ellabo Posted January 16, 2013 ID:635189 Share Posted January 16, 2013 Hello Charlie,I used to be a big fan and I haven't had many problems since I learnt from your logs (~10y ago).Just now while trying to download the dds chrome didnt let methen I dowloaded it from chrome and ran it and Windows 7 told me PVC.* had stoppedthen I got my 2 logs in notepad++My internet has been extremely slow and my browsers have ben (not response) waaaay more than normal since a month ago when I downloaded a torrent and dbl clicked on an exe file that was supposed to setup the codec (I know Im an idiot).Here are the logs.UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows 7 Ultimate Boot Device: \Device\HarddiskVolume1Install Date: 1/31/2011 10:26:48 AMSystem Uptime: 1/8/2013 4:48:13 PM (174 hours ago).Motherboard: LENOVO | | Base Board Product NameProcessor: Intel® Core i5 CPU M 450 @ 2.40GHz | CPU | 2400/1066mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 254 GiB total, 177.871 GiB free.D: is FIXED (NTFS) - 29 GiB total, 28.139 GiB free.E: is CDROM ()F: is Removable.==== Disabled Device Manager Items =============.Class GUID: Description: Device ID: ACPI\VPC2004\0Manufacturer: Name: PNP Device ID: ACPI\VPC2004\0Service: .==== System Restore Points ===================.RP136: 12/14/2012 3:00:14 AM - Windows UpdateRP137: 12/14/2012 5:21:19 PM - Restore OperationRP138: 12/15/2012 5:19:22 PM - Windows UpdateRP139: 12/16/2012 2:05:34 AM - Removed Autologon from USA.NET 01/29/2010.RP140: 1/10/2013 1:58:27 AM - Scheduled Checkpoint.==== Installed Programs ======================.Adobe Flash Player 11 ActiveXAdobe Flash Player 11 PluginAdobe Reader 9.5.2Autologon from USA.NET 01/29/2010BitLord 2.1Commandos 2: Men of CourageCommandos Strike ForceCutePDF Writer 2.7Definition Update for Microsoft Office 2010 (KB982726) 32-Bit EditionDropboxFacebook Video Calling 1.2.0.159FileZilla Client 3.5.3FileZilla ServerGoogle ChromeGoogle Talk (remove only)Google Talk PluginGoToMeeting 5.3.0.977GTK+ Runtime 2.14.7 rev a (remove only)HUDIntel® Graphics Media Accelerator DriverIntelliJ IDEA 9.0.1iRise® Reader v8.8.1.0 (Build:34598)J2SE Runtime Environment 5.0 Update 11Java 7 Update 9Java Auto UpdaterJava 6 Update 24Java SE Development Kit 6Java SE Runtime Environment 6JavaFX 2.1.1Juniper Networks Setup Client Activex ControlKaspersky Anti-Virus 6.0 for Windows WorkstationsLenovo_Wireless_DriverLinkPoint for SalesforceMalwarebytes' Anti-Malware version 1.51.2.1300Microsoft .NET Framework 4 Client ProfileMicrosoft Office 2010 Service Pack 1 (SP1)Microsoft Office Access MUI (English) 2010Microsoft Office Access Setup Metadata MUI (English) 2010Microsoft Office Excel MUI (English) 2010Microsoft Office Groove MUI (English) 2010Microsoft Office InfoPath MUI (English) 2010Microsoft Office Live Meeting 2007Microsoft Office Office 64-bit Components 2010Microsoft Office Office Subscription (English) 2010Microsoft Office OneNote MUI (English) 2010Microsoft Office Outlook MUI (English) 2010Microsoft Office PowerPoint MUI (English) 2010Microsoft Office Professional Plus 2010Microsoft Office Professional Plus Subscription 2010Microsoft Office Proof (English) 2010Microsoft Office Proof (French) 2010Microsoft Office Proof (Spanish) 2010Microsoft Office Proofing (English) 2010Microsoft Office Publisher MUI (English) 2010Microsoft Office Shared 64-bit MUI (English) 2010Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010Microsoft Office Shared MUI (English) 2010Microsoft Office Shared Setup Metadata MUI (English) 2010Microsoft Office Word MUI (English) 2010Microsoft Online Services Sign-in AssistantMicrosoft SilverlightMicrosoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Mobile Broadband Generic DriversMozilla Firefox 17.0.1 (x86 en-US)Mozilla Maintenance ServiceMSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)MySQL Server 5.5MySQL Tools for 5.0Notepad++OpenOffice.org 3.4.1PidginQlikViewRealtek Ethernet Controller Driver For Windows Vista and LaterSalesforce Outlook Edition 3Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit EditionSecurity Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit EditionSecurity Update for Microsoft InfoPath 2010 (KB2687436) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2553091)Security Update for Microsoft Office 2010 (KB2553096)Security Update for Microsoft Office 2010 (KB2553371) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2553447) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2589320) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2597986) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2598243) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2687501) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2687510) 32-Bit EditionSecurity Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit EditionSecurity Update for Microsoft SharePoint Workspace 2010 (KB2566445)Security Update for Microsoft Visio 2010 (KB2687508) 32-Bit EditionSecurity Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit EditionSecurity Update for Microsoft Word 2010 (KB2760410) 32-Bit EditionSkype ToolbarsSkype™ 6.0SnagIt 8Software Version UpdaterSpybot - Search & DestroyTrillianUpdate for Microsoft .NET Framework 4 Client Profile (KB2468871)Update for Microsoft .NET Framework 4 Client Profile (KB2533523)Update for Microsoft .NET Framework 4 Client Profile (KB2600217)Update for Microsoft Office 2010 (KB2553065)Update for Microsoft Office 2010 (KB2553092)Update for Microsoft Office 2010 (KB2553181) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2553267) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2553310) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2566458)Update for Microsoft Office 2010 (KB2596964) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2597091) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2598242) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2687509) 32-Bit EditionUpdate for Microsoft OneNote 2010 (KB2553290) 32-Bit EditionUpdate for Microsoft OneNote 2010 (KB2589345) 32-Bit EditionUpdate for Microsoft OneNote 2010 (KB2687277) 32-Bit EditionUpdate for Microsoft Outlook 2010 (KB2687623) 32-Bit EditionUpdate for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit EditionUpdate for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit EditionVaudiXVerizon Wireless MiFi-2200 Firmware UpdatesVLC media player 1.0.5WinRAR 4.20 (32-bit)WinSCP 5.1.1Yontoo Layers Runtime 1.10.01.==== End Of File ===========================DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: BrowserJavaVersion: 10.9.2Run by Matias Lavista at 22:33:59 on 2013-01-15Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3895.1657 [GMT -5:00].AV: Kaspersky Anti-Virus *Disabled/Updated* {AE1D740B-8F0F-D137-211D-873D44B3F4AE}SP: Kaspersky Anti-Virus *Disabled/Updated* {157C95EF-A935-DEB9-1BAD-BC4F3F34BE13}SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}FW: Kaspersky Anti-Virus *Disabled* {9626F52E-C560-D06F-0A42-2E08BA60B3D5}.============== Running Processes ===============.C:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Program Files (x86)\FileZilla Server\FileZilla Server.exeC:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exeC:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXEC:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\osa.exeC:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSvcm.exeC:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exeC:\Windows\system32\WUDFHost.exeC:\Windows\system32\sppsvc.exeC:\Windows\system32\SearchIndexer.exeC:\Windows\system32\taskhost.exeC:\Windows\system32\Dwm.exeC:\Windows\System32\igfxtray.exeC:\Windows\System32\hkcmd.exeC:\Windows\System32\igfxpers.exeC:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\osaui.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXEC:\Windows\system32\taskeng.exeC:\ProgramData\Premium\VaudiX\VaudiX.exeC:\Windows\SysWOW64\rundll32.exeC:\Windows\explorer.exeC:\Users\Matias Lavista\AppData\Local\Google\Chrome\Application\chrome.exeC:\Windows\system32\svchost.exe -k imgsvcC:\Windows\system32\taskhost.exeC:\Windows\system32\igfxsrvc.exeC:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exeC:\Users\Matias Lavista\AppData\Roaming\LinkPoint360\Bin\LinkPointAssist.exeC:\Program Files (x86)\Citrix\GoToMeeting\880\g2mstart.exeC:\Program Files (x86)\Citrix\GoToMeeting\880\g2mcomm.exeC:\Program Files (x86)\Citrix\GoToMeeting\880\g2mlauncher.exeC:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exeC:\Program Files (x86)\Notepad++\notepad++.exeC:\Users\Matias Lavista\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Matias Lavista\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Matias Lavista\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Matias Lavista\AppData\Local\Google\Chrome\Application\chrome.exe"C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDnsC:\Users\Matias Lavista\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Matias Lavista\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Matias Lavista\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Matias Lavista\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exeC:\Windows\sysWOW64\wbem\wmiprvse.exeC:\Program Files (x86)\Mozilla Firefox\firefox.exeC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exeC:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exeC:\Windows\system32\SearchProtocolHost.exeC:\Windows\system32\SearchFilterHost.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\System32\cscript.exe.============== Pseudo HJT Report ===============.mWinlogon: Userinit = userinit.exe,BHO: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\SnagIt 8\SnagItBHO.dllBHO: Vaudix Class: {4C7EFD27-261A-A7A1-852F-416904A85640} - C:\ProgramData\Vaudix\50cd03a0464c7.ocxBHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLLBHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLLmRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe"mRun: [OfficeSubscriptionAgent] "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\osaui.exe"mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServicesStartupFolder: C:\Users\MATIAS~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exemPolicies-Explorer: NoActiveDesktop = dword:1mPolicies-Explorer: NoActiveDesktopChanges = dword:1mPolicies-System: ConsentPromptBehaviorAdmin = dword:5mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableUIADesktopToggle = dword:0IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dllIE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dllLSP: mswsock.dll.INFO: HKLM has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option..DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cabDPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cabTCP: NameServer = 192.168.1.1TCP: Interfaces\{715E275A-E9E5-4156-90F2-9A7473D9C54E} : DHCPNameServer = 192.168.1.1TCP: Interfaces\{715E275A-E9E5-4156-90F2-9A7473D9C54E}\3474C44533 : DHCPNameServer = 192.168.1.1 71.243.0.12TCP: Interfaces\{715E275A-E9E5-4156-90F2-9A7473D9C54E}\8455053343 : DHCPNameServer = 151.197.0.38 151.203.0.84TCP: Interfaces\{715E275A-E9E5-4156-90F2-9A7473D9C54E}\F5967457563747 : DHCPNameServer = 204.124.196.118 204.124.196.119TCP: Interfaces\{EB5711B4-4335-405D-A346-59FDB92BCDD1} : DHCPNameServer = 192.168.43.129TCP: Interfaces\{F237DD5D-20AD-48E6-9BCA-1E7C727F07C6} : DHCPNameServer = 10.8.128.30Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLLHandler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dllAppInit_DLLs= c:\progra~2\kasper~1\kasper~1.0fo\adialhk.dll c:\progra~2\vaudix\sprote~1.dllSSODL: WebCheck - <orphaned>SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLLLSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u msoidsspx64-BHO: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\SnagIt 8\DLLx64\SnagItBHO64.dllx64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLLx64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLLx64-Run: [igfxTray] C:\Windows\System32\igfxtray.exex64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exex64-Run: [Persistence] C:\Windows\System32\igfxpers.exex64-IE: {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - {85E0B171-04FA-11D1-B7DA-00A0C90348D6}x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dllx64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll.INFO: x64-HKLM has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option..x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLLx64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>x64-Notify: igfxcui - igfxdev.dllx64-SSODL: WebCheck - <orphaned>x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLLHosts: 127.0.0.1 www.spywareinfo.com.================= FIREFOX ===================.FF - ProfilePath - C:\Users\Matias Lavista\AppData\Roaming\Mozilla\Firefox\Profiles\epq5ncuw.default\FF - prefs.js: browser.search.defaulturl - FF - prefs.js: browser.search.selectedEngine - GoogleFF - prefs.js: keyword.URL - FF - prefs.js: browser.startup.homepage - FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLLFF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLLFF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dllFF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dllFF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dllFF - plugin: C:\Users\Matias Lavista\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dllFF - plugin: C:\Users\Matias Lavista\AppData\Roaming\Mozilla\plugins\npgoogletalk.dllFF - plugin: C:\Users\Matias Lavista\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dllFF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dllFF - plugin: C:\Windows\SysWOW64\npDeployJava1.dllFF - plugin: C:\Windows\SysWOW64\npmproxy.dllFF - ExtSQL: 2012-12-17 10:22; 50cd03a046335@50cd03a04636f.com; C:\Users\Matias Lavista\AppData\Roaming\Mozilla\Firefox\Profiles\epq5ncuw.default\extensions\50cd03a046335@50cd03a04636f.com.============= SERVICES / DRIVERS ===============.R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2009-9-14 27152]R2 msoidsvc;Microsoft Online Services Sign-in Assistant;C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [2010-8-17 2024864]R2 osubsvc;Microsoft Office 2010 Subscription Agent;C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\osa.exe [2011-11-16 493384]R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-1-31 1153368]R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2009-9-17 56344]R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-2-26 158976]R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-2-3 271872]R3 KLFLTDEV;Kaspersky Lab KLFltDev;C:\Windows\System32\drivers\klfltdev.sys [2009-9-3 30736]S2 AVP;Kaspersky Anti-Virus 6.0;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe [2009-9-22 315736]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944]S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2012-9-19 102368]S3 NWUSBCDFIL64;Novatel Wireless Installation CD;C:\Windows\System32\drivers\NwUsbCdFil64.sys [2009-12-18 25600]S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;C:\Windows\System32\drivers\nwusbser2.sys [2009-12-18 213376]S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-8-1 239616]S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-7-9 1255736].=============== File Associations ===============.FileExt: .txt: Applications\notepad++.exe="C:\Program Files (x86)\Notepad++\notepad++.exe" "%1" [userChoice].=============== Created Last 30 ================..==================== Find3M ====================.2013-01-10 07:01:03 74248 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2013-01-10 07:01:03 697864 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe2012-12-16 07:04:32 328192 ----a-w- C:\Windows\System32\services.exe2012-12-10 15:56:47 60304 ----a-w- C:\Users\Matias Lavista\g2mdlhlpx.exe2012-11-28 05:08:16 98304 ----a-w- C:\Windows\SysWow64\CmdLineExt.dll2012-11-22 08:20:36 3147264 ----a-w- C:\Windows\System32\win32k.sys2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb2012-11-09 05:34:27 2048 ----a-w- C:\Windows\System32\tzres.dll2012-11-09 04:49:37 2048 ----a-w- C:\Windows\SysWow64\tzres.dll2012-11-05 16:25:51 46080 ----a-w- C:\Windows\System32\atmlib.dll2012-11-05 14:17:16 367616 ----a-w- C:\Windows\System32\atmfd.dll2012-11-05 14:03:21 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll2012-11-05 14:03:13 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll2012-11-02 05:27:51 478208 ----a-w- C:\Windows\System32\dpnet.dll2012-11-02 04:48:28 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll.============= FINISH: 22:35:12.44 =============== Link to post Share on other sites More sharing options...
MrCharlie Posted January 16, 2013 ID:635196 Share Posted January 16, 2013 Welcome to the forum and thanks for posting over here.The forum software is so messed up over there that it's ridiculous.~~~~~~~~~~~~~~~~~~~~~~~~~~~~Please remove any usb or external drives from the computer before you run this scan!Please download and run RogueKiller to your desktop.http://tigzy.geeksto...ueKillerX64.exe <------use this oneQuit all running programs.For Windows XP, double-click to start.For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.Click Scan to scan the system.When the scan completes > Close out the program > Don't Fix anything!Don't run any other options, they're not all bad!!!!!!!Post back the report which should be located on your desktop.MrCPlease don't run any other scans, download, install or uninstall any programs while I'm working with you.Please stick with me until I give you the "all clear".------->Your topic will be closed if you haven't replied within 3 days!<--------(If I don't respond within 24 hours, please send me a PM) Link to post Share on other sites More sharing options...
ellabo Posted January 17, 2013 Author ID:635383 Share Posted January 17, 2013 Here are the logs for RogueKiller, after posting the initial dds I ran your MalwareBytes anit- Malware and cleaned some trojans (after a quick scan) . I have added the log of the quick scan and fixes belowRogueKiller V8.4.3 _x64_ [Jan 10 2013] by Tigzymail : tigzyRK<at>gmail<dot>comFeedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/Website : http://tigzy.geekstogo.com/roguekiller.phpBlog : http://tigzyrk.blogspot.com/Operating System : Windows 7 (6.1.7600 ) 64 bits versionStarted in : Normal modeUser : Matias Lavista [Admin rights]Mode : Scan -- Date : 01/16/2013 20:52:19¤¤¤ Bad processes : 0 ¤¤¤¤¤¤ Registry Entries : 3 ¤¤¤[TASK][sUSP PATH] VaudiXUpdaterTask{027D5710-2CC0-4AC7-B858-CCEB157C498A}.job : C:\ProgramData\Premium\VaudiX\VaudiX.exe /schedule /profilepath "C:\ProgramData\Premium\VaudiX\profile.ini" -> FOUND[HJ DESK] HKLM\[...]\Services\Microsoft\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND[HJ DESK] HKLM\[...]\Services\Microsoft\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND¤¤¤ Particular Files / Folders: ¤¤¤[ZeroAccess][FILE] @ : C:\Windows\Installer\{e64409d8-d901-5c90-4107-a2860ecb0be5}\@ --> FOUND[ZeroAccess][FOLDER] U : C:\Windows\Installer\{e64409d8-d901-5c90-4107-a2860ecb0be5}\U --> FOUND[ZeroAccess][FOLDER] L : C:\Windows\Installer\{e64409d8-d901-5c90-4107-a2860ecb0be5}\L --> FOUND[ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_64\Desktop.ini --> FOUND[susp.ASLR][FILE] services.exe : C:\Windows\system32\services.exe --> FOUND¤¤¤ Driver : [NOT LOADED] ¤¤¤¤¤¤ Infection : ZeroAccess ¤¤¤¤¤¤ HOSTS File: ¤¤¤--> C:\Windows\system32\drivers\etc\hosts127.0.0.1 www.007guard.com127.0.0.1 007guard.com127.0.0.1 008i.com127.0.0.1 www.008k.com127.0.0.1 008k.com127.0.0.1 www.00hq.com127.0.0.1 00hq.com127.0.0.1 010402.com127.0.0.1 www.032439.com127.0.0.1 032439.com127.0.0.1 www.0scan.com127.0.0.1 0scan.com127.0.0.1 1000gratisproben.com127.0.0.1 www.1000gratisproben.com127.0.0.1 1001namen.com127.0.0.1 www.1001namen.com127.0.0.1 100888290cs.com127.0.0.1 www.100888290cs.com127.0.0.1 www.100sexlinks.com127.0.0.1 100sexlinks.com[...]¤¤¤ MBR Check: ¤¤¤+++++ PhysicalDrive0: HITACHI HTS545032B9A300 ATA Device +++++--- User ---[MBR] 152bce06c118cbe1a41459499fa01671[bSP] e0edb1201e09ce86fbd6867b0009f5d0 : Windows 7/8 MBR CodePartition table:0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 260343 Mo2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 533389312 | Size: 29692 Mo3 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 594198528 | Size: 15109 MoUser = LL1 ... OK!User = LL2 ... OK!Finished : << RKreport[1]_S_01162013_02d2052.txt >>RKreport[1]_S_01162013_02d2052.txtMalwarebytes Anti-Malware 1.70.0.1100www.malwarebytes.orgDatabase version: v2013.01.16.07Windows 7 x64 NTFSInternet Explorer 9.0.8112.16421Matias Lavista :: MLAVISTA [administrator]1/16/2013 1:01:41 PMmbam-log-2013-01-16 (13-01-41).txtScan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 236197Time elapsed: 4 minute(s), 18 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 6HKCR\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9} (PUP.Software.Updater) -> No action taken.HKCR\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476} (PUP.Software.Updater) -> No action taken.HKCR\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67} (PUP.Software.Updater) -> No action taken.HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96} (PUP.Software.Updater) -> No action taken.HKCR\Updater.AmiUpd.1 (PUP.Software.Updater) -> No action taken.HKCR\Updater.AmiUpd (PUP.Software.Updater) -> No action taken.Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 19C:\Users\Matias Lavista\AppData\Local\SwvUpdater\Updater.exe (PUP.Software.Updater) -> No action taken.C:\Users\Matias Lavista\AppData\Local\Temp\f1dc5ab2e4da80e30b91e5151d8cd109\DirectDownloaderInstaller.exe (Adware.DirectDownloader) -> Quarantined and deleted successfully.C:\Users\Matias Lavista\AppData\Local\Temp\f1dc5ab2e4da80e30b91e5151d8cd109\downloaderDDLR.exe (Trojan.DirectDownloader) -> Quarantined and deleted successfully.C:\Users\Matias Lavista\AppData\Local\Temp\f1dc5ab2e4da80e30b91e5151d8cd109\downloaderOFFER0.exe (Trojan.DirectDownloader) -> Quarantined and deleted successfully.C:\Users\Matias Lavista\AppData\Local\Temp\f1dc5ab2e4da80e30b91e5151d8cd109\downloaderOFFER1.exe (Trojan.DirectDownloader) -> Quarantined and deleted successfully.C:\Users\Matias Lavista\AppData\Local\Temp\f1dc5ab2e4da80e30b91e5151d8cd109\downloaderOFFER2.exe (Trojan.DirectDownloader) -> Quarantined and deleted successfully.C:\Users\Matias Lavista\AppData\Local\Temp\f1dc5ab2e4da80e30b91e5151d8cd109\downloaderSTUB.exe (Trojan.DirectDownloader) -> Quarantined and deleted successfully.C:\Users\Matias Lavista\AppData\Local\Temp\f1dc5ab2e4da80e30b91e5151d8cd109\preinstaller.exe (Trojan.DirectDownloader) -> Quarantined and deleted successfully.C:\Users\Matias Lavista\AppData\Local\Temp\f1dc5ab2e4da80e30b91e5151d8cd109\pricepeep.exe (Adware.Shopper) -> Quarantined and deleted successfully.C:\Users\Matias Lavista\AppData\Local\Temp\f1dc5ab2e4da80e30b91e5151d8cd109\stub.exe (Trojan.Agent) -> Quarantined and deleted successfully.C:\Users\Matias Lavista\AppData\Local\Temp\f1dc5ab2e4da80e30b91e5151d8cd109\updater.exe (PUP.BitCoinMiner) -> Quarantined and deleted successfully.C:\Users\Matias Lavista\Downloads\CATCH_22_-_Joseph_Heller._Read_by_Wolfram_Kandinsky.exe (Adware.DirectDownloader) -> Quarantined and deleted successfully.C:\Users\Matias Lavista\Downloads\Intellij-idea-ultimate-edition-9_0_1_exe.exe (Adware.DirectDownloader) -> Quarantined and deleted successfully.C:\Users\Matias Lavista\Downloads\openoffice setup.exe (PUP.AdBundle) -> Quarantined and deleted successfully.C:\Users\Matias Lavista\Local Settings\Temporary Internet Files\Content.IE5\OF28C15Z\50cd03a05ca36[1].exe (PUP.FakePlug) -> Quarantined and deleted successfully.C:\Windows\Installer\{e64409d8-d901-5c90-4107-a2860ecb0be5}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.C:\Windows\Installer\{e64409d8-d901-5c90-4107-a2860ecb0be5}\U\000000cb.@ (Rootkit.0Access) -> Quarantined and deleted successfully.C:\Windows\Installer\{e64409d8-d901-5c90-4107-a2860ecb0be5}\U\80000032.@ (Trojan.Clicker) -> Quarantined and deleted successfully.C:\Windows\Tasks\AmiUpdXp.job (PUP.Software.Updater) -> Quarantined and deleted successfully.(end) Link to post Share on other sites More sharing options...
ellabo Posted January 17, 2013 Author ID:635387 Share Posted January 17, 2013 Here are new dds and attach after the cleansing of the Malwarebytes mentioned aboveDDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: BrowserJavaVersion: 10.9.2Run by Matias Lavista at 21:02:31 on 2013-01-16Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3895.1870 [GMT -5:00].AV: Kaspersky Anti-Virus *Disabled/Updated* {AE1D740B-8F0F-D137-211D-873D44B3F4AE}SP: Kaspersky Anti-Virus *Disabled/Updated* {157C95EF-A935-DEB9-1BAD-BC4F3F34BE13}SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}FW: Kaspersky Anti-Virus *Disabled* {9626F52E-C560-D06F-0A42-2E08BA60B3D5}.============== Running Processes ===============.C:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\spoolsv.exeC:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exeC:\Windows\System32\svchost.exe -k LocalServiceNoNetworkC:\Program Files (x86)\FileZilla Server\FileZilla Server.exeC:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exeC:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXEC:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSvcm.exeC:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\osa.exeC:\Windows\system32\svchost.exe -k imgsvcC:\Windows\system32\WUDFHost.exeC:\Windows\system32\taskhost.exeC:\Windows\system32\sppsvc.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\System32\igfxtray.exeC:\Windows\System32\hkcmd.exeC:\Windows\System32\igfxpers.exeC:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exeC:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\osaui.exeC:\Program Files (x86)\OpenOffice.org 3\program\soffice.exeC:\Program Files (x86)\OpenOffice.org 3\program\soffice.binC:\Windows\system32\SearchIndexer.exeC:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXEC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Program Files (x86)\Citrix\GoToMeeting\977\g2mstart.exeC:\Program Files (x86)\Citrix\GoToMeeting\977\g2mcomm.exeC:\Program Files (x86)\Citrix\GoToMeeting\977\g2mlauncher.exeC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exeC:\Windows\sysWOW64\wbem\wmiprvse.exeC:\Users\Matias Lavista\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Matias Lavista\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Matias Lavista\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Matias Lavista\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Matias Lavista\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Matias Lavista\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Users\Matias Lavista\AppData\Local\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Notepad++\notepad++.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\System32\cscript.exe.============== Pseudo HJT Report ===============.mWinlogon: Userinit = userinit.exe,BHO: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\SnagIt 8\SnagItBHO.dllBHO: Vaudix Class: {4C7EFD27-261A-A7A1-852F-416904A85640} - C:\ProgramData\Vaudix\50cd03a0464c7.ocxBHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLLBHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLLmRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe"mRun: [OfficeSubscriptionAgent] "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\osaui.exe"mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServicesStartupFolder: C:\Users\MATIAS~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exemPolicies-Explorer: NoActiveDesktop = dword:1mPolicies-Explorer: NoActiveDesktopChanges = dword:1mPolicies-Explorer: NoDriveTypeAutoRun_KL_notset = dword:1mPolicies-Explorer: NoDriveTypeAutoRun = dword:255mPolicies-System: ConsentPromptBehaviorAdmin = dword:5mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableUIADesktopToggle = dword:0IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\ie_banner_deny.htmIE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dllIE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dllLSP: mswsock.dll.INFO: HKLM has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option..DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cabDPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cabTCP: NameServer = 192.168.1.1TCP: Interfaces\{715E275A-E9E5-4156-90F2-9A7473D9C54E} : DHCPNameServer = 192.168.1.1TCP: Interfaces\{715E275A-E9E5-4156-90F2-9A7473D9C54E}\3474C44533 : DHCPNameServer = 192.168.1.1 71.243.0.12TCP: Interfaces\{715E275A-E9E5-4156-90F2-9A7473D9C54E}\8455053343 : DHCPNameServer = 151.197.0.38 151.203.0.84TCP: Interfaces\{715E275A-E9E5-4156-90F2-9A7473D9C54E}\F5967457563747 : DHCPNameServer = 204.124.196.118 204.124.196.119TCP: Interfaces\{EB5711B4-4335-405D-A346-59FDB92BCDD1} : DHCPNameServer = 192.168.43.129TCP: Interfaces\{F237DD5D-20AD-48E6-9BCA-1E7C727F07C6} : DHCPNameServer = 10.8.128.30Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLLHandler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dllAppInit_DLLs= c:\progra~2\kasper~1\kasper~1.0fo\adialhk.dll c:\progra~2\vaudix\sprote~1.dllSSODL: WebCheck - <orphaned>SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLLLSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u msoidsspx64-BHO: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\SnagIt 8\DLLx64\SnagItBHO64.dllx64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLLx64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLLx64-Run: [igfxTray] C:\Windows\System32\igfxtray.exex64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exex64-Run: [Persistence] C:\Windows\System32\igfxpers.exex64-IE: {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - {85E0B171-04FA-11D1-B7DA-00A0C90348D6}x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dllx64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll.INFO: x64-HKLM has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option..x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLLx64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>x64-Notify: igfxcui - igfxdev.dllx64-SSODL: WebCheck - <orphaned>x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLLHosts: 127.0.0.1 www.spywareinfo.com.================= FIREFOX ===================.FF - ProfilePath - C:\Users\Matias Lavista\AppData\Roaming\Mozilla\Firefox\Profiles\epq5ncuw.default\FF - prefs.js: browser.search.defaulturl - FF - prefs.js: browser.search.selectedEngine - GoogleFF - prefs.js: keyword.URL - FF - prefs.js: browser.startup.homepage - FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLLFF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLLFF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dllFF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dllFF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dllFF - plugin: C:\Users\Matias Lavista\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dllFF - plugin: C:\Users\Matias Lavista\AppData\Roaming\Mozilla\plugins\npgoogletalk.dllFF - plugin: C:\Users\Matias Lavista\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dllFF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dllFF - plugin: C:\Windows\SysWOW64\npDeployJava1.dllFF - plugin: C:\Windows\SysWOW64\npmproxy.dllFF - ExtSQL: 2012-12-17 10:22; 50cd03a046335@50cd03a04636f.com; C:\Users\Matias Lavista\AppData\Roaming\Mozilla\Firefox\Profiles\epq5ncuw.default\extensions\50cd03a046335@50cd03a04636f.com.============= SERVICES / DRIVERS ===============.R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2009-9-14 27152]R2 AVP;Kaspersky Anti-Virus 6.0;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe [2009-9-22 315736]R2 msoidsvc;Microsoft Online Services Sign-in Assistant;C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [2010-8-17 2024864]R2 osubsvc;Microsoft Office 2010 Subscription Agent;C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\osa.exe [2011-11-16 493384]R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2009-9-17 56344]R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-2-26 158976]R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-2-3 271872]R3 KLFLTDEV;Kaspersky Lab KLFltDev;C:\Windows\System32\drivers\klfltdev.sys [2009-9-3 30736]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-1-31 1153368]S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944]S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2012-9-19 102368]S3 NWUSBCDFIL64;Novatel Wireless Installation CD;C:\Windows\System32\drivers\NwUsbCdFil64.sys [2009-12-18 25600]S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;C:\Windows\System32\drivers\nwusbser2.sys [2009-12-18 213376]S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-8-1 239616]S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-7-9 1255736].=============== File Associations ===============.FileExt: .txt: Applications\notepad++.exe="C:\Program Files (x86)\Notepad++\notepad++.exe" "%1" [userChoice].=============== Created Last 30 ================.2013-01-16 18:01:06 -------- d-----w- C:\Users\Matias Lavista\AppData\Roaming\Malwarebytes2013-01-16 18:00:34 -------- d-----w- C:\Users\Matias Lavista\AppData\Local\Programs.==================== Find3M ====================.2013-01-10 07:01:03 74248 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2013-01-10 07:01:03 697864 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe2012-12-16 07:04:32 328192 ----a-w- C:\Windows\System32\services.exe2012-12-14 21:49:28 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys2012-12-10 15:56:47 60304 ----a-w- C:\Users\Matias Lavista\g2mdlhlpx.exe2012-11-28 05:08:16 98304 ----a-w- C:\Windows\SysWow64\CmdLineExt.dll2012-11-22 08:20:36 3147264 ----a-w- C:\Windows\System32\win32k.sys2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb2012-11-09 05:34:27 2048 ----a-w- C:\Windows\System32\tzres.dll2012-11-09 04:49:37 2048 ----a-w- C:\Windows\SysWow64\tzres.dll2012-11-05 16:25:51 46080 ----a-w- C:\Windows\System32\atmlib.dll2012-11-05 14:17:16 367616 ----a-w- C:\Windows\System32\atmfd.dll2012-11-05 14:03:21 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll2012-11-05 14:03:13 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll2012-11-02 05:27:51 478208 ----a-w- C:\Windows\System32\dpnet.dll2012-11-02 04:48:28 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll.============= FINISH: 21:03:17.23 ===============.UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows 7 Ultimate Boot Device: \Device\HarddiskVolume1Install Date: 1/31/2011 10:26:48 AMSystem Uptime: 1/16/2013 1:53:58 PM (8 hours ago).Motherboard: LENOVO | | Base Board Product NameProcessor: Intel® Core i5 CPU M 450 @ 2.40GHz | CPU | 2400/1066mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 254 GiB total, 177.608 GiB free.D: is FIXED (NTFS) - 29 GiB total, 28.139 GiB free.E: is CDROM ()F: is Removable.==== Disabled Device Manager Items =============.Class GUID: Description: Device ID: ACPI\VPC2004\0Manufacturer: Name: PNP Device ID: ACPI\VPC2004\0Service: .==== System Restore Points ===================.RP137: 12/14/2012 5:21:19 PM - Restore OperationRP138: 12/15/2012 5:19:22 PM - Windows UpdateRP139: 12/16/2012 2:05:34 AM - Removed Autologon from USA.NET 01/29/2010.RP140: 1/10/2013 1:58:27 AM - Scheduled Checkpoint.==== Installed Programs ======================.Adobe Flash Player 11 ActiveXAdobe Flash Player 11 PluginAdobe Reader 9.5.2Autologon from USA.NET 01/29/2010BitLord 2.1Commandos 2: Men of CourageCommandos Strike ForceCutePDF Writer 2.7Definition Update for Microsoft Office 2010 (KB982726) 32-Bit EditionDropboxFacebook Video Calling 1.2.0.159FileZilla Client 3.5.3FileZilla ServerGoogle ChromeGoogle Talk (remove only)Google Talk PluginGoToMeeting 5.3.0.977GTK+ Runtime 2.14.7 rev a (remove only)HUDIntel® Graphics Media Accelerator DriverIntelliJ IDEA 9.0.1iRise® Reader v8.8.1.0 (Build:34598)J2SE Runtime Environment 5.0 Update 11Java 7 Update 9Java Auto UpdaterJava 6 Update 24Java SE Development Kit 6Java SE Runtime Environment 6JavaFX 2.1.1Juniper Networks Setup Client Activex ControlKaspersky Anti-Virus 6.0 for Windows WorkstationsLenovo_Wireless_DriverLinkPoint for SalesforceMalwarebytes Anti-Malware version 1.70.0.1100Microsoft .NET Framework 4 Client ProfileMicrosoft Office 2010 Service Pack 1 (SP1)Microsoft Office Access MUI (English) 2010Microsoft Office Access Setup Metadata MUI (English) 2010Microsoft Office Excel MUI (English) 2010Microsoft Office Groove MUI (English) 2010Microsoft Office InfoPath MUI (English) 2010Microsoft Office Live Meeting 2007Microsoft Office Office 64-bit Components 2010Microsoft Office Office Subscription (English) 2010Microsoft Office OneNote MUI (English) 2010Microsoft Office Outlook MUI (English) 2010Microsoft Office PowerPoint MUI (English) 2010Microsoft Office Professional Plus 2010Microsoft Office Professional Plus Subscription 2010Microsoft Office Proof (English) 2010Microsoft Office Proof (French) 2010Microsoft Office Proof (Spanish) 2010Microsoft Office Proofing (English) 2010Microsoft Office Publisher MUI (English) 2010Microsoft Office Shared 64-bit MUI (English) 2010Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010Microsoft Office Shared MUI (English) 2010Microsoft Office Shared Setup Metadata MUI (English) 2010Microsoft Office Word MUI (English) 2010Microsoft Online Services Sign-in AssistantMicrosoft SilverlightMicrosoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Mobile Broadband Generic DriversMozilla Firefox 17.0.1 (x86 en-US)Mozilla Maintenance ServiceMSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)MySQL Server 5.5MySQL Tools for 5.0Notepad++OpenOffice.org 3.4.1PidginQlikViewRealtek Ethernet Controller Driver For Windows Vista and LaterSalesforce Outlook Edition 3Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit EditionSecurity Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit EditionSecurity Update for Microsoft InfoPath 2010 (KB2687436) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2553091)Security Update for Microsoft Office 2010 (KB2553096)Security Update for Microsoft Office 2010 (KB2553371) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2553447) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2589320) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2597986) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2598243) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2687501) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2687510) 32-Bit EditionSecurity Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit EditionSecurity Update for Microsoft SharePoint Workspace 2010 (KB2566445)Security Update for Microsoft Visio 2010 (KB2687508) 32-Bit EditionSecurity Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit EditionSecurity Update for Microsoft Word 2010 (KB2760410) 32-Bit EditionSkype ToolbarsSkype™ 6.0SnagIt 8Software Version UpdaterSpybot - Search & DestroyTrillianUpdate for Microsoft .NET Framework 4 Client Profile (KB2468871)Update for Microsoft .NET Framework 4 Client Profile (KB2533523)Update for Microsoft .NET Framework 4 Client Profile (KB2600217)Update for Microsoft Office 2010 (KB2553065)Update for Microsoft Office 2010 (KB2553092)Update for Microsoft Office 2010 (KB2553181) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2553267) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2553310) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2566458)Update for Microsoft Office 2010 (KB2596964) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2597091) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2598242) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2687509) 32-Bit EditionUpdate for Microsoft OneNote 2010 (KB2553290) 32-Bit EditionUpdate for Microsoft OneNote 2010 (KB2589345) 32-Bit EditionUpdate for Microsoft OneNote 2010 (KB2687277) 32-Bit EditionUpdate for Microsoft Outlook 2010 (KB2687623) 32-Bit EditionUpdate for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit EditionUpdate for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit EditionVaudiXVerizon Wireless MiFi-2200 Firmware UpdatesVLC media player 1.0.5WinRAR 4.20 (32-bit)WinSCP 5.1.1Yontoo Layers Runtime 1.10.01.==== Event Viewer Messages From Past Week ========.1/16/2013 1:56:12 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-21470248911/16/2013 1:56:12 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-21470248911/16/2013 1:54:29 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.1/16/2013 1:54:29 PM, Error: Service Control Manager [7003] - The SBSD Security Center Service service depends the following service: wscsvc. This service might not be installed.1/16/2013 1:54:29 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.1/16/2013 1:54:25 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed..==== End Of File =========================== Link to post Share on other sites More sharing options...
MrCharlie Posted January 17, 2013 ID:635396 Share Posted January 17, 2013 Please read the following information first.You're infected with Rootkit.ZeroAccess, a BackDoor Trojan.BACKDOOR WARNING------------------------------One or more of the identified infections is known to use a backdoor.This allows hackers to remotely control your computer, steal critical system information and download and execute files.I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.Though the infection has been identified and because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?http://www.dslreports.com/faq/10451When Should I Format, How Should I Reinstallhttp://www.dslreports.com/faq/10063I will try my best to clean this machine but I can't guarantee that it will be 100% secure afterwards.Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.-----------------------------------------Download Malwarebytes Anti-Rootkit from HEREUnzip the contents to a folder in a convenient location.Open the folder where the contents were unzipped and run mbar.exeFollow the instructions in the wizard to update and allow the program to scan your computer for threats.Click on the Cleanup button to remove any threats and reboot if prompted to do so.Wait while the system shuts down and the cleanup process is performed.Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txtTo attach a log if needed:Bottom right corner of this page.New window that comes up.~~~~~~~~~~~~~~~~~~~~~~~Note:If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:Internet accessWindows UpdateWindows FirewallIf there are additional problems with your system, such as any of those listed above or other system issues, then run the fixdamage tool included with Malwarebytes Anti-Rootkit and reboot.Verify that your system is now functioning normally.MrC Link to post Share on other sites More sharing options...
ellabo Posted January 18, 2013 Author ID:635897 Share Posted January 18, 2013 Hi Charlie, the mbar didnt find any malware, I see the files you are refering to ZeroAccess, could I clean it with RogueKiller?Here are the logsMalwarebytes Anti-Rootkit BETA 1.01.0.1016www.malwarebytes.orgDatabase version: v2013.01.18.02Windows 7 x64 NTFSInternet Explorer 9.0.8112.16421Matias Lavista :: MLAVISTA [administrator]1/17/2013 11:34:15 PMmbar-log-2013-01-17 (23-34-15).txtScan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2PScan options disabled: Objects scanned: 29761Time elapsed: 13 minute(s), 54 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 0(No malicious items detected)(end)---------------------------------------Malwarebytes Anti-Rootkit BETA 1.01.0.1016© Malwarebytes Corporation 2011-2012OS version: 6.1.7600 Windows 7 x64Account is AdministrativeInternet Explorer version: 9.0.8112.16421Java version: 1.6.0_24File system is: NTFSDisk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXEDCPU speed: 2.394000 GHzMemory total: 4084047872, free: 1185636352------------ Kernel report ------------ 01/17/2013 00:27:37------------ Loaded modules -----------\SystemRoot\system32\ntoskrnl.exe\SystemRoot\system32\hal.dll\SystemRoot\system32\kdcom.dll\SystemRoot\system32\mcupdate_GenuineIntel.dll\SystemRoot\system32\PSHED.dll\SystemRoot\system32\CLFS.SYS\SystemRoot\system32\CI.dll\SystemRoot\system32\drivers\Wdf01000.sys\SystemRoot\system32\drivers\WDFLDR.SYS\SystemRoot\system32\DRIVERS\ACPI.sys\SystemRoot\system32\DRIVERS\WMILIB.SYS\SystemRoot\system32\DRIVERS\msisadrv.sys\SystemRoot\system32\DRIVERS\pci.sys\SystemRoot\system32\DRIVERS\vdrvroot.sys\SystemRoot\System32\drivers\partmgr.sys\SystemRoot\system32\DRIVERS\compbatt.sys\SystemRoot\system32\DRIVERS\BATTC.SYS\SystemRoot\system32\DRIVERS\volmgr.sys\SystemRoot\System32\drivers\volmgrx.sys\SystemRoot\System32\drivers\mountmgr.sys\SystemRoot\system32\DRIVERS\atapi.sys\SystemRoot\system32\DRIVERS\ataport.SYS\SystemRoot\system32\DRIVERS\msahci.sys\SystemRoot\system32\DRIVERS\PCIIDEX.SYS\SystemRoot\system32\DRIVERS\amdxata.sys\SystemRoot\system32\drivers\fltmgr.sys\SystemRoot\system32\drivers\fileinfo.sys\SystemRoot\System32\Drivers\Ntfs.sys\SystemRoot\System32\Drivers\msrpc.sys\SystemRoot\System32\Drivers\ksecdd.sys\SystemRoot\System32\Drivers\cng.sys\SystemRoot\System32\drivers\pcw.sys\SystemRoot\System32\Drivers\Fs_Rec.sys\SystemRoot\system32\drivers\ndis.sys\SystemRoot\system32\drivers\NETIO.SYS\SystemRoot\System32\Drivers\ksecpkg.sys\SystemRoot\System32\drivers\tcpip.sys\SystemRoot\System32\drivers\fwpkclnt.sys\SystemRoot\system32\DRIVERS\vmstorfl.sys\SystemRoot\system32\drivers\volsnap.sys\SystemRoot\System32\Drivers\spldr.sys\SystemRoot\System32\drivers\rdyboost.sys\SystemRoot\System32\Drivers\mup.sys\SystemRoot\System32\drivers\hwpolicy.sys\SystemRoot\System32\DRIVERS\fvevol.sys\SystemRoot\system32\DRIVERS\disk.sys\SystemRoot\system32\DRIVERS\CLASSPNP.SYS\SystemRoot\system32\DRIVERS\cdrom.sys\SystemRoot\system32\DRIVERS\klif.sys\SystemRoot\System32\Drivers\Null.SYS\SystemRoot\System32\Drivers\Beep.SYS\SystemRoot\System32\drivers\vga.sys\SystemRoot\System32\drivers\VIDEOPRT.SYS\SystemRoot\System32\drivers\watchdog.sys\SystemRoot\System32\DRIVERS\RDPCDD.sys\SystemRoot\system32\drivers\rdpencdd.sys\SystemRoot\system32\drivers\rdprefmp.sys\SystemRoot\System32\Drivers\Msfs.SYS\SystemRoot\System32\Drivers\Npfs.SYS\SystemRoot\system32\DRIVERS\tdx.sys\SystemRoot\system32\DRIVERS\TDI.SYS\SystemRoot\system32\DRIVERS\kl1.sys\SystemRoot\system32\drivers\afd.sys\SystemRoot\System32\DRIVERS\netbt.sys\SystemRoot\system32\DRIVERS\wfplwf.sys\SystemRoot\system32\DRIVERS\pacer.sys\SystemRoot\system32\DRIVERS\vwififlt.sys\SystemRoot\system32\DRIVERS\klim6.sys\SystemRoot\system32\DRIVERS\netbios.sys\SystemRoot\system32\DRIVERS\wanarp.sys\SystemRoot\system32\DRIVERS\termdd.sys\SystemRoot\system32\DRIVERS\rdbss.sys\SystemRoot\system32\drivers\nsiproxy.sys\SystemRoot\system32\DRIVERS\mssmbios.sys\SystemRoot\System32\drivers\discache.sys\SystemRoot\system32\drivers\csc.sys\SystemRoot\System32\Drivers\dfsc.sys\SystemRoot\system32\DRIVERS\blbdrive.sys\SystemRoot\system32\DRIVERS\tunnel.sys\SystemRoot\system32\DRIVERS\wmiacpi.sys\SystemRoot\system32\DRIVERS\igdkmd64.sys\SystemRoot\System32\drivers\dxgkrnl.sys\SystemRoot\System32\drivers\dxgmms1.sys\SystemRoot\system32\DRIVERS\HECIx64.sys\SystemRoot\system32\DRIVERS\usbehci.sys\SystemRoot\system32\DRIVERS\USBPORT.SYS\SystemRoot\system32\DRIVERS\klfltdev.sys\SystemRoot\system32\DRIVERS\HDAudBus.sys\SystemRoot\system32\DRIVERS\athrx.sys\SystemRoot\system32\DRIVERS\vwifibus.sys\SystemRoot\system32\DRIVERS\CmBatt.sys\SystemRoot\system32\DRIVERS\i8042prt.sys\SystemRoot\system32\DRIVERS\mouclass.sys\SystemRoot\system32\DRIVERS\kbdclass.sys\SystemRoot\system32\DRIVERS\Impcd.sys\SystemRoot\system32\DRIVERS\intelppm.sys\SystemRoot\system32\DRIVERS\CompositeBus.sys\SystemRoot\system32\DRIVERS\AgileVpn.sys\SystemRoot\system32\DRIVERS\rasl2tp.sys\SystemRoot\system32\DRIVERS\ndistapi.sys\SystemRoot\system32\DRIVERS\ndiswan.sys\SystemRoot\system32\DRIVERS\raspppoe.sys\SystemRoot\system32\DRIVERS\raspptp.sys\SystemRoot\system32\DRIVERS\rassstp.sys\SystemRoot\system32\DRIVERS\rdpbus.sys\SystemRoot\system32\DRIVERS\swenum.sys\SystemRoot\system32\DRIVERS\ks.sys\SystemRoot\system32\DRIVERS\NWADIenum.sys\SystemRoot\system32\DRIVERS\umbus.sys\SystemRoot\system32\DRIVERS\usbhub.sys\SystemRoot\System32\Drivers\NDProxy.SYS\SystemRoot\system32\drivers\HdAudio.sys\SystemRoot\system32\drivers\portcls.sys\SystemRoot\system32\drivers\drmk.sys\SystemRoot\system32\drivers\ksthunk.sys\SystemRoot\system32\DRIVERS\IntcDAud.sys\SystemRoot\system32\DRIVERS\usbccgp.sys\SystemRoot\system32\DRIVERS\USBD.SYS\SystemRoot\System32\Drivers\usbvideo.sys\SystemRoot\system32\DRIVERS\hidusb.sys\SystemRoot\system32\DRIVERS\HIDCLASS.SYS\SystemRoot\system32\DRIVERS\HIDPARSE.SYS\SystemRoot\system32\DRIVERS\USBSTOR.SYS\SystemRoot\system32\DRIVERS\mouhid.sys\SystemRoot\System32\Drivers\crashdmp.sys\SystemRoot\System32\Drivers\dump_dumpata.sys\SystemRoot\System32\Drivers\dump_msahci.sys\SystemRoot\System32\Drivers\dump_dumpfve.sys\SystemRoot\System32\win32k.sys\SystemRoot\System32\drivers\Dxapi.sys\SystemRoot\system32\DRIVERS\monitor.sys\SystemRoot\System32\TSDDD.dll\SystemRoot\System32\cdd.dll\SystemRoot\system32\drivers\luafv.sys\SystemRoot\system32\drivers\WudfPf.sys\SystemRoot\system32\DRIVERS\lltdio.sys\SystemRoot\system32\DRIVERS\nwifi.sys\SystemRoot\system32\DRIVERS\ndisuio.sys\SystemRoot\system32\DRIVERS\rspndr.sys\SystemRoot\system32\drivers\HTTP.sys\SystemRoot\System32\DRIVERS\srvnet.sys\SystemRoot\system32\DRIVERS\bowser.sys\SystemRoot\system32\DRIVERS\mrxsmb.sys\SystemRoot\system32\DRIVERS\mrxsmb10.sys\SystemRoot\system32\DRIVERS\mrxsmb20.sys\SystemRoot\System32\DRIVERS\srv2.sys\SystemRoot\System32\DRIVERS\srv.sys\SystemRoot\system32\drivers\peauth.sys\SystemRoot\System32\Drivers\secdrv.SYS\SystemRoot\System32\drivers\tcpipreg.sys\SystemRoot\system32\DRIVERS\WUDFRd.sys\SystemRoot\System32\drivers\rdpdr.sys\SystemRoot\system32\drivers\tdtcp.sys\SystemRoot\System32\DRIVERS\tssecsrv.sys\SystemRoot\System32\Drivers\RDPWD.SYS\SystemRoot\system32\drivers\spsys.sys\SystemRoot\system32\DRIVERS\asyncmac.sys\SystemRoot\System32\ATMFD.DLL\??\C:\Windows\system32\drivers\mbamchameleon.sys\??\C:\Windows\system32\drivers\mbamswissarmy.sys\Windows\System32\ntdll.dll\Windows\System32\smss.exe\Windows\System32\apisetschema.dll\Windows\System32\autochk.exe----------- End -----------<<<1>>>Upper Device Name: \Device\Harddisk1\DR1Upper Device Object: 0xfffffa8004ed7790Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\00000079\Lower Device Object: 0xfffffa8004ebc060Lower Device Driver Name: \Driver\USBSTOR\Driver name found: USBSTORInitialization returned 0x0Load Function returned 0x0<<<1>>>Upper Device Name: \Device\Harddisk0\DR0Upper Device Object: 0xfffffa8004bcb060Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\Lower Device Object: 0xfffffa800493a680Lower Device Driver Name: \Driver\atapi\Driver name found: atapiInitialization returned 0x0Port sub-driver loaded: \??\C:\Windows\System32\drivers\ataport.sys (0x0)Load Function returned 0x0Downloaded database version: v2013.01.17.02Initializing...Done!<<<2>>>Device number: 0, partition: 2Physical Sector Size: 512Drive: 0, DevicePointer: 0xfffffa8004bcb060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xfffffa8004bcbb90, DeviceName: Unknown, DriverName: \Driver\partmgr\DevicePointer: 0xfffffa8004bcb060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\DevicePointer: 0xfffffa800493a680, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\------------ End ----------Upper DeviceData: 0xfffff8a00d6d6100, 0xfffffa8004bcb060, 0xfffffa8004219090Lower DeviceData: 0xfffff8a00b5ab7f0, 0xfffffa800493a680, 0xfffffa80043001e0<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesScanning directory: C:\Windows\system32\drivers...Done!Drive 0Scanning MBR on drive 0...Inspecting partition table:MBR Signature: 55AADisk Signature: 2BBEECFFPartition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 2048 Numsec = 204800 Partition file system is NTFS Partition is bootable Partition 1 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 206848 Numsec = 533182464 Partition 2 type is Extended with LBA (0xf) Partition is NOT ACTIVE. Partition starts at LBA: 533389312 Numsec = 60809216 Partition 3 type is Other (0x12) Partition is NOT ACTIVE. Partition starts at LBA: 594198528 Numsec = 30943920Disk Size: 320072933376 bytesSector size: 512 bytesScanning physical sectors of unpartitioned space on drive 0 (1-2047-625122448-625142448)...Physical Sector Size: 0Drive: 1, DevicePointer: 0xfffffa8004ed7790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xfffffa8004ebcb90, DeviceName: Unknown, DriverName: \Driver\partmgr\DevicePointer: 0xfffffa8004ed7790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\DevicePointer: 0xfffffa8004ebc060, DeviceName: \Device\00000079\, DriverName: \Driver\USBSTOR\------------ End ----------Done!Performing system, memory and registry scan...Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9} --> [PUP.Software.Updater]Infected: c:\Users\Matias Lavista\AppData\Local\SwvUpdater\Updater.exe --> [PUP.Software.Updater]Infected: HKLM\SOFTWARE\CLASSES\TYPELIB\{A0EE0278-2986-4E5A-884E-A3BF0357E476} --> [PUP.Software.Updater]Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{9EDC0C90-2B5B-4512-953E-35767BAD5C67} --> [PUP.Software.Updater]Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{9EDC0C90-2B5B-4512-953E-35767BAD5C67} --> [PUP.Software.Updater]Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{A0EE0278-2986-4E5A-884E-A3BF0357E476} --> [PUP.Software.Updater]Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96} --> [PUP.Software.Updater]Infected: HKLM\SOFTWARE\CLASSES\Updater.AmiUpd.1 --> [PUP.Software.Updater]Infected: HKLM\SOFTWARE\CLASSES\Updater.AmiUpd --> [PUP.Software.Updater]Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\Updater.AmiUpd --> [PUP.Software.Updater]Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\Updater.AmiUpd.1 --> [PUP.Software.Updater]Infected: c:\ProgramData\Microsoft\Media Tools\MediaIconsOverlays.dll --> [backdoor.Bot.Sat]Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{1EC23CFF-4C58-458f-924C-8519AEF61B32} --> [backdoor.Bot.Sat]Infected: c:\Windows\Installer\{e64409d8-d901-5c90-4107-a2860ecb0be5}\@ --> [backdoor.0Access]Infected: c:\Windows\Installer\{e64409d8-d901-5c90-4107-a2860ecb0be5}\L\00000004.@ --> [backdoor.0Access]Infected: c:\Windows\Installer\{e64409d8-d901-5c90-4107-a2860ecb0be5}\U\00000004.@ --> [backdoor.0Access]Infected: c:\windows\installer\{e64409d8-d901-5c90-4107-a2860ecb0be5}\u\80000000.@ --> [backdoor.0Access]Infected: c:\Windows\Installer\{e64409d8-d901-5c90-4107-a2860ecb0be5}\U\80000064.@ --> [backdoor.0Access]Infected: c:\Windows\assembly\GAC_64\Desktop.ini --> [Rootkit.0access]Infected: c:\Windows\Installer\{e64409d8-d901-5c90-4107-a2860ecb0be5}\L --> [backdoor.0Access]Infected: c:\Windows\Installer\{e64409d8-d901-5c90-4107-a2860ecb0be5}\U --> [backdoor.0Access]Done!Scan finishedCreating System Restore point...Scheduling clean up...<<<2>>>Device number: 0, partition: 2<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesRemoval scheduling successful. System shutdown needed.System shutdown occurred=======================================---------------------------------------Malwarebytes Anti-Rootkit BETA 1.01.0.1016© Malwarebytes Corporation 2011-2012OS version: 6.1.7600 Windows 7 x64Account is AdministrativeInternet Explorer version: 9.0.8112.16421Java version: 1.6.0_24File system is: NTFSDisk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXEDCPU speed: 2.394000 GHzMemory total: 4084047872, free: 2828079104Removal queue found; removal startedRemoving c:\Users\Matias Lavista\AppData\Local\SwvUpdater\Updater.exe...Removing c:\ProgramData\Microsoft\Media Tools\MediaIconsOverlays.dll...Removing c:\Windows\Installer\{e64409d8-d901-5c90-4107-a2860ecb0be5}\@...Removing c:\Windows\Installer\{e64409d8-d901-5c90-4107-a2860ecb0be5}\L\00000004.@...Removing c:\Windows\Installer\{e64409d8-d901-5c90-4107-a2860ecb0be5}\U\00000004.@...Removing c:\windows\installer\{e64409d8-d901-5c90-4107-a2860ecb0be5}\u\80000000.@...Removing c:\Windows\Installer\{e64409d8-d901-5c90-4107-a2860ecb0be5}\U\80000064.@...Removing c:\Windows\assembly\GAC_64\Desktop.ini...Removing c:\Windows\Installer\{e64409d8-d901-5c90-4107-a2860ecb0be5}\L...Removing c:\Windows\Installer\{e64409d8-d901-5c90-4107-a2860ecb0be5}\U...Removal finished=======================================---------------------------------------Malwarebytes Anti-Rootkit BETA 1.01.0.1016© Malwarebytes Corporation 2011-2012OS version: 6.1.7600 Windows 7 x64Account is AdministrativeInternet Explorer version: 9.0.8112.16421Java version: 1.6.0_24File system is: NTFSDisk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXEDCPU speed: 2.394000 GHzMemory total: 4084047872, free: 2691035136---------------------------------------Malwarebytes Anti-Rootkit BETA 1.01.0.1016© Malwarebytes Corporation 2011-2012OS version: 6.1.7600 Windows 7 x64Account is AdministrativeInternet Explorer version: 9.0.8112.16421Java version: 1.6.0_24File system is: NTFSDisk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXEDCPU speed: 2.394000 GHzMemory total: 4084047872, free: 2709630976------------ Kernel report ------------ 01/17/2013 01:13:44------------ Loaded modules -----------\SystemRoot\system32\ntoskrnl.exe\SystemRoot\system32\hal.dll\SystemRoot\system32\kdcom.dll\SystemRoot\system32\mcupdate_GenuineIntel.dll\SystemRoot\system32\PSHED.dll\SystemRoot\system32\CLFS.SYS\SystemRoot\system32\CI.dll\SystemRoot\system32\drivers\Wdf01000.sys\SystemRoot\system32\drivers\WDFLDR.SYS\SystemRoot\system32\DRIVERS\ACPI.sys\SystemRoot\system32\DRIVERS\WMILIB.SYS\SystemRoot\system32\DRIVERS\msisadrv.sys\SystemRoot\system32\DRIVERS\pci.sys\SystemRoot\system32\DRIVERS\vdrvroot.sys\SystemRoot\System32\drivers\partmgr.sys\SystemRoot\system32\DRIVERS\compbatt.sys\SystemRoot\system32\DRIVERS\BATTC.SYS\SystemRoot\system32\DRIVERS\volmgr.sys\SystemRoot\System32\drivers\volmgrx.sys\SystemRoot\System32\drivers\mountmgr.sys\SystemRoot\system32\DRIVERS\atapi.sys\SystemRoot\system32\DRIVERS\ataport.SYS\SystemRoot\system32\DRIVERS\msahci.sys\SystemRoot\system32\DRIVERS\PCIIDEX.SYS\SystemRoot\system32\DRIVERS\amdxata.sys\SystemRoot\system32\drivers\fltmgr.sys\SystemRoot\system32\drivers\fileinfo.sys\SystemRoot\System32\Drivers\Ntfs.sys\SystemRoot\System32\Drivers\msrpc.sys\SystemRoot\System32\Drivers\ksecdd.sys\SystemRoot\System32\Drivers\cng.sys\SystemRoot\System32\drivers\pcw.sys\SystemRoot\System32\Drivers\Fs_Rec.sys\SystemRoot\system32\drivers\ndis.sys\SystemRoot\system32\drivers\NETIO.SYS\SystemRoot\System32\Drivers\ksecpkg.sys\SystemRoot\System32\drivers\tcpip.sys\SystemRoot\System32\drivers\fwpkclnt.sys\SystemRoot\system32\DRIVERS\vmstorfl.sys\SystemRoot\system32\drivers\volsnap.sys\SystemRoot\System32\Drivers\spldr.sys\SystemRoot\System32\drivers\rdyboost.sys\SystemRoot\System32\Drivers\mup.sys\SystemRoot\System32\drivers\hwpolicy.sys\SystemRoot\System32\DRIVERS\fvevol.sys\SystemRoot\system32\DRIVERS\disk.sys\SystemRoot\system32\DRIVERS\CLASSPNP.SYS\SystemRoot\system32\DRIVERS\cdrom.sys\SystemRoot\system32\DRIVERS\klif.sys\SystemRoot\System32\Drivers\Null.SYS\SystemRoot\System32\Drivers\Beep.SYS\SystemRoot\System32\drivers\vga.sys\SystemRoot\System32\drivers\VIDEOPRT.SYS\SystemRoot\System32\drivers\watchdog.sys\SystemRoot\System32\DRIVERS\RDPCDD.sys\SystemRoot\system32\drivers\rdpencdd.sys\SystemRoot\system32\drivers\rdprefmp.sys\SystemRoot\System32\Drivers\Msfs.SYS\SystemRoot\System32\Drivers\Npfs.SYS\SystemRoot\system32\DRIVERS\tdx.sys\SystemRoot\system32\DRIVERS\TDI.SYS\SystemRoot\system32\DRIVERS\kl1.sys\SystemRoot\system32\drivers\afd.sys\SystemRoot\System32\DRIVERS\netbt.sys\SystemRoot\system32\DRIVERS\wfplwf.sys\SystemRoot\system32\DRIVERS\pacer.sys\SystemRoot\system32\DRIVERS\vwififlt.sys\SystemRoot\system32\DRIVERS\klim6.sys\SystemRoot\system32\DRIVERS\netbios.sys\SystemRoot\system32\DRIVERS\wanarp.sys\SystemRoot\system32\DRIVERS\termdd.sys\SystemRoot\system32\DRIVERS\rdbss.sys\SystemRoot\system32\drivers\nsiproxy.sys\SystemRoot\system32\DRIVERS\mssmbios.sys\SystemRoot\System32\drivers\discache.sys\SystemRoot\system32\drivers\csc.sys\SystemRoot\System32\Drivers\dfsc.sys\SystemRoot\system32\DRIVERS\blbdrive.sys\SystemRoot\system32\DRIVERS\tunnel.sys\SystemRoot\system32\DRIVERS\wmiacpi.sys\SystemRoot\system32\DRIVERS\igdkmd64.sys\SystemRoot\System32\drivers\dxgkrnl.sys\SystemRoot\System32\drivers\dxgmms1.sys\SystemRoot\system32\DRIVERS\HECIx64.sys\SystemRoot\system32\DRIVERS\usbehci.sys\SystemRoot\system32\DRIVERS\USBPORT.SYS\SystemRoot\system32\DRIVERS\klfltdev.sys\SystemRoot\system32\DRIVERS\HDAudBus.sys\SystemRoot\system32\DRIVERS\athrx.sys\SystemRoot\system32\DRIVERS\vwifibus.sys\SystemRoot\system32\DRIVERS\CmBatt.sys\SystemRoot\system32\DRIVERS\i8042prt.sys\SystemRoot\system32\DRIVERS\mouclass.sys\SystemRoot\system32\DRIVERS\kbdclass.sys\SystemRoot\system32\DRIVERS\Impcd.sys\SystemRoot\system32\DRIVERS\intelppm.sys\SystemRoot\system32\DRIVERS\CompositeBus.sys\SystemRoot\system32\DRIVERS\AgileVpn.sys\SystemRoot\system32\DRIVERS\rasl2tp.sys\SystemRoot\system32\DRIVERS\ndistapi.sys\SystemRoot\system32\DRIVERS\ndiswan.sys\SystemRoot\system32\DRIVERS\raspppoe.sys\SystemRoot\system32\DRIVERS\raspptp.sys\SystemRoot\system32\DRIVERS\rassstp.sys\SystemRoot\system32\DRIVERS\rdpbus.sys\SystemRoot\system32\DRIVERS\swenum.sys\SystemRoot\system32\DRIVERS\ks.sys\SystemRoot\system32\DRIVERS\NWADIenum.sys\SystemRoot\system32\DRIVERS\umbus.sys\SystemRoot\system32\DRIVERS\usbhub.sys\SystemRoot\System32\Drivers\NDProxy.SYS\SystemRoot\system32\drivers\HdAudio.sys\SystemRoot\system32\drivers\portcls.sys\SystemRoot\system32\drivers\drmk.sys\SystemRoot\system32\drivers\ksthunk.sys\SystemRoot\system32\DRIVERS\IntcDAud.sys\SystemRoot\System32\Drivers\crashdmp.sys\SystemRoot\System32\Drivers\dump_dumpata.sys\SystemRoot\System32\Drivers\dump_msahci.sys\SystemRoot\System32\Drivers\dump_dumpfve.sys\SystemRoot\system32\DRIVERS\usbccgp.sys\SystemRoot\system32\DRIVERS\USBD.SYS\SystemRoot\System32\Drivers\usbvideo.sys\SystemRoot\system32\DRIVERS\hidusb.sys\SystemRoot\system32\DRIVERS\HIDCLASS.SYS\SystemRoot\system32\DRIVERS\HIDPARSE.SYS\SystemRoot\system32\DRIVERS\mouhid.sys\SystemRoot\system32\DRIVERS\USBSTOR.SYS\SystemRoot\System32\win32k.sys\SystemRoot\System32\drivers\Dxapi.sys\SystemRoot\system32\DRIVERS\monitor.sys\SystemRoot\System32\TSDDD.dll\SystemRoot\System32\cdd.dll\SystemRoot\system32\drivers\luafv.sys\SystemRoot\system32\drivers\WudfPf.sys\SystemRoot\system32\DRIVERS\lltdio.sys\SystemRoot\system32\DRIVERS\nwifi.sys\SystemRoot\system32\DRIVERS\ndisuio.sys\SystemRoot\system32\DRIVERS\rspndr.sys\SystemRoot\system32\drivers\HTTP.sys\SystemRoot\System32\DRIVERS\srvnet.sys\SystemRoot\system32\DRIVERS\bowser.sys\SystemRoot\system32\DRIVERS\mrxsmb.sys\SystemRoot\system32\DRIVERS\mrxsmb10.sys\SystemRoot\system32\DRIVERS\mrxsmb20.sys\SystemRoot\System32\DRIVERS\srv2.sys\SystemRoot\System32\DRIVERS\srv.sys\SystemRoot\system32\drivers\peauth.sys\SystemRoot\System32\Drivers\secdrv.SYS\SystemRoot\System32\drivers\tcpipreg.sys\SystemRoot\system32\DRIVERS\WUDFRd.sys\SystemRoot\System32\drivers\rdpdr.sys\SystemRoot\system32\drivers\tdtcp.sys\SystemRoot\System32\DRIVERS\tssecsrv.sys\SystemRoot\System32\Drivers\RDPWD.SYS\SystemRoot\system32\drivers\spsys.sys\SystemRoot\system32\DRIVERS\asyncmac.sys\??\C:\Windows\system32\drivers\mbamchameleon.sys\??\C:\Windows\system32\drivers\mbamswissarmy.sys\Windows\System32\ntdll.dll\Windows\System32\smss.exe\Windows\System32\apisetschema.dll\Windows\System32\autochk.exe----------- End -----------<<<1>>>Upper Device Name: \Device\Harddisk1\DR1Upper Device Object: 0xfffffa8005657790Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\00000079\Lower Device Object: 0xfffffa8004f00760Lower Device Driver Name: \Driver\USBSTOR\Driver name found: USBSTORInitialization returned 0x0Load Function returned 0x0<<<1>>>Upper Device Name: \Device\Harddisk0\DR0Upper Device Object: 0xfffffa8004bee060Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\Lower Device Object: 0xfffffa8004953060Lower Device Driver Name: \Driver\atapi\Driver name found: atapiInitialization returned 0x0Port sub-driver loaded: \??\C:\Windows\System32\drivers\ataport.sys (0x0)Load Function returned 0x0Initializing...Done!<<<2>>>Device number: 0, partition: 2Physical Sector Size: 512Drive: 0, DevicePointer: 0xfffffa8004bee060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xfffffa8004beeb90, DeviceName: Unknown, DriverName: \Driver\partmgr\DevicePointer: 0xfffffa8004bee060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\DevicePointer: 0xfffffa8004953060, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\------------ End ----------Upper DeviceData: 0xfffff8a00512c150, 0xfffffa8004bee060, 0xfffffa8004c1f090Lower DeviceData: 0xfffff8a00513b550, 0xfffffa8004953060, 0xfffffa80043c6e40<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesScanning directory: C:\Windows\system32\drivers...Done!Drive 0Scanning MBR on drive 0...Inspecting partition table:MBR Signature: 55AADisk Signature: 2BBEECFFPartition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 2048 Numsec = 204800 Partition file system is NTFS Partition is bootable Partition 1 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 206848 Numsec = 533182464 Partition 2 type is Extended with LBA (0xf) Partition is NOT ACTIVE. Partition starts at LBA: 533389312 Numsec = 60809216 Partition 3 type is Other (0x12) Partition is NOT ACTIVE. Partition starts at LBA: 594198528 Numsec = 30943920Disk Size: 320072933376 bytesSector size: 512 bytesScanning physical sectors of unpartitioned space on drive 0 (1-2047-625122448-625142448)...Physical Sector Size: 0Drive: 1, DevicePointer: 0xfffffa8005657790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xfffffa800585ab90, DeviceName: Unknown, DriverName: \Driver\partmgr\DevicePointer: 0xfffffa8005657790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\DevicePointer: 0xfffffa8004f00760, DeviceName: \Device\00000079\, DriverName: \Driver\USBSTOR\------------ End ----------Done!Performing system, memory and registry scan...Done!Scan finished=======================================---------------------------------------Malwarebytes Anti-Rootkit BETA 1.01.0.1016© Malwarebytes Corporation 2011-2012OS version: 6.1.7600 Windows 7 x64Account is AdministrativeInternet Explorer version: 9.0.8112.16421Java version: 1.6.0_24File system is: NTFSDisk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXEDCPU speed: 2.394000 GHzMemory total: 4084047872, free: 2732077056=======================================---------------------------------------Malwarebytes Anti-Rootkit BETA 1.01.0.1016© Malwarebytes Corporation 2011-2012OS version: 6.1.7600 Windows 7 x64Account is AdministrativeInternet Explorer version: 9.0.8112.16421Java version: 1.6.0_24File system is: NTFSDisk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXEDCPU speed: 2.394000 GHzMemory total: 4084047872, free: 2986283008------------ Kernel report ------------ 01/17/2013 23:19:54------------ Loaded modules -----------\SystemRoot\system32\ntoskrnl.exe\SystemRoot\system32\hal.dll\SystemRoot\system32\kdcom.dll\SystemRoot\system32\mcupdate_GenuineIntel.dll\SystemRoot\system32\PSHED.dll\SystemRoot\system32\CLFS.SYS\SystemRoot\system32\CI.dll\SystemRoot\system32\drivers\Wdf01000.sys\SystemRoot\system32\drivers\WDFLDR.SYS\SystemRoot\system32\DRIVERS\ACPI.sys\SystemRoot\system32\DRIVERS\WMILIB.SYS\SystemRoot\system32\DRIVERS\msisadrv.sys\SystemRoot\system32\DRIVERS\pci.sys\SystemRoot\system32\DRIVERS\vdrvroot.sys\SystemRoot\System32\drivers\partmgr.sys\SystemRoot\system32\DRIVERS\compbatt.sys\SystemRoot\system32\DRIVERS\BATTC.SYS\SystemRoot\system32\DRIVERS\volmgr.sys\SystemRoot\System32\drivers\volmgrx.sys\SystemRoot\System32\drivers\mountmgr.sys\SystemRoot\system32\DRIVERS\atapi.sys\SystemRoot\system32\DRIVERS\ataport.SYS\SystemRoot\system32\DRIVERS\msahci.sys\SystemRoot\system32\DRIVERS\PCIIDEX.SYS\SystemRoot\system32\DRIVERS\amdxata.sys\SystemRoot\system32\drivers\fltmgr.sys\SystemRoot\system32\drivers\fileinfo.sys\SystemRoot\System32\Drivers\Ntfs.sys\SystemRoot\System32\Drivers\msrpc.sys\SystemRoot\System32\Drivers\ksecdd.sys\SystemRoot\System32\Drivers\cng.sys\SystemRoot\System32\drivers\pcw.sys\SystemRoot\System32\Drivers\Fs_Rec.sys\SystemRoot\system32\drivers\ndis.sys\SystemRoot\system32\drivers\NETIO.SYS\SystemRoot\System32\Drivers\ksecpkg.sys\SystemRoot\System32\drivers\tcpip.sys\SystemRoot\System32\drivers\fwpkclnt.sys\SystemRoot\system32\DRIVERS\vmstorfl.sys\SystemRoot\system32\drivers\volsnap.sys\SystemRoot\System32\Drivers\spldr.sys\SystemRoot\System32\drivers\rdyboost.sys\SystemRoot\System32\Drivers\mup.sys\SystemRoot\System32\drivers\hwpolicy.sys\SystemRoot\System32\DRIVERS\fvevol.sys\SystemRoot\system32\DRIVERS\disk.sys\SystemRoot\system32\DRIVERS\CLASSPNP.SYS\SystemRoot\system32\DRIVERS\cdrom.sys\SystemRoot\system32\DRIVERS\klif.sys\SystemRoot\System32\Drivers\Null.SYS\SystemRoot\System32\Drivers\Beep.SYS\SystemRoot\System32\drivers\vga.sys\SystemRoot\System32\drivers\VIDEOPRT.SYS\SystemRoot\System32\drivers\watchdog.sys\SystemRoot\System32\DRIVERS\RDPCDD.sys\SystemRoot\system32\drivers\rdpencdd.sys\SystemRoot\system32\drivers\rdprefmp.sys\SystemRoot\System32\Drivers\Msfs.SYS\SystemRoot\System32\Drivers\Npfs.SYS\SystemRoot\system32\DRIVERS\tdx.sys\SystemRoot\system32\DRIVERS\TDI.SYS\SystemRoot\system32\DRIVERS\kl1.sys\SystemRoot\system32\drivers\afd.sys\SystemRoot\System32\DRIVERS\netbt.sys\SystemRoot\system32\DRIVERS\wfplwf.sys\SystemRoot\system32\DRIVERS\pacer.sys\SystemRoot\system32\DRIVERS\vwififlt.sys\SystemRoot\system32\DRIVERS\klim6.sys\SystemRoot\system32\DRIVERS\netbios.sys\SystemRoot\system32\DRIVERS\wanarp.sys\SystemRoot\system32\DRIVERS\termdd.sys\SystemRoot\system32\DRIVERS\rdbss.sys\SystemRoot\system32\drivers\nsiproxy.sys\SystemRoot\system32\DRIVERS\mssmbios.sys\SystemRoot\System32\drivers\discache.sys\SystemRoot\system32\drivers\csc.sys\SystemRoot\System32\Drivers\dfsc.sys\SystemRoot\system32\DRIVERS\blbdrive.sys\SystemRoot\system32\DRIVERS\tunnel.sys\SystemRoot\system32\DRIVERS\wmiacpi.sys\SystemRoot\system32\DRIVERS\igdkmd64.sys\SystemRoot\System32\drivers\dxgkrnl.sys\SystemRoot\System32\drivers\dxgmms1.sys\SystemRoot\system32\DRIVERS\HECIx64.sys\SystemRoot\system32\DRIVERS\usbehci.sys\SystemRoot\system32\DRIVERS\USBPORT.SYS\SystemRoot\system32\DRIVERS\klfltdev.sys\SystemRoot\system32\DRIVERS\HDAudBus.sys\SystemRoot\system32\DRIVERS\athrx.sys\SystemRoot\system32\DRIVERS\vwifibus.sys\SystemRoot\system32\DRIVERS\CmBatt.sys\SystemRoot\system32\DRIVERS\i8042prt.sys\SystemRoot\system32\DRIVERS\mouclass.sys\SystemRoot\system32\DRIVERS\kbdclass.sys\SystemRoot\system32\DRIVERS\Impcd.sys\SystemRoot\system32\DRIVERS\intelppm.sys\SystemRoot\system32\DRIVERS\CompositeBus.sys\SystemRoot\system32\DRIVERS\AgileVpn.sys\SystemRoot\system32\DRIVERS\rasl2tp.sys\SystemRoot\system32\DRIVERS\ndistapi.sys\SystemRoot\system32\DRIVERS\ndiswan.sys\SystemRoot\system32\DRIVERS\raspppoe.sys\SystemRoot\system32\DRIVERS\raspptp.sys\SystemRoot\system32\DRIVERS\rassstp.sys\SystemRoot\system32\DRIVERS\rdpbus.sys\SystemRoot\system32\DRIVERS\swenum.sys\SystemRoot\system32\DRIVERS\ks.sys\SystemRoot\system32\DRIVERS\NWADIenum.sys\SystemRoot\system32\DRIVERS\umbus.sys\SystemRoot\system32\DRIVERS\usbhub.sys\SystemRoot\System32\Drivers\NDProxy.SYS\SystemRoot\system32\drivers\HdAudio.sys\SystemRoot\system32\drivers\portcls.sys\SystemRoot\system32\drivers\drmk.sys\SystemRoot\system32\drivers\ksthunk.sys\SystemRoot\system32\DRIVERS\IntcDAud.sys\SystemRoot\System32\Drivers\crashdmp.sys\SystemRoot\System32\Drivers\dump_dumpata.sys\SystemRoot\System32\Drivers\dump_msahci.sys\SystemRoot\System32\Drivers\dump_dumpfve.sys\SystemRoot\system32\DRIVERS\USBD.SYS\SystemRoot\system32\DRIVERS\USBSTOR.SYS\SystemRoot\System32\win32k.sys\SystemRoot\System32\drivers\Dxapi.sys\SystemRoot\system32\DRIVERS\monitor.sys\SystemRoot\system32\DRIVERS\usbccgp.sys\SystemRoot\system32\DRIVERS\HIDPARSE.SYS\SystemRoot\System32\Drivers\usbvideo.sys\SystemRoot\System32\TSDDD.dll\SystemRoot\System32\cdd.dll\SystemRoot\system32\drivers\luafv.sys\SystemRoot\system32\drivers\WudfPf.sys\SystemRoot\system32\DRIVERS\lltdio.sys\SystemRoot\system32\DRIVERS\nwifi.sys\SystemRoot\system32\DRIVERS\ndisuio.sys\SystemRoot\system32\DRIVERS\rspndr.sys\SystemRoot\system32\drivers\HTTP.sys\SystemRoot\System32\DRIVERS\srvnet.sys\SystemRoot\system32\DRIVERS\bowser.sys\SystemRoot\system32\DRIVERS\mrxsmb.sys\SystemRoot\system32\DRIVERS\mrxsmb10.sys\SystemRoot\system32\DRIVERS\mrxsmb20.sys\SystemRoot\System32\DRIVERS\srv2.sys\SystemRoot\System32\DRIVERS\srv.sys\SystemRoot\system32\drivers\peauth.sys\SystemRoot\System32\Drivers\secdrv.SYS\SystemRoot\System32\drivers\tcpipreg.sys\SystemRoot\system32\DRIVERS\WUDFRd.sys\SystemRoot\System32\drivers\rdpdr.sys\SystemRoot\system32\drivers\tdtcp.sys\SystemRoot\System32\DRIVERS\tssecsrv.sys\SystemRoot\System32\Drivers\RDPWD.SYS\SystemRoot\system32\drivers\spsys.sys\SystemRoot\system32\DRIVERS\asyncmac.sys\SystemRoot\system32\DRIVERS\hidusb.sys\SystemRoot\system32\DRIVERS\HIDCLASS.SYS\SystemRoot\system32\DRIVERS\mouhid.sys\SystemRoot\System32\ATMFD.DLL\??\C:\Windows\system32\drivers\mbamchameleon.sys\??\C:\Windows\system32\drivers\mbamswissarmy.sys\Windows\System32\ntdll.dll\Windows\System32\smss.exe\Windows\System32\apisetschema.dll\Windows\System32\autochk.exe----------- End -----------<<<1>>>Upper Device Name: \Device\Harddisk3\DR3Upper Device Object: 0xfffffa8006047060Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\00000084\Lower Device Object: 0xfffffa8005995b70Lower Device Driver Name: \Driver\USBSTOR\Driver name found: USBSTORInitialization returned 0x0Load Function returned 0x0<<<1>>>Upper Device Name: \Device\Harddisk0\DR0Upper Device Object: 0xfffffa8004bcc060Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\Lower Device Object: 0xfffffa80049341f0Lower Device Driver Name: \Driver\atapi\Driver name found: atapiInitialization returned 0x0Port sub-driver loaded: \??\C:\Windows\System32\drivers\ataport.sys (0x0)Load Function returned 0x0Downloaded database version: v2013.01.17.03Downloaded database version: v2013.01.17.04Downloaded database version: v2013.01.17.05Downloaded database version: v2013.01.17.06Downloaded database version: v2013.01.17.07Downloaded database version: v2013.01.17.08Downloaded database version: v2013.01.17.09Downloaded database version: v2013.01.18.01Downloaded database version: v2013.01.18.02Initializing...Done!<<<2>>>Device number: 0, partition: 2Physical Sector Size: 512Drive: 0, DevicePointer: 0xfffffa8004bcc060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xfffffa8004bccb90, DeviceName: Unknown, DriverName: \Driver\partmgr\DevicePointer: 0xfffffa8004bcc060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\DevicePointer: 0xfffffa80049341f0, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\------------ End ----------Upper DeviceData: 0xfffff8a00d9151c0, 0xfffffa8004bcc060, 0xfffffa8004017330Lower DeviceData: 0xfffff8a00ba64590, 0xfffffa80049341f0, 0xfffffa8003ccfc90<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesScanning directory: C:\Windows\system32\drivers...Done!Drive 0Scanning MBR on drive 0...Inspecting partition table:MBR Signature: 55AADisk Signature: 2BBEECFFPartition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 2048 Numsec = 204800 Partition file system is NTFS Partition is bootable Partition 1 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 206848 Numsec = 533182464 Partition 2 type is Extended with LBA (0xf) Partition is NOT ACTIVE. Partition starts at LBA: 533389312 Numsec = 60809216 Partition 3 type is Other (0x12) Partition is NOT ACTIVE. Partition starts at LBA: 594198528 Numsec = 30943920Disk Size: 320072933376 bytesSector size: 512 bytesScanning physical sectors of unpartitioned space on drive 0 (1-2047-625122448-625142448)...Physical Sector Size: 0Drive: 3, DevicePointer: 0xfffffa8006047060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xfffffa8005994850, DeviceName: Unknown, DriverName: \Driver\partmgr\DevicePointer: 0xfffffa8006047060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\DevicePointer: 0xfffffa8005995b70, DeviceName: \Device\00000084\, DriverName: \Driver\USBSTOR\------------ End ----------Done!Performing system, memory and registry scan...Done!Scan finished======================================= Link to post Share on other sites More sharing options...
MrCharlie Posted January 18, 2013 ID:636004 Share Posted January 18, 2013 MBAR FOUND the malware...look at the logs!!Next............Please download and run ComboFix.The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.Please visit this webpage for download links, and instructions for running ComboFixhttp://www.bleepingc...to-use-combofixEnsure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.Information on disabling your malware programs can be found Here.Make sure you run ComboFix from your desktop. Give it at least 30-45 minutes to finish if needed.Please include the C:\ComboFix.txt in your next reply for further review.---------->NOTE<----------If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.MrC Link to post Share on other sites More sharing options...
Maurice Naggar Posted January 23, 2013 ID:638262 Share Posted January 23, 2013 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts