe]

Service wbengine [C:\windows\system32\wbengine.exe]

Service WbioSrvc [C:\windows\System32\wbiosrvc.dll]

Service wcncsvc [C:\windows\System32\wcncsvc.dll]

Service WcsPlugInService [C:\windows\System32\WcsPlugInService.dll]

Service Wd [C:\windows\system32\DRIVERS\wd.sys]

Service Wdf01000 [C:\windows\system32\drivers\Wdf01000.sys]

Service WdiServiceHost [C:\windows\system32\wdi.dll]

Service WdiSystemHost [C:\windows\system32\wdi.dll]

Service WebClient [C:\windows\System32\webclnt.dll]

Service Wecsvc [C:\windows\system32\wecsvc.dll]

Service wercplsupport [C:\windows\System32\wercplsupport.dll]

Service WerSvc [C:\windows\System32\WerSvc.dll]

Service WfpLwf [C:\windows\system32\DRIVERS\wfplwf.sys]

Service WIMMount [C:\windows\system32\drivers\wimmount.sys]

Service WinDefend [C:\Program Files]

Service Windows Workflow Foundation 3.0.0.0 [???]

Service Windows Workflow Foundation 4.0.0.0 [???]

Service WinHttpAutoProxySvc [C:\windows\system32\winhttp.dll]

Service Winmgmt [C:\windows\system32\wbem\WMIsvc.dll]

Service WinRM [C:\windows\system32\WsmSvc.dll]

Service Winsock [C:\windows\System32\Drivers\Winsock.sys]

Service WinSock2 [???]

Service Wlansvc [C:\windows\System32\wlansvc.dll]

Service wlidsvc [C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE]

Service WmiAcpi [C:\windows\system32\drivers\wmiacpi.sys]

Service WmiApRpl [???]

Service wmiApSrv [C:\windows\system32\wbem\WmiApSrv.exe]

Service WMPNetworkSvc [C:\Program Files]

Service WPCSvc [C:\windows\System32\wpcsvc.dll]

Service WPDBusEnum [C:\windows\system32\wpdbusenum.dll]

Service ws2ifsl [C:\windows\system32\drivers\ws2ifsl.sys]

Service wscsvc [C:\windows\System32\wscsvc.dll]

Service WSearch [C:\windows\system32\SearchIndexer.exe]

Service WSearchIdxPi [???]

Service WudfPf [C:\windows\system32\drivers\WudfPf.sys]

Service WUDFRd [C:\windows\system32\DRIVERS\WUDFRd.sys]

Service wudfsvc [C:\windows\System32\WUDFSvc.dll]

Service WwanSvc [C:\windows\System32\wwansvc.dll]

Service xmlprov [???]

Service yukonw7 [C:\windows\system32\DRIVERS\yk62x64.sys]

Service {09441B81-8082-4E74-8FE2-1349496457C2} [???]

Service {0B68EF17-ACAA-465A-ABF2-3EEFE42D4825} [???]

Service {0DC333F3-1236-48A7-A746-7ECE86A5344C} [???]

Service {3306564E-47B4-4B4E-A014-1B0FCFDB3390} [???]

Service {3D3748EF-7D7F-414B-8F84-FAF18F822F03} [???]

Service {6A27DD85-AD4F-4EFC-80BB-9DEAE61E7087} [???]

Service {90560AD8-0A7E-4C9B-9535-47FBFCCCC306} [???]

Service {AE054D71-7663-4DC9-9C61-46E0D42679BF} [???]

Scan finished: Wednesday, January 02, 2013 8:19:59 AM

Hidden files found: 0

Hidden registry items found: 0

Hidden processes found: 0

Hidden services found: 0

Hidden boot sectors found: 0

----------

Link to post
Share on other sites

Please download Malwarebytes Anti-Rootkit from here.

  1. Unzip the contents to a folder in a convenient location.
  2. Open the folder where the contents were unzipped and run mbar.exe ( right click and select Run as adminsistrator for Vista and Windows 7)
  3. Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  4. Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  5. Wait while the system shuts down and the cleanup process is performed.
  6. Please post the two logs produced.

Link to post
Share on other sites

BACKDOOR WARNING

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

Help: I Got Hacked. Now What Do I Do?

Help: I Got Hacked. Now What Do I Do? Part II

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please let me know.

Link to post
Share on other sites

Alright, those are completed. It honestly feels like something is still in it though. Explorer.exe was frozen upon startup. I let it sit for about 10 minutes on a black screen before I ctrl/alt/esc'd and killed it with the task manager. Once I restarted it manually it came up after a minute or so. Applications aren't opening in a timely manner either. You open them and it sits at like 113kb of memory for a couple minutes before opening. Don't know if this is part of what I had before or what, but Mbab is no longer sending alerts informing me of blocked .exe's every minute or two. Performing another scan to be safe.

MBAR LOG

Malwarebytes Anti-Rootkit 1.01.0.1011

www.malwarebytes.org

Database version: v2013.01.02.10

Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)

Internet Explorer 9.0.8112.16421

Inochi :: AMBIENCE [administrator]

1/2/2013 7:08:23 PM

mbar-log-2013-01-02 (19-08-23).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P

Scan options disabled:

Objects scanned: 28601

Time elapsed: 1 hour(s), 9 minute(s), 38 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 1

C:\Windows\Installer\{1c2d35eb-1faf-8338-6b0a-547ddef21fe7}\U (Backdoor.0Access) -> Delete on reboot.

Files Detected: 1

C:\Windows\System32\services.exe (Rootkit.0Access) -> Delete on reboot.

(end)

SYSTEM LOG

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.01.0.1011

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

System is currently in a safe mode

Account is Administrative

Internet Explorer version: 9.0.8112.16421

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED

CPU speed: 2.261000 GHz

Memory total: 4141469696, free: 2623381504

------------ Kernel report ------------

01/02/2013 17:56:52

------------ Loaded modules -----------

\SystemRoot\system32\ntoskrnl.exe

\SystemRoot\system32\hal.dll

\SystemRoot\system32\kdcom.dll

\SystemRoot\system32\mcupdate_GenuineIntel.dll

\SystemRoot\system32\PSHED.dll

\SystemRoot\system32\CLFS.SYS

\SystemRoot\system32\CI.dll

\SystemRoot\system32\drivers\Wdf01000.sys

\SystemRoot\system32\drivers\WDFLDR.SYS

\SystemRoot\system32\drivers\ACPI.sys

\SystemRoot\system32\drivers\WMILIB.SYS

\SystemRoot\system32\drivers\msisadrv.sys

\SystemRoot\system32\drivers\pci.sys

\SystemRoot\system32\drivers\vdrvroot.sys

\SystemRoot\System32\drivers\partmgr.sys

\SystemRoot\system32\DRIVERS\compbatt.sys

\SystemRoot\system32\DRIVERS\BATTC.SYS

\SystemRoot\system32\drivers\volmgr.sys

\SystemRoot\System32\drivers\volmgrx.sys

\SystemRoot\System32\drivers\mountmgr.sys

\SystemRoot\system32\DRIVERS\iaStor.sys

\SystemRoot\system32\drivers\atapi.sys

\SystemRoot\system32\drivers\ataport.SYS

\SystemRoot\system32\drivers\msahci.sys

\SystemRoot\system32\drivers\PCIIDEX.SYS

\SystemRoot\system32\drivers\amdxata.sys

\SystemRoot\system32\drivers\fltmgr.sys

\SystemRoot\system32\drivers\fileinfo.sys

\SystemRoot\System32\Drivers\Ntfs.sys

\SystemRoot\System32\Drivers\msrpc.sys

\SystemRoot\System32\Drivers\ksecdd.sys

\SystemRoot\System32\Drivers\cng.sys

\SystemRoot\System32\drivers\pcw.sys

\SystemRoot\System32\Drivers\Fs_Rec.sys

\SystemRoot\system32\drivers\ndis.sys

\SystemRoot\system32\drivers\NETIO.SYS

\SystemRoot\System32\Drivers\ksecpkg.sys

\SystemRoot\System32\drivers\tcpip.sys

\SystemRoot\System32\drivers\fwpkclnt.sys

\SystemRoot\system32\drivers\volsnap.sys

\SystemRoot\System32\drivers\rdyboost.sys

\SystemRoot\System32\Drivers\mup.sys

\SystemRoot\System32\drivers\hwpolicy.sys

\SystemRoot\System32\DRIVERS\fvevol.sys

\SystemRoot\system32\DRIVERS\disk.sys

\SystemRoot\system32\DRIVERS\CLASSPNP.SYS

\SystemRoot\System32\Drivers\Null.SYS

\SystemRoot\System32\Drivers\Beep.SYS

\SystemRoot\System32\drivers\vga.sys

\SystemRoot\System32\drivers\VIDEOPRT.SYS

\SystemRoot\System32\drivers\watchdog.sys

\SystemRoot\system32\drivers\rdpencdd.sys

\SystemRoot\System32\Drivers\Msfs.SYS

\SystemRoot\System32\Drivers\Npfs.SYS

\SystemRoot\system32\DRIVERS\tdx.sys

\SystemRoot\system32\DRIVERS\TDI.SYS

\SystemRoot\system32\drivers\afd.sys

\SystemRoot\System32\Drivers\aswrdr2.sys

\SystemRoot\System32\DRIVERS\netbt.sys

\SystemRoot\system32\drivers\ws2ifsl.sys

\SystemRoot\system32\DRIVERS\wfplwf.sys

\SystemRoot\system32\DRIVERS\pacer.sys

\SystemRoot\system32\DRIVERS\vwififlt.sys

\SystemRoot\system32\DRIVERS\netbios.sys

\SystemRoot\system32\DRIVERS\rdbss.sys

\SystemRoot\system32\drivers\nsiproxy.sys

\SystemRoot\System32\Drivers\dfsc.sys

\SystemRoot\system32\DRIVERS\tunnel.sys

\SystemRoot\system32\drivers\HDAudBus.sys

\SystemRoot\system32\drivers\usbehci.sys

\SystemRoot\system32\drivers\USBPORT.SYS

\SystemRoot\system32\DRIVERS\rtl819xp.sys

\SystemRoot\system32\DRIVERS\vwifibus.sys

\SystemRoot\system32\DRIVERS\yk62x64.sys

\SystemRoot\system32\drivers\i8042prt.sys

\SystemRoot\system32\DRIVERS\kbdclass.sys

\SystemRoot\system32\DRIVERS\SynTP.sys

\SystemRoot\system32\DRIVERS\USBD.SYS

\SystemRoot\system32\DRIVERS\mouclass.sys

\SystemRoot\system32\DRIVERS\cdrom.sys

\SystemRoot\system32\DRIVERS\blbdrive.sys

\SystemRoot\system32\drivers\CompositeBus.sys

\SystemRoot\system32\drivers\mssmbios.sys

\SystemRoot\system32\DRIVERS\AgileVpn.sys

\SystemRoot\system32\DRIVERS\rasl2tp.sys

\SystemRoot\system32\DRIVERS\ndistapi.sys

\SystemRoot\system32\DRIVERS\ndiswan.sys

\SystemRoot\system32\DRIVERS\raspppoe.sys

\SystemRoot\system32\DRIVERS\raspptp.sys

\SystemRoot\system32\DRIVERS\rassstp.sys

\SystemRoot\system32\DRIVERS\tap0901t.sys

\SystemRoot\system32\drivers\termdd.sys

\SystemRoot\system32\DRIVERS\VClone.sys

\SystemRoot\system32\DRIVERS\SCSIPORT.SYS

\SystemRoot\system32\drivers\swenum.sys

\SystemRoot\system32\drivers\ks.sys

\SystemRoot\system32\drivers\umbus.sys

\SystemRoot\system32\DRIVERS\usbhub.sys

\SystemRoot\System32\Drivers\NDProxy.SYS

\SystemRoot\System32\win32k.sys

\SystemRoot\System32\drivers\Dxapi.sys

\SystemRoot\system32\DRIVERS\usbccgp.sys

\SystemRoot\System32\Drivers\crashdmp.sys

\SystemRoot\System32\Drivers\dump_iaStor.sys

\SystemRoot\System32\Drivers\dump_dumpfve.sys

\SystemRoot\System32\drivers\dxg.sys

\SystemRoot\system32\DRIVERS\hidusb.sys

\SystemRoot\system32\DRIVERS\HIDCLASS.SYS

\SystemRoot\system32\DRIVERS\HIDPARSE.SYS

\SystemRoot\system32\DRIVERS\mouhid.sys

\SystemRoot\System32\TSDDD.dll

\SystemRoot\system32\DRIVERS\kbdhid.sys

\SystemRoot\System32\framebuf.dll

\SystemRoot\system32\DRIVERS\nwifi.sys

\SystemRoot\system32\DRIVERS\ndisuio.sys

\SystemRoot\system32\DRIVERS\bowser.sys

\SystemRoot\System32\drivers\mpsdrv.sys

\SystemRoot\system32\DRIVERS\mrxsmb.sys

\SystemRoot\system32\DRIVERS\mrxsmb10.sys

\SystemRoot\system32\DRIVERS\mrxsmb20.sys

\??\C:\windows\system32\drivers\mbamchameleon.sys

\??\C:\windows\system32\drivers\mbamswissarmy.sys

\Windows\System32\ntdll.dll

\Windows\System32\smss.exe

\Windows\System32\apisetschema.dll

\Windows\System32\autochk.exe

\Windows\System32\oleaut32.dll

\Windows\System32\difxapi.dll

\Windows\System32\usp10.dll

----------- End -----------

<<<1>>>

Upper Device Name: \Device\Harddisk0\DR0

Upper Device Object: 0xfffffa800459e060

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\Ide\IAAStorageDevice-1\

Lower Device Object: 0xfffffa80042cf050

Lower Device Driver Name: \Driver\iaStor\

Driver name found: iaStor

DriverEntry returned 0x0

Function returned 0x0

Downloaded database version: v2013.01.02.10

Downloaded database version: v2012.12.27.02

Initializing...

Done!

<<<2>>>

Device number: 0, partition: 3

Physical Sector Size: 512

Drive: 0, DevicePointer: 0xfffffa800459e060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa800459eb90, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa800459e060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa80042cf050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\

------------ End ----------

Upper DeviceData: 0xfffff8a015090220, 0xfffffa800459e060, 0xfffffa80071fb530

Lower DeviceData: 0xfffff8a00526f970, 0xfffffa80042cf050, 0xfffffa80070fce40

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Scanning directory: C:\windows\system32\drivers...

Done!

Drive 0

Scanning MBR on drive 0...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: EFF70B78

Partition information:

Partition 0 type is Other (0x27)

Partition is NOT ACTIVE.

Partition starts at LBA: 2048 Numsec = 31457280

Partition 1 type is Primary (0x7)

Partition is ACTIVE.

Partition starts at LBA: 31459328 Numsec = 204800

Partition file system is NTFS

Partition is bootable

Partition 2 type is Primary (0x7)

Partition is NOT ACTIVE.

Partition starts at LBA: 31664128 Numsec = 945104896

Partition 3 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Disk Size: 500107862016 bytes

Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...

Done!

Performing system, memory and registry scan...

Infected: C:\Windows\System32\services.exe --> [Rootkit.0Access]

Backup file found for a file C:\Windows\System32\services.exe

Infected: C:\Windows\Installer\{1c2d35eb-1faf-8338-6b0a-547ddef21fe7}\U --> [backdoor.0Access]

Done!

Scan finished

Creating System Restore point...

Could not create restore point...

Scheduling clean up...

<<<2>>>

Device number: 0, partition: 3

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Removal scheduling successful. System shutdown needed.

System shutdown occurred

=======================================

Link to post
Share on other sites

This was the missing Mbam log from this morning. It's not showing the 2 Sirefef infections because it was unable to do anything with them. Ran Mbar, and it detected nothing. Running another Mbam to try and get a screenie of it. From what the log looks like it's going after my Mbam.

Malwarebytes Anti-Malware (Trial) 1.70.0.1100

www.malwarebytes.org

Database version: v2013.01.02.06

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Inochi :: AMBIENCE [administrator]

Protection: Enabled

1/2/2013 10:05:23 PM

mbam-log-2013-01-02 (22-05-23).txt

Scan type: Full scan (C:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 377243

Time elapsed: 5 hour(s), 5 minute(s), 34 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 2

C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\services.exe_kernel.mbam (Rootkit.0Access) -> Quarantined and deleted successfully.

C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\services.exe_user.mbam (Rootkit.0Access) -> Quarantined and deleted successfully.

(end)

Link to post
Share on other sites

We still have some work to do.

Note: Please do not run this tool without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please post the C:\ComboFix.txt in your next reply for further review.

Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Link to post
Share on other sites

  • 2 weeks later...

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.