Jump to content

recurring virus issue


Recommended Posts

Hello, I'm having an issue with completely ridding my computer of a trojan. I have tried removal with MBAM and it is gone for a while but comes back. I also have issues with an svchost.exe process (of which there are about 14 running). A random svchost.exe process eats up all my bandwidth and kills everyone elses internet use in the house. The details of the svchost.exe is "C:\Windows\syswow64\svchost.exe -k netsvcs". Here are my logs from DDS:

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16476 BrowserJavaVersion: 10.7.2

Run by David at 20:34:30 on 2013-04-13

#Option Extended Search is enabled.

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8099.4899 [GMT -5:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

c:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskhost.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k apphost

C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe

C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe

c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe

C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\sqlservr.exe

C:\Program Files\Microsoft SQL Server\MSAS10_50.MSSQLSERVER\OLAP\bin\msmdsrv.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Program Files\Microsoft SQL Server\MSRS10_50.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe

C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\svchost.exe -k iissvcs

C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe

c:\Program Files\Microsoft Security Client\NisSrv.exe

c:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\fdhost.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\System32\rundll32.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Logitech Gaming Software\LCore.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe

C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe

C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe

C:\Program Files\Logitech Gaming Software\Applets\LCDPop3.exe

C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Users\David\Downloads\ProcessExplorer\procexp.exe

C:\Users\David\AppData\Local\Temp\procexp64.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\syswow64\svchost.exe -k netsvcs

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

mWinlogon: Userinit = userinit.exe,

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Microsoft Web Test Recorder 10.0 Helper: {876d9f09-c6d6-4324-a2cc-04dd9a4de12f} - C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

BHO: Microsoft Web Test Recorder 10.0 Helper: {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - c:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll

EB: Developer Tools: {1A6FE369-F28C-4AD9-A3E6-2BCB50807CF1} - C:\Program Files (x86)\Internet Explorer\iedvtool.dll

EB: Web Test Recorder 10.0: {3142c289-f319-47f5-a594-a827028714c9} -

EB: Web Test Recorder 10.0: {5802D092-1784-4908-8CDB-99B6842D353D} -

uRun: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent

mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

StartupFolder: C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files (x86)\Fiddler2\Fiddler.exe"

DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} - hxxps://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

TCP: NameServer = 10.0.0.1

TCP: Interfaces\{FF444613-C8D0-4DB4-B90E-4ACCAFD38C9E} : DHCPNameServer = 10.0.0.1

TCP: Interfaces\{FF444613-C8D0-4DB4-B90E-4ACCAFD38C9E}\2627F6D6C65697 : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{FF444613-C8D0-4DB4-B90E-4ACCAFD38C9E}\37567616C6 : DHCPNameServer = 216.146.240.11 216.146.240.15 192.168.37.1

TCP: Interfaces\{FF444613-C8D0-4DB4-B90E-4ACCAFD38C9E}\94056435027457563747 : DHCPNameServer = 10.100.0.189 10.100.0.10

TCP: Interfaces\{FF444613-C8D0-4DB4-B90E-4ACCAFD38C9E}\B496D6265627 : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{FF444613-C8D0-4DB4-B90E-4ACCAFD38C9E}\C696E6B6379737 : DHCPNameServer = 97.64.209.36 97.64.168.13

TCP: Interfaces\{FF444613-C8D0-4DB4-B90E-4ACCAFD38C9E}\D45495542535 : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{FF444613-C8D0-4DB4-B90E-4ACCAFD38C9E}\E4564774561627 : DHCPNameServer = 10.0.0.1

AppInit_DLLs= C:\Windows\SysWOW64\nvinit.dll

SSODL: WebCheck - <orphaned>

x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe

x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe

x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe

x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe

x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch

x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

x64-Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe /minimized

x64-IE: {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files (x86)\Fiddler2\Fiddler.exe"

x64-DPF: {19DFFB5D-E30A-4E3B-8524-0AD8F4D88D32} - hxxps://72.22.223.12:60443/XTunnel64.cab

x64-Notify: igfxcui - igfxdev.dll

x64-SSODL: WebCheck - <orphaned>

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\31uue3i1.default\

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll

FF - plugin: C:\Users\David\AppData\Roaming\Mozilla\plugins\npicaN.dll

FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll

FF - plugin: C:\Windows\SysWOW64\npmproxy.dll

.

============= SERVICES / DRIVERS ===============

.

R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320]

R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2012-9-22 30056]

R2 MsDepSvc;Web Deployment Agent Service;C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe [2011-4-1 67400]

R2 MsDtsServer100;SQL Server Integration Services 10.0;C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe [2011-4-24 210784]

R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-3-20 130008]

R2 ReportServer;SQL Server Reporting Services (MSSQLSERVER);C:\Program Files\Microsoft SQL Server\MSRS10_50.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2011-4-24 2175328]

R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-10-15 317440]

R3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2011-6-23 174680]

R3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);C:\Windows\System32\drivers\JME.sys [2011-1-14 132624]

R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\drivers\LGBusEnum.sys [2009-11-23 22408]

R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\drivers\LGVirHid.sys [2009-11-23 16008]

R3 MSSQLFDLauncher;SQL Full-text Filter Daemon Launcher (MSSQLSERVER);C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe [2010-4-3 32096]

R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]

R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-11-19 80384]

R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-11-19 181248]

R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\Windows\System32\drivers\rtl8192ce.sys [2012-9-22 876136]

R3 ScreamBAudioSvc;ScreamBee Audio;C:\Windows\System32\drivers\ScreamingBAudio64.sys [2009-12-1 38992]

R3 SSLDrv;Virtual Passage SSLDrv Adapter;C:\Windows\System32\drivers\SSLDrv.sys [2010-4-30 21576]

R3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);C:\Windows\System32\drivers\vcsvad.sys [2012-10-19 21504]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-9 123856]

S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-20 20992]

S3 Synth3dVsc;Synth3dVsc;C:\Windows\System32\drivers\Synth3dVsc.sys [2011-4-12 88960]

S3 Te.Service;Te.Service;C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [2012-7-25 126976]

S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2011-4-12 34816]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]

S3 tsusbhub;tsusbhub;C:\Windows\System32\drivers\tsusbhub.sys [2011-4-12 117248]

S3 VSPerfDrv100;Performance Tools Driver 10.0;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2011-1-18 68440]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-9-22 1255736]

S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2010-4-3 59744]

S4 RsFx0103;RsFx0103 Driver;C:\Windows\System32\drivers\RsFx0103.sys [2009-3-30 311656]

S4 RsFx0150;RsFx0150 Driver;C:\Windows\System32\drivers\RsFx0150.sys [2010-4-3 313696]

S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 427880]

.

=============== Created Last 60 ================

.

2013-04-13 20:10:24 -------- d-----w- C:\Users\David\AppData\Roaming\Wireshark

2013-04-13 20:00:44 -------- d-----w- C:\Program Files (x86)\WinPcap

2013-04-13 20:00:08 -------- d-----w- C:\Program Files\Wireshark

2013-04-13 19:34:10 7680 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\18AC.tmp

2013-04-13 19:34:10 7680 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\18AB.tmp

2013-04-13 18:25:09 9311288 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{38E3C2EC-E617-438A-8421-7990020C2177}\mpengine.dll

2013-04-12 17:48:46 208216 ----a-w- C:\Windows\System32\drivers\25534636.sys

2013-04-12 15:24:02 -------- d-----w- C:\Windows\pss

2013-04-12 14:09:39 9311288 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2013-04-10 04:29:09 3717632 ----a-w- C:\Windows\System32\mstscax.dll

2013-04-10 04:29:09 3217408 ----a-w- C:\Windows\SysWow64\mstscax.dll

2013-04-10 04:29:08 44032 ----a-w- C:\Windows\System32\tsgqec.dll

2013-04-10 04:29:08 36864 ----a-w- C:\Windows\SysWow64\tsgqec.dll

2013-04-10 04:29:08 158720 ----a-w- C:\Windows\System32\aaclient.dll

2013-04-10 04:29:08 131584 ----a-w- C:\Windows\SysWow64\aaclient.dll

2013-04-10 04:29:04 3153408 ----a-w- C:\Windows\System32\win32k.sys

2013-04-10 04:29:02 1655656 ----a-w- C:\Windows\System32\drivers\ntfs.sys

2013-04-10 04:23:57 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe

2013-04-10 04:23:56 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2013-04-10 04:23:55 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll

2013-04-10 04:23:55 43520 ----a-w- C:\Windows\System32\csrsrv.dll

2013-04-10 04:23:55 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2013-04-10 04:23:55 112640 ----a-w- C:\Windows\System32\smss.exe

2013-04-09 15:43:17 -------- d-----w- C:\Users\David\AppData\Roaming\Curse Advertising

2013-03-24 06:33:58 -------- d-----w- C:\Users\David\AppData\Local\7-Zip

2013-03-21 23:54:16 972264 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{61A0177C-9EB8-4F8D-AB5B-09658C808B52}\gapaengine.dll

2013-03-20 20:32:04 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys

2013-03-15 22:42:11 -------- d-----w- C:\Users\David\AppData\Local\Logitech

2013-03-15 22:40:47 -------- d-----w- C:\Program Files\Logitech Gaming Software

2013-03-15 22:39:44 -------- d-----w- C:\Users\David\AppData\Roaming\Logishrd

2013-03-15 02:45:38 82192 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VSTT\10.0\Microsoft.VisualStudio.TestTools.UITest.Extension.IE64.EventHelper.dll

2013-03-15 02:45:38 82168 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VSTT\10.0\Microsoft.VisualStudio.TestTools.UITest.Extension.IE.EventHelper.dll

2013-03-15 02:45:38 482536 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VSTT\10.0\Microsoft.VisualStudio.TestTools.UITest.Playback.Engine.dll

2013-03-15 02:45:38 143120 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VSTT\10.0\Microsoft.VisualStudio.TestTools.UITest.Extension.IE64.Communication.dll

2013-03-15 02:45:38 119552 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VSTT\10.0\Microsoft.VisualStudio.TestTools.UITest.Extension.IE.Communication.dll

2013-03-10 20:50:34 -------- d-----w- C:\oqueue

2013-03-08 01:26:04 -------- d-----w- C:\eQuote v3.0.9

2013-03-08 00:52:40 -------- d-----w- C:\SQL_CATALOG

2013-03-01 04:04:07 -------- d-----w- C:\MobileNewspaperDemo3

2013-03-01 04:01:50 -------- d-----w- C:\Storage

2013-03-01 01:57:19 -------- d-----w- C:\MobileWebDemoJQuery

2013-02-27 19:20:40 -------- d-----w- C:\MobileNewspaperDemo

2013-02-18 15:50:42 -------- d-----w- C:\Users\David\AppData\Roaming\Telerik

2013-02-17 23:02:36 -------- d-----w- C:\ProgramData\Microsoft Team Foundation Local Workspaces

2013-02-13 14:20:11 215040 ----a-w- C:\Windows\System32\winsrv.dll

2013-02-13 14:20:10 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2013-02-13 14:20:10 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2013-02-13 14:20:10 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2013-02-13 14:20:10 2048 ----a-w- C:\Windows\SysWow64\user.exe

2013-02-13 14:20:10 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2013-02-13 14:20:05 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS

2013-02-13 14:20:05 1913192 ----a-w- C:\Windows\System32\drivers\tcpip.sys

.

==================== Find6M ====================

.

2013-04-04 19:50:32 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2013-04-02 10:34:28 282744 ------w- C:\Windows\System32\MpSigStub.exe

2013-02-22 06:27:49 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2013-02-22 06:20:51 1392128 ----a-w- C:\Windows\System32\wininet.dll

2013-02-22 06:19:37 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2013-02-22 06:15:48 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2013-02-22 06:15:23 599040 ----a-w- C:\Windows\System32\vbscript.dll

2013-02-22 06:12:41 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2013-02-22 03:46:00 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2013-02-22 03:38:00 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2013-02-22 03:37:50 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2013-02-22 03:34:17 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2013-02-22 03:34:03 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll

2013-02-22 03:31:46 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2013-01-20 21:59:04 230320 ----a-w- C:\Windows\System32\drivers\MpFilter.sys

2013-01-20 21:59:04 130008 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys

2013-01-04 04:43:21 44032 ----a-w- C:\Windows\apppatch\acwow64.dll

2012-12-16 17:11:22 46080 ----a-w- C:\Windows\System32\atmlib.dll

2012-12-16 14:45:03 367616 ----a-w- C:\Windows\System32\atmfd.dll

2012-12-16 14:13:28 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll

2012-12-16 14:13:20 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll

2012-11-23 03:13:57 68608 ----a-w- C:\Windows\System32\taskhost.exe

2012-11-20 05:48:49 307200 ----a-w- C:\Windows\System32\ncrypt.dll

2012-11-20 04:51:09 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll

2012-11-09 05:45:32 750592 ----a-w- C:\Windows\System32\win32spl.dll

2012-11-09 05:45:09 2048 ----a-w- C:\Windows\System32\tzres.dll

2012-11-09 04:43:04 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll

2012-11-09 04:42:49 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2012-11-02 05:59:11 478208 ----a-w- C:\Windows\System32\dpnet.dll

2012-11-02 05:11:31 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll

2012-11-01 05:43:42 2002432 ----a-w- C:\Windows\System32\msxml6.dll

2012-11-01 05:43:42 1882624 ----a-w- C:\Windows\System32\msxml3.dll

2012-11-01 04:47:54 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll

2012-11-01 04:47:54 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll

.

============= FINISH: 20:35:50.52 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Ultimate

Boot Device: \Device\HarddiskVolume1

Install Date: 9/22/2012 2:43:15 PM

System Uptime: 4/13/2013 4:47:03 PM (4 hours ago)

.

Motherboard: CLEVO CO. | | W150HRM

Processor: Intel® Core i7-2630QM CPU @ 2.00GHz | SOCKET 0 | 2001/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 466 GiB total, 265.037 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP99: 3/21/2013 6:37:00 PM - Windows Update

RP100: 3/25/2013 12:46:23 AM - Windows Update

RP101: 3/28/2013 6:52:31 PM - Windows Update

RP102: 4/1/2013 7:25:17 PM - Windows Update

RP103: 4/5/2013 9:50:30 AM - Windows Update

RP104: 4/9/2013 10:51:47 AM - Windows Update

RP105: 4/10/2013 8:22:33 AM - Windows Update

RP106: 4/13/2013 1:24:36 PM - Windows Update

.

==== Installed Programs ======================

.

Tools for .Net 3.5

7-Zip 9.20 (x64 edition)

Adobe Flash Player 11 ActiveX

Adobe Reader X (10.1.4)

Android SDK Tools

AV Voice Changer Software DIAMOND 7.0

Blend for Visual Studio 2012

Blend for Visual Studio 2012 ENU resources

Cisco EAP-FAST Module

Cisco LEAP Module

Cisco PEAP Module

Citrix XenApp Web Plugin

Crystal Reports for Visual Studio

Curse Client

Dota 2

Dotfuscator and Analytics Community Edition

Dotfuscator Software Services - Community Edition

Entity Framework Designer for Visual Studio 2012 - enu

Fiddler

Fiddler Syntax-Highlighting Addons

GDR 1617 for SQL Server 2008 R2 (KB2494088) (64-bit)

Guild Wars 2

Hotfix for Microsoft Team Foundation Server 2010 Object Model - ENU (KB2736182)

Hotfix for Microsoft Team Foundation Server 2010 Object Model - ENU (KB2813041)

Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)

Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)

Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)

Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)

Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)

Hotfix for Microsoft Visual Studio 2010 Ultimate - ENU (KB2529927)

Hotfix for Microsoft Visual Studio 2010 Ultimate - ENU (KB2548139)

Hotfix for Microsoft Visual Studio 2010 Ultimate - ENU (KB2549864)

Hotfix for Microsoft Visual Studio 2010 Ultimate - ENU (KB2565057)

Hotfix for Microsoft Visual Studio 2010 Ultimate - ENU (KB2635973)

Hotfix for Microsoft Visual Studio 2010 Ultimate - ENU (KB2736182)

Hotfix for Microsoft Visual Studio 2010 Ultimate - ENU (KB2813041)

Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2280741)

Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2284668)

Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2295689)

Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2420513)

Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2452649)

Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2455033)

Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2485545)

Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB982517)

Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB982721)

Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB983233)

IIS 8.0 Express

IIS Express Application Compatibility Database for x64

IIS Express Application Compatibility Database for x86

Intel® Processor Graphics

Java 7 Update 7

Java 7 Update 7 (64-bit)

Java Auto Updater

Java SE Development Kit 7 Update 7 (64-bit)

JMicron Ethernet Adapter NDIS Driver

JMicron Flash Media Controller Driver

LocalESPC

LocalESPCui for en-us

Logitech Gaming Software

Logitech Gaming Software 8.40

Malwarebytes Anti-Malware version 1.75.0.1300

Microsoft .NET Framework 4 Multi-Targeting Pack

Microsoft .NET Framework 4.5

Microsoft .NET Framework 4.5 Multi-Targeting Pack

Microsoft .NET Framework 4.5 SDK

Microsoft Application Error Reporting

Microsoft ASP.NET MVC 2

Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools

Microsoft ASP.NET MVC 3

Microsoft ASP.NET MVC 3 - Visual Studio 2010 Tools Update

Microsoft ASP.NET MVC 3 - Visual Studio 2012 Tools Update

Microsoft ASP.NET MVC 4 - Visual Studio 2012 Tools

Microsoft ASP.NET MVC 4 Runtime

Microsoft ASP.NET Web Pages

Microsoft ASP.NET Web Pages - Visual Studio 2010 Tools

Microsoft ASP.NET Web Pages - Visual Studio 2012 Tools

Microsoft ASP.NET Web Pages 2 - Visual Studio 2012 Tools

Microsoft ASP.NET Web Pages 2 Runtime

Microsoft Help Viewer 1.1

Microsoft Help Viewer 2.0

Microsoft LightSwitch for Visual Studio 2012 Core

Microsoft LightSwitch for Visual Studio 2012 CoreRes - ENU

Microsoft NuGet - Visual Studio 2012

Microsoft Office 2003 Web Components

Microsoft Portable Library Multi-Targeting Pack

Microsoft Portable Library Multi-Targeting Pack Language Pack - enu

Microsoft Report Viewer Add-On for Visual Studio 2012

Microsoft Report Viewer Redistributable 2008 (KB971119)

Microsoft Report Viewer Redistributable 2008 SP1

Microsoft Security Client

Microsoft Security Essentials

Microsoft Silverlight

Microsoft Silverlight 3 SDK

Microsoft Silverlight 4 SDK

Microsoft Silverlight 5 SDK

Microsoft SQL Server 2008 (64-bit)

Microsoft SQL Server 2008 Database Engine Services

Microsoft SQL Server 2008 R2 (64-bit)

Microsoft SQL Server 2008 R2 Books Online

Microsoft SQL Server 2008 R2 Data-Tier Application Framework

Microsoft SQL Server 2008 R2 Data-Tier Application Project

Microsoft SQL Server 2008 R2 Management Objects

Microsoft SQL Server 2008 R2 Management Objects (x64)

Microsoft SQL Server 2008 R2 Native Client

Microsoft SQL Server 2008 R2 Policies

Microsoft SQL Server 2008 R2 RsFx Driver

Microsoft SQL Server 2008 R2 Setup (English)

Microsoft SQL Server 2008 R2 Transact-SQL Language Service

Microsoft SQL Server 2008 RsFx Driver

Microsoft SQL Server 2008 Setup Support Files

Microsoft SQL Server 2012 Command Line Utilities

Microsoft SQL Server 2012 Data-Tier App Framework

Microsoft SQL Server 2012 Express LocalDB

Microsoft SQL Server 2012 Management Objects

Microsoft SQL Server 2012 Management Objects (x64)

Microsoft SQL Server 2012 Native Client

Microsoft SQL Server 2012 T-SQL Language Service

Microsoft SQL Server 2012 Transact-SQL Compiler Service

Microsoft SQL Server 2012 Transact-SQL ScriptDom

Microsoft SQL Server Browser

Microsoft SQL Server Compact 3.5 SP2 ENU

Microsoft SQL Server Compact 3.5 SP2 Query Tools ENU

Microsoft SQL Server Compact 3.5 SP2 x64 ENU

Microsoft SQL Server Compact 4.0 SP1 x64 ENU

Microsoft SQL Server Data Tools - enu (11.1.20627.00)

Microsoft SQL Server Data Tools Build Utilities - enu (11.1.20627.00)

Microsoft SQL Server Database Publishing Wizard 1.4

Microsoft SQL Server System CLR Types

Microsoft SQL Server System CLR Types (x64)

Microsoft SQL Server VSS Writer

Microsoft Sync Framework Runtime v1.0 SP1 (x64)

Microsoft Sync Framework SDK v1.0 SP1

Microsoft Sync Framework Services v1.0 SP1 (x64)

Microsoft Sync Services for ADO.NET v2.0 SP1 (x64)

Microsoft System CLR Types for SQL Server 2012

Microsoft System CLR Types for SQL Server 2012 (x64)

Microsoft Team Foundation Server 2010 Object Model - ENU

Microsoft Visual C++ Compilers 2010 Standard - enu - x64

Microsoft Visual C++ Compilers 2010 Standard - enu - x86

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x64 Designtime - 10.0.30319

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219

Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219

Microsoft Visual C++ 2012 x64 Designtime - 11.0.50727

Microsoft Visual C++ 2012 Compilers

Microsoft Visual C++ 2012 Compilers - ENU Resources

Microsoft Visual C++ 2012 Core Libraries

Microsoft Visual C++ 2012 Extended Libraries

Microsoft Visual C++ 2012 Microsoft Foundation Class Libraries

Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727

Microsoft Visual C++ 2012 x64 Debug Runtime - 11.0.50727

Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727

Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727

Microsoft Visual C++ 2012 x86 Debug Runtime - 11.0.50727

Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727

Microsoft Visual F# 2.0 Runtime

Microsoft Visual Studio 2008 Shell (integrated mode) - ENU

Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools

Microsoft Visual Studio 2010 IntelliTrace Collection (x64)

Microsoft Visual Studio 2010 Office Developer Tools (x64)

Microsoft Visual Studio 2010 Performance Collection Tools SP1 - ENU

Microsoft Visual Studio 2010 Service Pack 1

Microsoft Visual Studio 2010 SharePoint Developer Tools

Microsoft Visual Studio 2010 Tools for Office Runtime (x64)

Microsoft Visual Studio 2010 Ultimate - ENU

Microsoft Visual Studio 2012 Devenv

Microsoft Visual Studio 2012 Devenv Resources

Microsoft Visual Studio 2012 IntelliTrace Core amd64

Microsoft Visual Studio 2012 IntelliTrace Core x86

Microsoft Visual Studio 2012 IntelliTrace Front End x86

Microsoft Visual Studio 2012 Performance Collection Tools

Microsoft Visual Studio 2012 Performance Collection Tools - ENU

Microsoft Visual Studio 2012 Preparation

Microsoft Visual Studio 2012 SharePoint Developer Tools

Microsoft Visual Studio 2012 SharePoint Developer Tools ENU Language Pack

Microsoft Visual Studio 2012 Shell (Minimum)

Microsoft Visual Studio 2012 Shell (Minimum) Interop Assemblies

Microsoft Visual Studio 2012 Shell (Minimum) Resources

Microsoft Visual Studio 2012 Tools for SQL Server Compact 4.0 SP1 ENU

Microsoft Visual Studio Premium 2012

Microsoft Visual Studio Premium 2012 - ENU

Microsoft Visual Studio Professional 2012

Microsoft Visual Studio Professional 2012 - ENU

Microsoft Visual Studio Team Foundation Server 2012 Object Model

Microsoft Visual Studio Team Foundation Server 2012 Object Model Language Pack - ENU

Microsoft Visual Studio Team Foundation Server 2012 Storyboarding

Microsoft Visual Studio Team Foundation Server 2012 Storyboarding Language Pack - ENU

Microsoft Visual Studio Team Foundation Server 2012 Team Explorer

Microsoft Visual Studio Team Foundation Server 2012 Team Explorer Language Pack - ENU

Microsoft Visual Studio Tools for Applications 2.0 - ENU

Microsoft Visual Studio Ultimate 2012

Microsoft Visual Studio Ultimate 2012 - ENU

Microsoft Visual Studio Ultimate 2012 XAML UI Designer Core

Microsoft Visual Studio Ultimate 2012 XAML UI Designer enu Resources

Microsoft Web Deploy 2.0

Microsoft Web Deploy 3.0

Microsoft Web Deploy dbSqlPackage Provider - enu

Microsoft Web Developer Tools - Visual Studio 2012

Microsoft Web Platform Installer 4.0

MorphVOX Junior

Mount & Blade: Warband

Mozilla Firefox 19.0.2 (x86 en-US)

Mozilla Maintenance Service

Neverwinter Nights 2: Platinum

Nexuiz

Notepad++

NuGet

NVIDIA Control Panel 306.23

NVIDIA Graphics Driver 306.23

NVIDIA Install Application

NVIDIA Optimus 1.10.8

NVIDIA PhysX

NVIDIA PhysX System Software 9.12.0604

NVIDIA Update 1.10.8

NVIDIA Update Components

Path of Exile

PreEmptive Analytics Visual Studio Components

Prerequisites for SSDT

Realtek High Definition Audio Driver

REALTEK Wireless LAN Driver

Red Faction: Guerrilla

Renesas Electronics USB 3.0 Host Controller Driver

Saints Row: The Third

Security Update for Microsoft .NET Framework 4.5 (KB2729460)

Security Update for Microsoft .NET Framework 4.5 (KB2737083)

Security Update for Microsoft .NET Framework 4.5 (KB2742613)

Security Update for Microsoft .NET Framework 4.5 (KB2789648)

Security Update for Microsoft Visual Studio 2010 Ultimate - ENU (KB2644980)

Security Update for Microsoft Visual Studio 2010 Ultimate - ENU (KB2645410)

Service Pack 1 for SQL Server 2008 (KB968369) (64-bit)

SQL Server 2008 R2 Analysis Services

SQL Server 2008 R2 BI Development Studio

SQL Server 2008 R2 Client Tools

SQL Server 2008 R2 Common Files

SQL Server 2008 R2 Database Engine Services

SQL Server 2008 R2 Database Engine Shared

SQL Server 2008 R2 Full text search

SQL Server 2008 R2 Integration Services

SQL Server 2008 R2 Management Studio

SQL Server 2008 R2 Reporting Services

Sql Server Customer Experience Improvement Program

Steam

Synaptics Pointing Device Driver

The Elder Scrolls V: Skyrim

Thief 2

Torchlight II

Update for Microsoft Visual Studio 2012 (KB2781514)

Ventrilo Client for Windows x64

Visual Studio 2010 Prerequisites - English

Visual Studio 2010 SP1 Tools for SQL Server Compact 4.0 ENU

Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU

Visual Studio 2012 Prerequisites

Visual Studio 2012 Prerequisites - ENU Language Pack

Visual Studio Extensions for Windows Library for JavaScript

WCF Data Services 5.0 (for OData v3) Primary Components

WCF Data Services Tools for Microsoft Visual Studio 2012

WCF RIA Services V1.0 SP2

Web Deployment Tool

Web Standards Update for Visual Studio 2010 SP1

Windows App Certification Kit Native Components

Windows App Certification Kit x64

Windows Runtime Intellisense Content - en-us

Windows Software Development Kit

Windows Software Development Kit DirectX x64 Remote

Windows Software Development Kit DirectX x86 Remote

Windows Software Development Kit for Windows Store Apps

Windows Software Development Kit for Windows Store Apps DirectX x64 Remote

Windows Software Development Kit for Windows Store Apps DirectX x86 Remote

WinPcap 4.1.2

Wireshark 1.8.6 (64-bit)

.

==== Event Viewer Messages From Past Week ========

.

4/13/2013 6:33:14 PM, Error: Service Control Manager [7034] - The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s).

4/13/2013 4:39:06 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\Rtlihvs.dll Error Code: 126

4/13/2013 4:14:01 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

4/13/2013 4:14:01 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

4/13/2013 3:12:24 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

4/13/2013 3:12:24 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

4/13/2013 3:12:18 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\Rtlihvs.dll Error Code: 21

4/13/2013 3:12:17 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

4/13/2013 3:12:09 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

4/13/2013 3:12:02 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache MpFilter spldr Wanarpv6

4/13/2013 2:53:26 PM, Error: Service Control Manager [7031] - The Windows Modules Installer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

4/13/2013 2:53:19 PM, Error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

4/13/2013 2:34:14 PM, Error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort1.

4/11/2013 3:43:32 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

4/11/2013 3:43:31 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

4/11/2013 3:43:31 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

4/11/2013 3:43:16 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache MpFilter NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf

4/11/2013 3:43:16 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

4/11/2013 3:43:16 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

4/11/2013 3:43:16 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

4/11/2013 3:43:16 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

4/11/2013 3:43:16 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

4/11/2013 3:43:16 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.

4/11/2013 3:43:16 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

4/11/2013 3:43:16 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

4/11/2013 3:43:16 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

4/11/2013 3:43:16 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

.

==== End Of File ===========================

Link to post
Share on other sites

  • Staff

Please do the following:

Download the appropriate version for your system of the Farbar Recovery Scan Tool and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

To enter System Recovery Options by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

On the System Recovery Options menu you will get the following options:


    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt

[*]Select Command Prompt

[*]In the command window type in notepad and press Enter.

[*]The notepad opens. Under File menu select Open.

[*]Select "Computer" and find your flash drive letter and close the notepad.

[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter

Note: Replace letter e with the drive letter of your flash drive.

[*]The tool will start to run.

[*]When the tool opens click Yes to the disclaimer.

[*]Place a check next to List Drivers MD5 as well as the default check marks that are already there

[*]Press Scan button.

[*]type exit and reboot the computer normally

[*]FRST will make a log (FRST.txt) on the flash drive, please copy and paste the log in your reply.

Link to post
Share on other sites

Hello CatByte, thanks for taking the time to help me. Here is the log:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-04-2013

Ran by SYSTEM at 13-04-2013 21:17:29

Running from F:\

Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)

The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [11775592 2011-01-26] (Realtek Semiconductor)

HKLM\...\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2328360 2010-09-16] (Synaptics Incorporated)

HKLM\...\Run: [Logitech Download Assistant] C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch [1580368 2010-11-03] (Logitech, Inc.)

HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1281512 2013-01-27] (Microsoft Corporation)

HKLM\...\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe /minimized [7406392 2012-11-28] (Logitech Inc.)

HKLM-x32\...\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [113288 2010-11-17] (Renesas Electronics Corporation)

HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)

HKU\David\...\Run: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent [1631144 2013-03-29] (Valve Corporation)

Tcpip\Parameters: [DhcpNameServer] 10.0.0.1

AppInit_DLLs: C:\Windows\system32\nvinitx.dll

Startup: C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()

==================== Services (Whitelisted) ===================

3 fussvc; "C:\Program Files (x86)\Windows Kits\8.0\App Certification Kit\fussvc.exe" [139776 2012-07-25] (Microsoft Corporation)

2 MsDepSvc; "C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe" -runService:MsDepSvc [67400 2011-04-01] (Microsoft Corporation)

2 MsDtsServer100; "C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe" [210784 2011-04-23] (Microsoft Corporation)

2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [22056 2013-01-27] (Microsoft Corporation)

2 MSSQLSERVER; "C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\sqlservr.exe" -sMSSQLSERVER [61916000 2011-04-23] (Microsoft Corporation)

3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [379360 2013-01-27] (Microsoft Corporation)

2 ReportServer; "C:\Program Files\Microsoft SQL Server\MSRS10_50.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe" [2175328 2011-04-23] (Microsoft Corporation)

3 SQLSERVERAGENT; "C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE" -i MSSQLSERVER [428384 2011-04-23] (Microsoft Corporation)

3 Te.Service; "C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe" [126976 2012-07-25] (Microsoft Corporation)

2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)

2 W3SVC; C:\Windows\SysWow64\inetsrv\iisw3adm.dll [397824 2010-11-20] (Microsoft Corporation)

3 MSSQLFDLauncher; "C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe" -s MSSQL10_50.MSSQLSERVER [x]

2 MSSQLServerOLAPService; "C:\Program Files\Microsoft SQL Server\MSAS10_50.MSSQLSERVER\OLAP\bin\msmdsrv.exe" -s "C:\Program Files\Microsoft SQL Server\MSAS10_50.MSSQLSERVER\OLAP\Config" [x]

3 rpcapd; "C:\Program Files (x86)\WinPcap\rpcapd.exe" -d -f "C:\Program Files (x86)\WinPcap\rpcapd.ini" [x]

==================== Drivers (Whitelisted) =====================

0 MpFilter; C:\Windows\System32\Drivers\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)

2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)

2 NPF; C:\Windows\System32\Drivers\NPF.sys [35344 2010-06-25] (CACE Technologies, Inc.)

3 SSLDrv; C:\Windows\System32\Drivers\SSLDrv.sys [21576 2010-04-30] (Cavium Networks)

3 VCSVADHWSer; C:\Windows\System32\DRIVERS\vcsvad.sys [21504 2008-12-26] (Avnex)

3 VSPerfDrv110; \??\C:\Program Files (x86)\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\x64\VSPerfDrv110.sys [70264 2012-07-13] (Microsoft Corporation)

1 eopygxbs; \??\C:\Windows\system32\drivers\eopygxbs.sys [x]

3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ====================

==================== One Month Created Files and Folders ========

2013-04-13 21:17 - 2013-04-13 21:17 - 00000000 ____D C:\FRST

2013-04-13 18:00 - 2013-04-13 18:00 - 00001908 ____A C:\Windows\diagwrn.xml

2013-04-13 18:00 - 2013-04-13 18:00 - 00001908 ____A C:\Windows\diagerr.xml

2013-04-13 17:56 - 2013-04-13 17:56 - 01466775 ____A (Farbar) C:\Users\David\Downloads\FRST64.exe

2013-04-13 17:35 - 2013-04-13 17:40 - 00020232 ____A C:\Users\David\Desktop\attach.txt

2013-04-13 17:35 - 2013-04-13 17:35 - 00019882 ____A C:\Users\David\Desktop\dds.txt

2013-04-13 17:32 - 2013-04-13 17:32 - 00688992 ____R (Swearware) C:\Users\David\Desktop\dds.com

2013-04-13 15:58 - 2013-04-13 15:58 - 00000000 ____D C:\Users\David\Downloads\a90-750022_v5_02_00_04_js-tar

2013-04-13 15:49 - 2013-04-13 15:56 - 68920433 ____A C:\Users\David\Downloads\a90-750022_v5_02_00_04_js-tar.bz2

2013-04-13 15:36 - 2013-04-13 15:36 - 00000000 ____D C:\Users\David\Desktop\TOOLS

2013-04-13 15:28 - 2013-04-13 15:28 - 00000000 ____D C:\Users\David\Downloads\ProcessExplorer

2013-04-13 15:28 - 2013-04-13 15:28 - 00000000 ____D C:\Users\David\Downloads\Network_Meter

2013-04-13 15:26 - 2013-04-13 15:26 - 00337108 ____A C:\Users\David\Downloads\Network_Meter.zip

2013-04-13 15:23 - 2013-04-13 15:23 - 01160893 ____A C:\Users\David\Downloads\ProcessExplorer.zip

2013-04-13 12:10 - 2013-04-13 12:10 - 00000000 ____D C:\Users\David\AppData\Roaming\Wireshark

2013-04-13 12:00 - 2013-04-13 12:00 - 00000000 ____D C:\Program Files\Wireshark

2013-04-13 12:00 - 2013-04-13 12:00 - 00000000 ____D C:\Program Files (x86)\WinPcap

2013-04-13 11:55 - 2013-04-13 11:59 - 26847472 ____A (Wireshark development team) C:\Users\David\Downloads\Wireshark-win64-1.8.6.exe

2013-04-12 09:48 - 2013-04-12 09:48 - 00208216 ____A (Kaspersky Lab, GERT) C:\Windows\System32\Drivers\25534636.sys

2013-04-12 09:44 - 2013-04-12 09:44 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\David\Downloads\tdsskiller.exe

2013-04-12 07:24 - 2013-04-13 13:41 - 00000000 ____D C:\Windows\pss

2013-04-10 05:23 - 2013-02-21 22:57 - 17817088 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2013-04-10 05:23 - 2013-02-21 22:29 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2013-04-10 05:23 - 2013-02-21 22:27 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2013-04-10 05:23 - 2013-02-21 22:21 - 01346560 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2013-04-10 05:23 - 2013-02-21 22:20 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2013-04-10 05:23 - 2013-02-21 22:19 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2013-04-10 05:23 - 2013-02-21 22:18 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2013-04-10 05:23 - 2013-02-21 22:17 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2013-04-10 05:23 - 2013-02-21 22:15 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2013-04-10 05:23 - 2013-02-21 22:15 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll

2013-04-10 05:23 - 2013-02-21 22:15 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2013-04-10 05:23 - 2013-02-21 22:14 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll

2013-04-10 05:23 - 2013-02-21 22:13 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2013-04-10 05:23 - 2013-02-21 22:13 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2013-04-10 05:23 - 2013-02-21 22:12 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2013-04-10 05:23 - 2013-02-21 22:09 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2013-04-10 05:23 - 2013-02-21 20:05 - 12324352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2013-04-10 05:23 - 2013-02-21 19:47 - 09738752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2013-04-10 05:23 - 2013-02-21 19:46 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2013-04-10 05:23 - 2013-02-21 19:38 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2013-04-10 05:23 - 2013-02-21 19:38 - 01104384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2013-04-10 05:23 - 2013-02-21 19:37 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2013-04-10 05:23 - 2013-02-21 19:36 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2013-04-10 05:23 - 2013-02-21 19:35 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2013-04-10 05:23 - 2013-02-21 19:34 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2013-04-10 05:23 - 2013-02-21 19:34 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2013-04-10 05:23 - 2013-02-21 19:34 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2013-04-10 05:23 - 2013-02-21 19:33 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2013-04-10 05:23 - 2013-02-21 19:32 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2013-04-10 05:23 - 2013-02-21 19:31 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2013-04-10 05:23 - 2013-02-21 19:31 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2013-04-10 05:23 - 2013-02-21 19:28 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2013-04-09 20:29 - 2013-03-01 22:04 - 01655656 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys

2013-04-09 20:29 - 2013-02-28 19:36 - 03153408 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

2013-04-09 20:29 - 2013-02-14 22:08 - 00044032 ____A (Microsoft Corporation) C:\Windows\System32\tsgqec.dll

2013-04-09 20:29 - 2013-02-14 22:06 - 03717632 ____A (Microsoft Corporation) C:\Windows\System32\mstscax.dll

2013-04-09 20:29 - 2013-02-14 22:02 - 00158720 ____A (Microsoft Corporation) C:\Windows\System32\aaclient.dll

2013-04-09 20:29 - 2013-02-14 20:37 - 03217408 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll

2013-04-09 20:29 - 2013-02-14 20:34 - 00131584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll

2013-04-09 20:29 - 2013-02-14 19:25 - 00036864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll

2013-04-09 20:23 - 2013-03-18 22:04 - 05550424 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe

2013-04-09 20:23 - 2013-03-18 21:46 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll

2013-04-09 20:23 - 2013-03-18 21:04 - 03968856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe

2013-04-09 20:23 - 2013-03-18 21:04 - 03913560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe

2013-04-09 20:23 - 2013-03-18 20:47 - 00006656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll

2013-04-09 20:23 - 2013-03-18 19:06 - 00112640 ____A (Microsoft Corporation) C:\Windows\System32\smss.exe

2013-04-09 11:15 - 2013-04-09 11:15 - 00000000 ____D C:\Users\David\Downloads\ElvUI

2013-04-09 11:13 - 2013-04-09 11:13 - 02246732 ____A C:\Users\David\Downloads\elvui-5.95.zip

2013-04-09 11:10 - 2013-04-09 11:11 - 00000000 ____D C:\Users\David\Downloads\old

2013-04-09 07:43 - 2013-04-10 06:01 - 00000000 ____D C:\Users\David\AppData\Roaming\Curse Advertising

2013-04-08 18:46 - 2013-04-08 18:46 - 00000000 ____A C:\ProgramData\08o56QE.dat

2013-04-08 18:45 - 2013-04-08 18:45 - 00000001 ____A C:\ProgramData\o5F2L4GU.exe_.b

2013-04-08 18:45 - 2013-04-08 18:45 - 00000001 ____A C:\ProgramData\o5F2L4GU.exe.b

2013-04-08 18:45 - 2013-02-12 14:54 - 00000318 ____A C:\Users\David\Desktop\Curse Client.appref-ms

2013-03-31 12:58 - 2013-03-31 12:58 - 00010409 ____A C:\Users\David\Downloads\carhartl-jquery-cookie-v1.3.1-0-gfd724ca.zip

2013-03-31 12:58 - 2013-03-31 12:58 - 00000000 ____D C:\Users\David\Downloads\carhartl-jquery-cookie-fedc4cb

2013-03-29 11:59 - 2013-03-29 11:59 - 00406389 ____A C:\Users\David\Downloads\Neverwinter_Nights_Launcher_1.11.zip

2013-03-29 10:12 - 2013-03-29 10:13 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2013-03-23 22:33 - 2013-03-25 15:49 - 00000000 ____D C:\Users\David\AppData\Local\7-Zip

2013-03-20 12:32 - 2013-02-11 20:12 - 00019968 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usb8023.sys

2013-03-16 09:22 - 2013-04-05 20:18 - 00000000 ____D C:\Program Files (x86)\Warcraft III

2013-03-15 14:42 - 2013-03-15 14:42 - 00000000 ____D C:\Users\David\AppData\Roaming\Leadertech

2013-03-15 14:42 - 2013-03-15 14:42 - 00000000 ____D C:\Users\David\AppData\Local\Logitech

2013-03-15 14:41 - 2013-03-15 14:41 - 00000000 ____D C:\ProgramData\LogiShrd

2013-03-15 14:40 - 2013-03-15 14:41 - 00000000 ____D C:\Program Files\Logitech Gaming Software

2013-03-15 14:39 - 2013-03-15 14:39 - 00000000 ____D C:\Users\David\AppData\Roaming\Logitech

2013-03-15 14:39 - 2013-03-15 14:39 - 00000000 ____D C:\Users\David\AppData\Roaming\Logishrd

2013-03-15 14:23 - 2013-03-15 14:39 - 62673992 ____A (Logitech Inc.) C:\Users\David\Downloads\lgs840_x64.exe

2013-03-14 15:47 - 2013-04-12 13:57 - 00002046 ___AH C:\Users\David\Documents\Default.rdp

2013-03-14 00:00 - 2013-03-14 00:01 - 00000000 ____D C:\Program Files\Microsoft Silverlight

2013-03-14 00:00 - 2013-03-14 00:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight

==================== One Month Modified Files and Folders =======

2013-04-13 18:11 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2013-04-13 18:11 - 2009-07-13 20:51 - 00000723 ____A C:\Windows\setupact.log

2013-04-13 18:04 - 2012-09-22 13:38 - 01203624 ____A C:\Windows\WindowsUpdate.log

2013-04-13 18:00 - 2013-04-13 18:00 - 00001908 ____A C:\Windows\diagwrn.xml

2013-04-13 18:00 - 2013-04-13 18:00 - 00001908 ____A C:\Windows\diagerr.xml

2013-04-13 18:00 - 2009-07-13 20:51 - 00000000 ____A C:\Windows\setuperr.log

2013-04-13 17:58 - 2009-07-13 21:13 - 01128962 ____A C:\Windows\System32\PerfStringBackup.INI

2013-04-13 17:56 - 2013-04-13 17:56 - 01466775 ____A (Farbar) C:\Users\David\Downloads\FRST64.exe

2013-04-13 17:40 - 2013-04-13 17:35 - 00020232 ____A C:\Users\David\Desktop\attach.txt

2013-04-13 17:35 - 2013-04-13 17:35 - 00019882 ____A C:\Users\David\Desktop\dds.txt

2013-04-13 17:32 - 2013-04-13 17:32 - 00688992 ____R (Swearware) C:\Users\David\Desktop\dds.com

2013-04-13 15:58 - 2013-04-13 15:58 - 00000000 ____D C:\Users\David\Downloads\a90-750022_v5_02_00_04_js-tar

2013-04-13 15:56 - 2013-04-13 15:49 - 68920433 ____A C:\Users\David\Downloads\a90-750022_v5_02_00_04_js-tar.bz2

2013-04-13 15:37 - 2013-02-12 14:51 - 00000000 ____D C:\Users\David\AppData\Local\Deployment

2013-04-13 15:37 - 2012-09-22 12:50 - 00000000 ____D C:\Users\David\Desktop\Work Stuff

2013-04-13 15:36 - 2013-04-13 15:36 - 00000000 ____D C:\Users\David\Desktop\TOOLS

2013-04-13 15:28 - 2013-04-13 15:28 - 00000000 ____D C:\Users\David\Downloads\ProcessExplorer

2013-04-13 15:28 - 2013-04-13 15:28 - 00000000 ____D C:\Users\David\Downloads\Network_Meter

2013-04-13 15:26 - 2013-04-13 15:26 - 00337108 ____A C:\Users\David\Downloads\Network_Meter.zip

2013-04-13 15:23 - 2013-04-13 15:23 - 01160893 ____A C:\Users\David\Downloads\ProcessExplorer.zip

2013-04-13 13:47 - 2009-07-13 20:45 - 00021872 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-04-13 13:47 - 2009-07-13 20:45 - 00021872 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-04-13 13:42 - 2012-10-13 18:31 - 00000000 ____D C:\Program Files (x86)\Steam

2013-04-13 13:41 - 2013-04-12 07:24 - 00000000 ____D C:\Windows\pss

2013-04-13 13:38 - 2010-11-20 19:47 - 00427822 ____A C:\Windows\PFRO.log

2013-04-13 12:15 - 2013-01-07 10:55 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-04-13 12:10 - 2013-04-13 12:10 - 00000000 ____D C:\Users\David\AppData\Roaming\Wireshark

2013-04-13 12:00 - 2013-04-13 12:00 - 00000000 ____D C:\Program Files\Wireshark

2013-04-13 12:00 - 2013-04-13 12:00 - 00000000 ____D C:\Program Files (x86)\WinPcap

2013-04-13 11:59 - 2013-04-13 11:55 - 26847472 ____A (Wireshark development team) C:\Users\David\Downloads\Wireshark-win64-1.8.6.exe

2013-04-13 11:34 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\sysprep

2013-04-12 13:57 - 2013-03-14 15:47 - 00002046 ___AH C:\Users\David\Documents\Default.rdp

2013-04-12 09:48 - 2013-04-12 09:48 - 00208216 ____A (Kaspersky Lab, GERT) C:\Windows\System32\Drivers\25534636.sys

2013-04-12 09:44 - 2013-04-12 09:44 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\David\Downloads\tdsskiller.exe

2013-04-11 12:42 - 2012-09-27 07:22 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

2013-04-11 08:30 - 2012-09-27 07:23 - 00000000 ____D C:\Users\David\AppData\Local\Mozilla

2013-04-10 06:01 - 2013-04-09 07:43 - 00000000 ____D C:\Users\David\AppData\Roaming\Curse Advertising

2013-04-10 05:58 - 2009-07-13 20:45 - 00268912 ____A C:\Windows\System32\FNTCACHE.DAT

2013-04-10 05:24 - 2012-09-22 14:24 - 72702784 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe

2013-04-09 13:12 - 2013-02-09 06:19 - 00000000 ____D C:\Program Files (x86)\World of Warcraft

2013-04-09 11:15 - 2013-04-09 11:15 - 00000000 ____D C:\Users\David\Downloads\ElvUI

2013-04-09 11:13 - 2013-04-09 11:13 - 02246732 ____A C:\Users\David\Downloads\elvui-5.95.zip

2013-04-09 11:11 - 2013-04-09 11:10 - 00000000 ____D C:\Users\David\Downloads\old

2013-04-08 18:46 - 2013-04-08 18:46 - 00000000 ____A C:\ProgramData\08o56QE.dat

2013-04-08 18:45 - 2013-04-08 18:45 - 00000001 ____A C:\ProgramData\o5F2L4GU.exe_.b

2013-04-08 18:45 - 2013-04-08 18:45 - 00000001 ____A C:\ProgramData\o5F2L4GU.exe.b

2013-04-05 20:18 - 2013-03-16 09:22 - 00000000 ____D C:\Program Files (x86)\Warcraft III

2013-04-04 16:53 - 2012-10-29 13:34 - 00000000 ____D C:\Users\David\Documents\Visual Studio 2012

2013-04-04 11:50 - 2013-01-07 10:55 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

2013-04-04 10:48 - 2012-09-22 13:47 - 00000000 ____D C:\Users\David\Documents\SQL Server Management Studio

2013-04-02 02:34 - 2010-11-20 19:27 - 00282744 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe

2013-03-31 12:58 - 2013-03-31 12:58 - 00010409 ____A C:\Users\David\Downloads\carhartl-jquery-cookie-v1.3.1-0-gfd724ca.zip

2013-03-31 12:58 - 2013-03-31 12:58 - 00000000 ____D C:\Users\David\Downloads\carhartl-jquery-cookie-fedc4cb

2013-03-29 11:59 - 2013-03-29 11:59 - 00406389 ____A C:\Users\David\Downloads\Neverwinter_Nights_Launcher_1.11.zip

2013-03-29 10:13 - 2013-03-29 10:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2013-03-25 15:49 - 2013-03-23 22:33 - 00000000 ____D C:\Users\David\AppData\Local\7-Zip

2013-03-18 22:04 - 2013-04-09 20:23 - 05550424 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe

2013-03-18 21:46 - 2013-04-09 20:23 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll

2013-03-18 21:04 - 2013-04-09 20:23 - 03968856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe

2013-03-18 21:04 - 2013-04-09 20:23 - 03913560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe

2013-03-18 20:47 - 2013-04-09 20:23 - 00006656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll

2013-03-18 19:06 - 2013-04-09 20:23 - 00112640 ____A (Microsoft Corporation) C:\Windows\System32\smss.exe

2013-03-15 14:42 - 2013-03-15 14:42 - 00000000 ____D C:\Users\David\AppData\Roaming\Leadertech

2013-03-15 14:42 - 2013-03-15 14:42 - 00000000 ____D C:\Users\David\AppData\Local\Logitech

2013-03-15 14:41 - 2013-03-15 14:41 - 00000000 ____D C:\ProgramData\LogiShrd

2013-03-15 14:41 - 2013-03-15 14:40 - 00000000 ____D C:\Program Files\Logitech Gaming Software

2013-03-15 14:39 - 2013-03-15 14:39 - 00000000 ____D C:\Users\David\AppData\Roaming\Logitech

2013-03-15 14:39 - 2013-03-15 14:39 - 00000000 ____D C:\Users\David\AppData\Roaming\Logishrd

2013-03-15 14:39 - 2013-03-15 14:23 - 62673992 ____A (Logitech Inc.) C:\Users\David\Downloads\lgs840_x64.exe

2013-03-14 00:01 - 2013-03-14 00:00 - 00000000 ____D C:\Program Files\Microsoft Silverlight

2013-03-14 00:01 - 2013-03-14 00:00 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight

ZeroAccess:

C:\$Recycle.Bin\S-1-5-21-2503603427-1507347203-3594875339-1000\$32d092758cdd3800c8cff33d3425b9d7

==================== Known DLLs (Whitelisted) =================

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2013-03-21 15:37:18

Restore point made on: 2013-03-24 21:46:35

Restore point made on: 2013-03-28 15:52:41

Restore point made on: 2013-04-01 16:25:29

Restore point made on: 2013-04-05 06:50:39

Restore point made on: 2013-04-09 07:52:07

Restore point made on: 2013-04-10 05:22:48

Restore point made on: 2013-04-13 10:24:50

==================== Memory info ===========================

Percentage of memory in use: 10%

Total physical RAM: 8098.96 MB

Available physical RAM: 7222.33 MB

Total Pagefile: 8097.16 MB

Available Pagefile: 7208.69 MB

Total Virtual: 8192 MB

Available Virtual: 8191.9 MB

==================== Partitions =============================

1 Drive c: () (Fixed) (Total:465.66 GB) (Free:264.93 GB) NTFS

3 Drive f: (CORSAIR) (Removable) (Total:14.95 GB) (Free:5.7 GB) FAT32

4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

5 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt

-------- ------------- ------- ------- --- ---

Disk 0 Online 465 GB 0 B

Disk 1 Online 14 GB 0 B

Partitions of Disk 0:

===============

Disk ID: D3C8055C

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 101 MB 31 KB

Partition 2 Primary 465 GB 102 MB

==================================================================================

Disk: 0

Partition 1

Type : 07

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 1 Y System Rese NTFS Partition 101 MB Healthy

=========================================================

Disk: 0

Partition 2

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 2 C NTFS Partition 465 GB Healthy

=========================================================

Partitions of Disk 1:

===============

Disk ID: 0057F74A

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 14 GB 64 KB

==================================================================================

Disk: 1

Partition 1

Type : 0C

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 3 F CORSAIR FAT32 Removable 14 GB Healthy

=========================================================

============================== MBR Partition Table ==================

==============================

Partitions of Disk 0:

===============

Disk ID: D3C8055C

Partition 1:

=========

Hex: 80001D00000000001C00000000000000

Active: YES

Type: 00

Size: 0 byte

ATTENTION ===> 0 byte partition bootkit on partition 1

Partition 2:

=========

Hex: 8001010007FE3F0C3F0000008E2F0300

Active: YES

Type: 07 (NTFS)

Size: 102 MB

Partition 3:

=========

Hex: 0000340D07FEFFFF003003000028353A

Active: NO

Type: 07 (NTFS)

Size: 466 GB

==============================

Partitions of Disk 1:

===============

Disk ID: 0057F74A

Partition 1:

=========

Hex: 800180000CFEFFFF8000000080BFDE01

Active: YES

Type: 0C

Size: 15 GB

Last Boot: 2013-04-04 09:38

==================== End Of Log =============================

Link to post
Share on other sites

  • Staff

Please do the following:

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
1 eopygxbs; \??\C:\Windows\system32\drivers\eopygxbs.sys [x]
2013-04-08 18:46 - 2013-04-08 18:46 - 00000000 ____A C:\ProgramData\08o56QE.dat
2013-04-08 18:45 - 2013-04-08 18:45 - 00000001 ____A C:\ProgramData\o5F2L4GU.exe_.b
2013-04-08 18:45 - 2013-04-08 18:45 - 00000001 ____A C:\ProgramData\o5F2L4GU.exe.b
C:\$Recycle.Bin\S-1-5-21-2503603427-1507347203-3594875339-1000\$32d092758cdd3800c8cff33d3425b9d7
end

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options then select Command Prompt

Run FRST (or FRST64 if you have the 64bit version) and press the Fix button just once and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Reboot Normally.

NEXT

Please create a new system restore point before running Malwarebytes Anti-Rootkit if you can.

MBAR tutorial

Download Malwarebytes Anti-Rootkit from HERE

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txt

~~~~~~~~~~~~~~~~~~~~~~~

Note:

If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:

Internet access

Windows Update

Windows Firewall

If there are additional problems with your system, such as any of those listed above or other system issues, then run the fixdamage tool included with Malwarebytes Anti-Rootkit and reboot.

Verify that your system is now functioning normally.

Link to post
Share on other sites

First Scan:

Malwarebytes Anti-Rootkit BETA 1.05.0.1001

www.malwarebytes.org

Database version: v2013.04.13.08

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

David :: DPL9-12 [administrator]

4/13/2013 10:24:32 PM

mbar-log-2013-04-13 (22-24-32).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P

Scan options disabled:

Objects scanned: 35711

Time elapsed: 13 minute(s), 28 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 3

C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Bootstrap_0_0_28_infected.mbam (Unknown Rootkit VBR Infection) -> Delete on reboot.

C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\MBR_0_infected.mbam (Unknown Rootkit VBR Infection) -> Delete on reboot.

C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Sector_0_976773136_user.mbam (Forged physical sector) -> Delete on reboot.

(end)

Second Scan:

Malwarebytes Anti-Rootkit BETA 1.05.0.1001

www.malwarebytes.org

Database version: v2013.04.13.08

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

David :: DPL9-12 [administrator]

4/13/2013 10:45:36 PM

mbar-log-2013-04-13 (22-45-36).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P

Scan options disabled:

Objects scanned: 35716

Time elapsed: 16 minute(s), 22 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

System Log:

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.05.0.1001

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 9.0.8112.16421

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED

CPU speed: 1.995000 GHz

Memory total: 8492380160, free: 5111205888

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.05.0.1001

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 9.0.8112.16421

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED

CPU speed: 1.995000 GHz

Memory total: 8492380160, free: 5142761472

------------ Kernel report ------------

04/13/2013 22:09:33

------------ Loaded modules -----------

\SystemRoot\system32\ntoskrnl.exe

\SystemRoot\system32\hal.dll

\SystemRoot\system32\kdcom.dll

\SystemRoot\system32\mcupdate_GenuineIntel.dll

\SystemRoot\system32\PSHED.dll

\SystemRoot\system32\CLFS.SYS

\SystemRoot\system32\CI.dll

\SystemRoot\system32\drivers\Wdf01000.sys

\SystemRoot\system32\drivers\WDFLDR.SYS

\SystemRoot\system32\drivers\ACPI.sys

\SystemRoot\system32\drivers\WMILIB.SYS

\SystemRoot\system32\drivers\msisadrv.sys

\SystemRoot\system32\drivers\pci.sys

\SystemRoot\system32\drivers\vdrvroot.sys

\SystemRoot\System32\drivers\partmgr.sys

\SystemRoot\system32\DRIVERS\compbatt.sys

\SystemRoot\system32\DRIVERS\BATTC.SYS

\SystemRoot\system32\drivers\volmgr.sys

\SystemRoot\System32\drivers\volmgrx.sys

\SystemRoot\System32\drivers\mountmgr.sys

\SystemRoot\system32\drivers\atapi.sys

\SystemRoot\system32\drivers\ataport.SYS

\SystemRoot\system32\drivers\msahci.sys

\SystemRoot\system32\drivers\PCIIDEX.SYS

\SystemRoot\system32\drivers\amdxata.sys

\SystemRoot\system32\drivers\fltmgr.sys

\SystemRoot\system32\drivers\fileinfo.sys

\SystemRoot\system32\DRIVERS\MpFilter.sys

\SystemRoot\System32\Drivers\Ntfs.sys

\SystemRoot\System32\Drivers\msrpc.sys

\SystemRoot\System32\Drivers\ksecdd.sys

\SystemRoot\System32\Drivers\cng.sys

\SystemRoot\System32\drivers\pcw.sys

\SystemRoot\System32\Drivers\Fs_Rec.sys

\SystemRoot\system32\drivers\ndis.sys

\SystemRoot\system32\drivers\NETIO.SYS

\SystemRoot\System32\Drivers\ksecpkg.sys

\SystemRoot\System32\drivers\tcpip.sys

\SystemRoot\System32\drivers\fwpkclnt.sys

\SystemRoot\system32\drivers\vmstorfl.sys

\SystemRoot\system32\drivers\volsnap.sys

\SystemRoot\System32\Drivers\spldr.sys

\SystemRoot\System32\drivers\rdyboost.sys

\SystemRoot\system32\DRIVERS\nvpciflt.sys

\SystemRoot\System32\Drivers\mup.sys

\SystemRoot\System32\drivers\hwpolicy.sys

\SystemRoot\System32\DRIVERS\fvevol.sys

\SystemRoot\system32\drivers\disk.sys

\SystemRoot\system32\drivers\CLASSPNP.SYS

\SystemRoot\system32\DRIVERS\cdrom.sys

\SystemRoot\System32\Drivers\Null.SYS

\SystemRoot\System32\Drivers\Beep.SYS

\SystemRoot\System32\drivers\vga.sys

\SystemRoot\System32\drivers\VIDEOPRT.SYS

\SystemRoot\System32\drivers\watchdog.sys

\SystemRoot\System32\DRIVERS\RDPCDD.sys

\SystemRoot\system32\drivers\rdpencdd.sys

\SystemRoot\system32\drivers\rdprefmp.sys

\SystemRoot\System32\Drivers\Msfs.SYS

\SystemRoot\System32\Drivers\Npfs.SYS

\SystemRoot\system32\DRIVERS\tdx.sys

\SystemRoot\system32\DRIVERS\TDI.SYS

\SystemRoot\system32\drivers\afd.sys

\SystemRoot\System32\DRIVERS\netbt.sys

\SystemRoot\system32\DRIVERS\wfplwf.sys

\SystemRoot\system32\DRIVERS\pacer.sys

\SystemRoot\system32\DRIVERS\vwififlt.sys

\SystemRoot\system32\DRIVERS\netbios.sys

\SystemRoot\system32\DRIVERS\wanarp.sys

\SystemRoot\system32\DRIVERS\termdd.sys

\SystemRoot\system32\DRIVERS\rdbss.sys

\SystemRoot\system32\drivers\nsiproxy.sys

\SystemRoot\system32\DRIVERS\mssmbios.sys

\SystemRoot\System32\drivers\discache.sys

\SystemRoot\system32\drivers\csc.sys

\SystemRoot\System32\Drivers\dfsc.sys

\SystemRoot\system32\DRIVERS\blbdrive.sys

\SystemRoot\system32\DRIVERS\tunnel.sys

\SystemRoot\system32\DRIVERS\nvlddmkm.sys

\SystemRoot\System32\drivers\dxgkrnl.sys

\SystemRoot\System32\drivers\dxgmms1.sys

\SystemRoot\system32\DRIVERS\igdkmd64.sys

\SystemRoot\system32\DRIVERS\HECIx64.sys

\SystemRoot\system32\drivers\usbehci.sys

\SystemRoot\system32\drivers\USBPORT.SYS

\SystemRoot\system32\DRIVERS\HDAudBus.sys

\SystemRoot\system32\DRIVERS\nusb3xhc.sys

\SystemRoot\system32\DRIVERS\USBD.SYS

\SystemRoot\system32\DRIVERS\rtl8192Ce.sys

\SystemRoot\system32\DRIVERS\vwifibus.sys

\SystemRoot\system32\DRIVERS\JME.sys

\SystemRoot\system32\DRIVERS\jmcr.sys

\SystemRoot\system32\DRIVERS\SCSIPORT.SYS

\SystemRoot\system32\DRIVERS\i8042prt.sys

\SystemRoot\system32\DRIVERS\kbdclass.sys

\SystemRoot\system32\DRIVERS\SynTP.sys

\SystemRoot\system32\DRIVERS\mouclass.sys

\SystemRoot\system32\DRIVERS\CmBatt.sys

\SystemRoot\system32\DRIVERS\wmiacpi.sys

\SystemRoot\system32\DRIVERS\intelppm.sys

\SystemRoot\system32\DRIVERS\CompositeBus.sys

\SystemRoot\system32\DRIVERS\vcsvad.sys

\SystemRoot\system32\DRIVERS\portcls.sys

\SystemRoot\system32\DRIVERS\drmk.sys

\SystemRoot\system32\DRIVERS\ks.sys

\SystemRoot\system32\drivers\ksthunk.sys

\SystemRoot\system32\drivers\ScreamingBAudio64.sys

\SystemRoot\system32\DRIVERS\AgileVpn.sys

\SystemRoot\system32\DRIVERS\rasl2tp.sys

\SystemRoot\system32\DRIVERS\ndistapi.sys

\SystemRoot\system32\DRIVERS\ndiswan.sys

\SystemRoot\system32\DRIVERS\raspppoe.sys

\SystemRoot\system32\DRIVERS\raspptp.sys

\SystemRoot\system32\DRIVERS\rassstp.sys

\SystemRoot\system32\DRIVERS\rdpbus.sys

\SystemRoot\system32\DRIVERS\swenum.sys

\SystemRoot\system32\drivers\LGBusEnum.sys

\SystemRoot\system32\DRIVERS\umbus.sys

\SystemRoot\system32\DRIVERS\SSLDrv.sys

\SystemRoot\system32\DRIVERS\usbhub.sys

\SystemRoot\system32\DRIVERS\nusb3hub.sys

\SystemRoot\System32\Drivers\NDProxy.SYS

\SystemRoot\system32\drivers\RTKVHD64.sys

\SystemRoot\system32\DRIVERS\IntcDAud.sys

\SystemRoot\System32\Drivers\crashdmp.sys

\SystemRoot\System32\Drivers\dump_dumpata.sys

\SystemRoot\System32\Drivers\dump_msahci.sys

\SystemRoot\System32\Drivers\dump_dumpfve.sys

\SystemRoot\System32\win32k.sys

\SystemRoot\System32\drivers\Dxapi.sys

\SystemRoot\system32\DRIVERS\USBSTOR.SYS

\SystemRoot\system32\DRIVERS\monitor.sys

\SystemRoot\System32\TSDDD.dll

\SystemRoot\system32\DRIVERS\usbccgp.sys

\SystemRoot\system32\DRIVERS\hidusb.sys

\SystemRoot\system32\DRIVERS\HIDCLASS.SYS

\SystemRoot\system32\DRIVERS\HIDPARSE.SYS

\SystemRoot\system32\DRIVERS\kbdhid.sys

\SystemRoot\system32\DRIVERS\mouhid.sys

\SystemRoot\System32\cdd.dll

\SystemRoot\System32\Drivers\usbvideo.sys

\SystemRoot\system32\drivers\luafv.sys

\SystemRoot\system32\drivers\WudfPf.sys

\SystemRoot\system32\DRIVERS\lltdio.sys

\SystemRoot\system32\DRIVERS\nwifi.sys

\SystemRoot\system32\DRIVERS\ndisuio.sys

\SystemRoot\system32\DRIVERS\rspndr.sys

\SystemRoot\System32\Drivers\fastfat.SYS

\SystemRoot\system32\drivers\HTTP.sys

\SystemRoot\system32\DRIVERS\bowser.sys

\SystemRoot\System32\drivers\mpsdrv.sys

\SystemRoot\system32\DRIVERS\mrxsmb.sys

\SystemRoot\system32\DRIVERS\mrxsmb10.sys

\SystemRoot\system32\DRIVERS\mrxsmb20.sys

\SystemRoot\system32\DRIVERS\NisDrvWFP.sys

\SystemRoot\system32\drivers\npf.sys

\SystemRoot\system32\drivers\peauth.sys

\SystemRoot\System32\Drivers\secdrv.SYS

\SystemRoot\System32\DRIVERS\srvnet.sys

\SystemRoot\System32\drivers\tcpipreg.sys

\SystemRoot\System32\DRIVERS\srv2.sys

\SystemRoot\System32\DRIVERS\srv.sys

\SystemRoot\system32\DRIVERS\WUDFRd.sys

\SystemRoot\system32\drivers\LGVirHid.sys

\SystemRoot\system32\DRIVERS\asyncmac.sys

\??\C:\Windows\system32\Drivers\PROCEXP152.SYS

\??\C:\Windows\system32\drivers\mbamchameleon.sys

\??\C:\Windows\system32\drivers\mbamswissarmy.sys

\Windows\System32\ntdll.dll

\Windows\System32\smss.exe

\Windows\System32\apisetschema.dll

\Windows\System32\autochk.exe

\Windows\System32\rpcrt4.dll

\Windows\System32\ole32.dll

\Windows\System32\wininet.dll

\Windows\System32\imagehlp.dll

\Windows\System32\msvcrt.dll

\Windows\System32\comdlg32.dll

\Windows\System32\shell32.dll

\Windows\System32\normaliz.dll

\Windows\System32\kernel32.dll

\Windows\System32\msctf.dll

\Windows\System32\ws2_32.dll

\Windows\System32\Wldap32.dll

\Windows\System32\shlwapi.dll

\Windows\System32\urlmon.dll

\Windows\System32\difxapi.dll

\Windows\System32\clbcatq.dll

\Windows\System32\usp10.dll

\Windows\System32\lpk.dll

\Windows\System32\setupapi.dll

\Windows\System32\gdi32.dll

\Windows\System32\oleaut32.dll

\Windows\System32\user32.dll

\Windows\System32\psapi.dll

\Windows\System32\imm32.dll

\Windows\System32\advapi32.dll

\Windows\System32\iertutil.dll

\Windows\System32\nsi.dll

\Windows\System32\sechost.dll

\Windows\System32\wintrust.dll

\Windows\System32\cfgmgr32.dll

\Windows\System32\KernelBase.dll

\Windows\System32\comctl32.dll

\Windows\System32\crypt32.dll

\Windows\System32\devobj.dll

\Windows\System32\msasn1.dll

----------- End -----------

<<<1>>>

Upper Device Name: \Device\Harddisk1\DR1

Upper Device Object: 0xfffffa8009d6b790

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\00000087\

Lower Device Object: 0xfffffa80099f5b60

Lower Device Driver Name: \Driver\USBSTOR\

Driver name found: USBSTOR

Initialization returned 0x0

Load Function returned 0x0

<<<1>>>

Upper Device Name: \Device\Harddisk0\DR0

Upper Device Object: 0xfffffa8007a8b790

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\Ide\IdeDeviceP1T0L0-1\

Lower Device Object: 0xfffffa800747a060

Lower Device Driver Name: \00000255\

Driver name found: atapi

Initialization returned 0x0

Port sub-driver loaded: \??\C:\Windows\System32\drivers\ataport.sys (0x0)

Load Function returned 0x0

Downloaded database version: v2013.04.13.08

Downloaded database version: v2013.03.25.01

Initializing...

Done!

<<<2>>>

Device number: 0, partition: 2

Physical Sector Size: 512

Drive: 0, DevicePointer: 0xfffffa8007a8b790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa8007a8b2c0, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa8007a8b790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa800747d9b0, DeviceName: Unknown, DriverName: \Driver\ACPI\

DevicePointer: 0xfffffa800747a060, DeviceName: \Device\Ide\IdeDeviceP1T0L0-1\, DriverName: \00000255\

------------ End ----------

Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

Upper DeviceData: 0xfffff8a0054df5b0, 0xfffffa8007a8b790, 0xfffffa8007b31790

Lower DeviceData: 0xfffff8a0138dd810, 0xfffffa800747a060, 0xfffffa8007ce5430

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Scanning directory: C:\Windows\system32\drivers...

<<<2>>>

Device number: 0, partition: 2

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Done!

Drive 0

Scanning MBR on drive 0...

MBR buffers are not equal

MBR is forged! [5b875a22f8ce39ec096216471c83be3f]

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: D3C8055C

Partition information:

Partition 0 type is Empty (0x0)

Partition is ACTIVE.

Partition starts at LBA: 28 Numsec = 0

Partition is not bootable

Infected: VBR on Empty active partition --> [unknown Rootkit VBR Infection]

Changing partition to empty and not active. New active partition is 0 on drive 0 ...

Partition 0 type is Primary (0x7)

Partition is ACTIVE.

Partition starts at LBA: 63 Numsec = 208782

Partition file system is NTFS

Partition is bootable

Partition 1 type is Primary (0x7)

Partition is NOT ACTIVE.

Partition starts at LBA: 208896 Numsec = 976562176

Partition 2 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

MBR infection found on drive 0

Disk Size: 500107862016 bytes

Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-27-976753168-976773168)...

Physical Sector Size: 512

Drive: 1, DevicePointer: 0xfffffa8009d6b790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa80099c6b90, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa8009d6b790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa80099f5b60, DeviceName: \Device\00000087\, DriverName: \Driver\USBSTOR\

------------ End ----------

Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\

Upper DeviceData: 0xfffff8a013c5de30, 0xfffffa8009d6b790, 0xfffffa8006ef7250

Lower DeviceData: 0xfffff8a012af5ce0, 0xfffffa80099f5b60, 0xfffffa8007cba270

Drive 1

Scanning MBR on drive 1...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: 57F74A

Partition information:

Partition 0 type is Other (0xc)

Partition is ACTIVE.

Partition starts at LBA: 128 Numsec = 31375232

Partition file system is FAT32

Partition is not bootable

Partition 1 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Disk Size: 16064184320 bytes

Sector size: 512 bytes

Done!

Performing system, memory and registry scan...

Done!

Scan finished

Creating System Restore point...

Scheduling clean up...

<<<2>>>

Device number: 0, partition: 2

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Removal scheduling successful. System shutdown needed.

System shutdown occurred

=======================================

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.05.0.1001

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 9.0.8112.16421

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED

CPU speed: 1.995000 GHz

Memory total: 8492380160, free: 6509232128

Removal queue found; removal started

Removal finished

=======================================

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.05.0.1001

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 9.0.8112.16421

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED

CPU speed: 1.995000 GHz

Memory total: 8492380160, free: 6330515456

------------ Kernel report ------------

04/13/2013 22:29:05

------------ Loaded modules -----------

\SystemRoot\system32\ntoskrnl.exe

\SystemRoot\system32\hal.dll

\SystemRoot\system32\kdcom.dll

\SystemRoot\system32\mcupdate_GenuineIntel.dll

\SystemRoot\system32\PSHED.dll

\SystemRoot\system32\CLFS.SYS

\SystemRoot\system32\CI.dll

\SystemRoot\system32\drivers\Wdf01000.sys

\SystemRoot\system32\drivers\WDFLDR.SYS

\SystemRoot\system32\drivers\ACPI.sys

\SystemRoot\system32\drivers\WMILIB.SYS

\SystemRoot\system32\drivers\msisadrv.sys

\SystemRoot\system32\drivers\pci.sys

\SystemRoot\system32\drivers\vdrvroot.sys

\SystemRoot\System32\drivers\partmgr.sys

\SystemRoot\system32\DRIVERS\compbatt.sys

\SystemRoot\system32\DRIVERS\BATTC.SYS

\SystemRoot\system32\drivers\volmgr.sys

\SystemRoot\System32\drivers\volmgrx.sys

\SystemRoot\System32\drivers\mountmgr.sys

\SystemRoot\system32\drivers\atapi.sys

\SystemRoot\system32\drivers\ataport.SYS

\SystemRoot\system32\drivers\msahci.sys

\SystemRoot\system32\drivers\PCIIDEX.SYS

\SystemRoot\system32\drivers\amdxata.sys

\SystemRoot\system32\drivers\fltmgr.sys

\SystemRoot\system32\drivers\fileinfo.sys

\SystemRoot\system32\DRIVERS\MpFilter.sys

\SystemRoot\System32\Drivers\Ntfs.sys

\SystemRoot\System32\Drivers\msrpc.sys

\SystemRoot\System32\Drivers\ksecdd.sys

\SystemRoot\System32\Drivers\cng.sys

\SystemRoot\System32\drivers\pcw.sys

\SystemRoot\System32\Drivers\Fs_Rec.sys

\SystemRoot\system32\drivers\ndis.sys

\SystemRoot\system32\drivers\NETIO.SYS

\SystemRoot\System32\Drivers\ksecpkg.sys

\SystemRoot\System32\drivers\tcpip.sys

\SystemRoot\System32\drivers\fwpkclnt.sys

\SystemRoot\system32\drivers\vmstorfl.sys

\SystemRoot\system32\drivers\volsnap.sys

\SystemRoot\System32\Drivers\spldr.sys

\SystemRoot\System32\drivers\rdyboost.sys

\SystemRoot\system32\DRIVERS\nvpciflt.sys

\SystemRoot\System32\Drivers\mup.sys

\SystemRoot\System32\drivers\hwpolicy.sys

\SystemRoot\System32\DRIVERS\fvevol.sys

\SystemRoot\system32\drivers\disk.sys

\SystemRoot\system32\drivers\CLASSPNP.SYS

\SystemRoot\system32\DRIVERS\cdrom.sys

\SystemRoot\System32\Drivers\Null.SYS

\SystemRoot\System32\Drivers\Beep.SYS

\SystemRoot\System32\drivers\vga.sys

\SystemRoot\System32\drivers\VIDEOPRT.SYS

\SystemRoot\System32\drivers\watchdog.sys

\SystemRoot\System32\DRIVERS\RDPCDD.sys

\SystemRoot\system32\drivers\rdpencdd.sys

\SystemRoot\system32\drivers\rdprefmp.sys

\SystemRoot\System32\Drivers\Msfs.SYS

\SystemRoot\System32\Drivers\Npfs.SYS

\SystemRoot\system32\DRIVERS\tdx.sys

\SystemRoot\system32\DRIVERS\TDI.SYS

\SystemRoot\system32\drivers\afd.sys

\SystemRoot\System32\DRIVERS\netbt.sys

\SystemRoot\system32\DRIVERS\wfplwf.sys

\SystemRoot\system32\DRIVERS\pacer.sys

\SystemRoot\system32\DRIVERS\vwififlt.sys

\SystemRoot\system32\DRIVERS\netbios.sys

\SystemRoot\system32\DRIVERS\wanarp.sys

\SystemRoot\system32\DRIVERS\termdd.sys

\SystemRoot\system32\DRIVERS\rdbss.sys

\SystemRoot\system32\drivers\nsiproxy.sys

\SystemRoot\system32\DRIVERS\mssmbios.sys

\SystemRoot\System32\drivers\discache.sys

\SystemRoot\system32\drivers\csc.sys

\SystemRoot\System32\Drivers\dfsc.sys

\SystemRoot\system32\DRIVERS\blbdrive.sys

\SystemRoot\system32\DRIVERS\tunnel.sys

\SystemRoot\system32\DRIVERS\nvlddmkm.sys

\SystemRoot\System32\drivers\dxgkrnl.sys

\SystemRoot\System32\drivers\dxgmms1.sys

\SystemRoot\system32\DRIVERS\igdkmd64.sys

\SystemRoot\system32\DRIVERS\HECIx64.sys

\SystemRoot\system32\drivers\usbehci.sys

\SystemRoot\system32\drivers\USBPORT.SYS

\SystemRoot\system32\DRIVERS\HDAudBus.sys

\SystemRoot\system32\DRIVERS\nusb3xhc.sys

\SystemRoot\system32\DRIVERS\USBD.SYS

\SystemRoot\system32\DRIVERS\rtl8192Ce.sys

\SystemRoot\system32\DRIVERS\vwifibus.sys

\SystemRoot\system32\DRIVERS\JME.sys

\SystemRoot\system32\DRIVERS\jmcr.sys

\SystemRoot\system32\DRIVERS\SCSIPORT.SYS

\SystemRoot\system32\DRIVERS\i8042prt.sys

\SystemRoot\system32\DRIVERS\kbdclass.sys

\SystemRoot\system32\DRIVERS\SynTP.sys

\SystemRoot\system32\DRIVERS\mouclass.sys

\SystemRoot\system32\DRIVERS\CmBatt.sys

\SystemRoot\system32\DRIVERS\wmiacpi.sys

\SystemRoot\system32\DRIVERS\intelppm.sys

\SystemRoot\system32\DRIVERS\CompositeBus.sys

\SystemRoot\system32\DRIVERS\vcsvad.sys

\SystemRoot\system32\DRIVERS\portcls.sys

\SystemRoot\system32\DRIVERS\drmk.sys

\SystemRoot\system32\DRIVERS\ks.sys

\SystemRoot\system32\drivers\ksthunk.sys

\SystemRoot\system32\drivers\ScreamingBAudio64.sys

\SystemRoot\system32\DRIVERS\AgileVpn.sys

\SystemRoot\system32\DRIVERS\rasl2tp.sys

\SystemRoot\system32\DRIVERS\ndistapi.sys

\SystemRoot\system32\DRIVERS\ndiswan.sys

\SystemRoot\system32\DRIVERS\raspppoe.sys

\SystemRoot\system32\DRIVERS\raspptp.sys

\SystemRoot\system32\DRIVERS\rassstp.sys

\SystemRoot\system32\DRIVERS\rdpbus.sys

\SystemRoot\system32\DRIVERS\swenum.sys

\SystemRoot\system32\drivers\LGBusEnum.sys

\SystemRoot\system32\DRIVERS\umbus.sys

\SystemRoot\system32\DRIVERS\SSLDrv.sys

\SystemRoot\system32\DRIVERS\usbhub.sys

\SystemRoot\system32\DRIVERS\nusb3hub.sys

\SystemRoot\System32\Drivers\NDProxy.SYS

\SystemRoot\system32\drivers\RTKVHD64.sys

\SystemRoot\system32\DRIVERS\IntcDAud.sys

\SystemRoot\System32\Drivers\crashdmp.sys

\SystemRoot\System32\Drivers\dump_dumpata.sys

\SystemRoot\System32\Drivers\dump_msahci.sys

\SystemRoot\System32\Drivers\dump_dumpfve.sys

\SystemRoot\System32\win32k.sys

\SystemRoot\System32\drivers\Dxapi.sys

\SystemRoot\system32\DRIVERS\USBSTOR.SYS

\SystemRoot\system32\DRIVERS\usbccgp.sys

\SystemRoot\system32\DRIVERS\hidusb.sys

\SystemRoot\system32\DRIVERS\HIDCLASS.SYS

\SystemRoot\system32\DRIVERS\HIDPARSE.SYS

\SystemRoot\system32\DRIVERS\kbdhid.sys

\SystemRoot\system32\DRIVERS\mouhid.sys

\SystemRoot\system32\DRIVERS\monitor.sys

\SystemRoot\System32\TSDDD.dll

\SystemRoot\System32\cdd.dll

\SystemRoot\System32\Drivers\usbvideo.sys

\SystemRoot\system32\drivers\luafv.sys

\SystemRoot\system32\drivers\WudfPf.sys

\SystemRoot\system32\DRIVERS\lltdio.sys

\SystemRoot\system32\DRIVERS\nwifi.sys

\SystemRoot\system32\DRIVERS\ndisuio.sys

\SystemRoot\system32\DRIVERS\rspndr.sys

\SystemRoot\System32\Drivers\fastfat.SYS

\SystemRoot\system32\drivers\HTTP.sys

\SystemRoot\system32\DRIVERS\bowser.sys

\SystemRoot\System32\drivers\mpsdrv.sys

\SystemRoot\system32\DRIVERS\mrxsmb.sys

\SystemRoot\system32\DRIVERS\mrxsmb10.sys

\SystemRoot\system32\DRIVERS\mrxsmb20.sys

\SystemRoot\system32\DRIVERS\NisDrvWFP.sys

\SystemRoot\system32\drivers\npf.sys

\SystemRoot\system32\drivers\peauth.sys

\SystemRoot\System32\Drivers\secdrv.SYS

\SystemRoot\System32\DRIVERS\srvnet.sys

\SystemRoot\System32\drivers\tcpipreg.sys

\SystemRoot\System32\DRIVERS\srv2.sys

\SystemRoot\System32\DRIVERS\srv.sys

\SystemRoot\system32\DRIVERS\WUDFRd.sys

\SystemRoot\system32\drivers\LGVirHid.sys

\??\C:\Windows\system32\drivers\mbamchameleon.sys

\??\C:\Windows\system32\drivers\mbamswissarmy.sys

\Windows\System32\ntdll.dll

\Windows\System32\smss.exe

\Windows\System32\apisetschema.dll

\Windows\System32\autochk.exe

\Windows\System32\shlwapi.dll

\Windows\System32\normaliz.dll

\Windows\System32\user32.dll

\Windows\System32\gdi32.dll

\Windows\System32\oleaut32.dll

\Windows\System32\nsi.dll

\Windows\System32\psapi.dll

\Windows\System32\imm32.dll

\Windows\System32\sechost.dll

\Windows\System32\urlmon.dll

\Windows\System32\clbcatq.dll

\Windows\System32\ole32.dll

\Windows\System32\msctf.dll

\Windows\System32\usp10.dll

\Windows\System32\lpk.dll

\Windows\System32\rpcrt4.dll

\Windows\System32\advapi32.dll

\Windows\System32\ws2_32.dll

\Windows\System32\msvcrt.dll

\Windows\System32\imagehlp.dll

\Windows\System32\Wldap32.dll

\Windows\System32\setupapi.dll

\Windows\System32\wininet.dll

\Windows\System32\difxapi.dll

\Windows\System32\shell32.dll

\Windows\System32\iertutil.dll

\Windows\System32\kernel32.dll

\Windows\System32\comdlg32.dll

\Windows\System32\comctl32.dll

\Windows\System32\cfgmgr32.dll

\Windows\System32\devobj.dll

\Windows\System32\wintrust.dll

\Windows\System32\crypt32.dll

\Windows\System32\KernelBase.dll

\Windows\System32\msasn1.dll

----------- End -----------

<<<1>>>

Upper Device Name: \Device\Harddisk1\DR1

Upper Device Object: 0xfffffa800a0af790

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\00000085\

Lower Device Object: 0xfffffa80098cdb60

Lower Device Driver Name: \Driver\USBSTOR\

Driver name found: USBSTOR

Initialization returned 0x0

Load Function returned 0x0

<<<1>>>

Upper Device Name: \Device\Harddisk0\DR0

Upper Device Object: 0xfffffa8007a6f790

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\Ide\IdeDeviceP1T0L0-1\

Lower Device Object: 0xfffffa8007856060

Lower Device Driver Name: \Driver\atapi\

Driver name found: atapi

Initialization returned 0x0

Port sub-driver loaded: \??\C:\Windows\System32\drivers\ataport.sys (0x0)

Load Function returned 0x0

Initializing...

Done!

<<<2>>>

Device number: 0, partition: 2

Physical Sector Size: 512

Drive: 0, DevicePointer: 0xfffffa8007a6f790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa8007a6f2c0, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa8007a6f790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa8007859e40, DeviceName: Unknown, DriverName: \Driver\ACPI\

DevicePointer: 0xfffffa8007856060, DeviceName: \Device\Ide\IdeDeviceP1T0L0-1\, DriverName: \Driver\atapi\

------------ End ----------

Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

Upper DeviceData: 0xfffff8a004df8150, 0xfffffa8007a6f790, 0xfffffa8006bf8790

Lower DeviceData: 0xfffff8a005764590, 0xfffffa8007856060, 0xfffffa800ab5b650

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Scanning directory: C:\Windows\system32\drivers...

<<<2>>>

Device number: 0, partition: 2

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Done!

Drive 0

Scanning MBR on drive 0...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: D3C8055C

Partition information:

Partition 0 type is Primary (0x7)

Partition is ACTIVE.

Partition starts at LBA: 63 Numsec = 208782

Partition file system is NTFS

Partition is bootable

Partition 1 type is Primary (0x7)

Partition is NOT ACTIVE.

Partition starts at LBA: 208896 Numsec = 976562176

Partition 2 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Disk Size: 500107862016 bytes

Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-976753168-976773168)...

Physical Sector Size: 512

Drive: 1, DevicePointer: 0xfffffa800a0af790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa80098cbb90, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa800a0af790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa80098cdb60, DeviceName: \Device\00000085\, DriverName: \Driver\USBSTOR\

------------ End ----------

Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\

Upper DeviceData: 0xfffff8a005664040, 0xfffffa800a0af790, 0xfffffa800b51a790

Lower DeviceData: 0xfffff8a005783590, 0xfffffa80098cdb60, 0xfffffa800ab34a20

Drive 1

Scanning MBR on drive 1...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: 57F74A

Partition information:

Partition 0 type is Other (0xc)

Partition is ACTIVE.

Partition starts at LBA: 128 Numsec = 31375232

Partition file system is FAT32

Partition is not bootable

Partition 1 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Disk Size: 16064184320 bytes

Sector size: 512 bytes

Done!

Performing system, memory and registry scan...

Done!

Scan finished

=======================================

Link to post
Share on other sites

  • Staff

Looks much better, but we still have a little more work to do, please run the following:

Refer to the ComboFix User's Guide

  1. Download ComboFix from the following location:
    Link
    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  2. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  3. Double click on ComboFix.exe & follow the prompts.
  4. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  5. When finished, it shall produce a log for you. Post that log in your next reply
    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
    ---------------------------------------------------------------------------------------------
  6. Ensure your AntiVirus and AntiSpyware applications are re-enabled.
    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Link to post
Share on other sites

ComboFix 13-04-15.01 - David 04/15/2013 11:04:16.1.8 - x64

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8099.5681 [GMT -5:00]

Running from: c:\users\David\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}

SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\Microsoft\Windows\DRM\18AB.tmp

c:\programdata\Microsoft\Windows\DRM\18AC.tmp

c:\programdata\Microsoft\Windows\DRM\3753.tmp

c:\programdata\Microsoft\Windows\DRM\3794.tmp

c:\users\David\AppData\Local\assembly\tmp

c:\windows\SysWow64\d2d1debug1.dll

.

.

((((((((((((((((((((((((( Files Created from 2013-03-15 to 2013-04-15 )))))))))))))))))))))))))))))))

.

.

2013-04-15 16:10 . 2013-04-15 16:10 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2013-04-15 16:10 . 2013-04-15 16:10 -------- d-----w- c:\users\MobileNewsPaperDemo\AppData\Local\temp

2013-04-15 16:10 . 2013-04-15 16:10 -------- d-----w- c:\users\jQueryMobileDemo\AppData\Local\temp

2013-04-15 16:10 . 2013-04-15 16:10 -------- d-----w- c:\users\IPFSMOBILE\AppData\Local\temp

2013-04-15 16:10 . 2013-04-15 16:10 -------- d-----w- c:\users\IPFS\AppData\Local\temp

2013-04-15 16:10 . 2013-04-15 16:10 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp

2013-04-15 16:10 . 2013-04-15 16:10 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-04-15 16:10 . 2013-04-15 16:10 -------- d-----w- c:\users\Classic .NET AppPool\AppData\Local\temp

2013-04-15 16:10 . 2013-04-15 16:10 -------- d-----w- c:\users\AchievementAp\AppData\Local\temp

2013-04-14 20:16 . 2013-03-15 06:28 9311288 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BB6916B1-0320-4815-9C90-292459EE7B62}\mpengine.dll

2013-04-14 05:17 . 2013-04-14 05:17 -------- d-----w- C:\FRST

2013-04-14 03:01 . 2013-04-14 03:01 -------- d-----w- c:\windows\Sun

2013-04-13 20:10 . 2013-04-13 20:10 -------- d-----w- c:\users\David\AppData\Roaming\Wireshark

2013-04-13 20:00 . 2013-04-13 20:00 -------- d-----w- c:\program files (x86)\WinPcap

2013-04-13 20:00 . 2013-04-13 20:00 -------- d-----w- c:\program files\Wireshark

2013-04-13 18:25 . 2013-03-15 06:28 9311288 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2013-04-12 17:48 . 2013-04-12 17:48 208216 ----a-w- c:\windows\system32\drivers\25534636.sys

2013-04-10 04:29 . 2013-02-15 06:06 3717632 ----a-w- c:\windows\system32\mstscax.dll

2013-04-10 04:29 . 2013-02-15 04:37 3217408 ----a-w- c:\windows\SysWow64\mstscax.dll

2013-04-10 04:29 . 2013-02-15 06:08 44032 ----a-w- c:\windows\system32\tsgqec.dll

2013-04-10 04:29 . 2013-02-15 06:02 158720 ----a-w- c:\windows\system32\aaclient.dll

2013-04-10 04:29 . 2013-02-15 04:34 131584 ----a-w- c:\windows\SysWow64\aaclient.dll

2013-04-10 04:29 . 2013-02-15 03:25 36864 ----a-w- c:\windows\SysWow64\tsgqec.dll

2013-04-10 04:29 . 2013-03-01 03:36 3153408 ----a-w- c:\windows\system32\win32k.sys

2013-04-10 04:29 . 2013-03-02 06:04 1655656 ----a-w- c:\windows\system32\drivers\ntfs.sys

2013-04-10 04:23 . 2013-03-19 06:04 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-04-10 04:23 . 2013-03-19 05:04 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2013-04-10 04:23 . 2013-03-19 05:46 43520 ----a-w- c:\windows\system32\csrsrv.dll

2013-04-10 04:23 . 2013-03-19 05:04 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2013-04-10 04:23 . 2013-03-19 04:47 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll

2013-04-10 04:23 . 2013-03-19 03:06 112640 ----a-w- c:\windows\system32\smss.exe

2013-04-09 15:43 . 2013-04-10 14:01 -------- d-----w- c:\users\David\AppData\Roaming\Curse Advertising

2013-03-24 06:33 . 2013-03-25 23:49 -------- d-----w- c:\users\David\AppData\Local\7-Zip

2013-03-21 23:54 . 2012-11-29 17:10 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{61A0177C-9EB8-4F8D-AB5B-09658C808B52}\gapaengine.dll

2013-03-20 20:32 . 2013-02-12 04:12 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys

2013-03-16 17:22 . 2013-04-06 04:18 -------- d-----w- c:\program files (x86)\Warcraft III

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-04-10 13:30 . 2012-09-23 03:31 2495264 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll

2013-04-10 13:24 . 2012-09-22 22:24 72702784 ----a-w- c:\windows\system32\MRT.exe

2013-04-04 19:50 . 2013-01-07 18:55 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-04-02 10:34 . 2010-11-21 03:27 282744 ------w- c:\windows\system32\MpSigStub.exe

2013-01-20 21:59 . 2013-01-20 21:59 230320 ----a-w- c:\windows\system32\drivers\MpFilter.sys

2013-01-20 21:59 . 2012-03-21 01:44 130008 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-07-09 123856]

R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 130008]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 379360]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 20992]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-21 88960]

R3 Te.Service;Te.Service;c:\program files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [2012-07-25 126976]

R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 34816]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2011-01-18 68440]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-09-22 1255736]

R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-04-03 59744]

R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 311656]

R4 RsFx0150;RsFx0150 Driver;c:\windows\system32\DRIVERS\RsFx0150.sys [2010-04-03 313696]

R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880]

S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2012-08-30 30056]

S2 MsDepSvc;Web Deployment Agent Service;c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe [2011-04-02 67400]

S2 MsDtsServer100;SQL Server Integration Services 10.0;c:\program files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe [2011-04-24 210784]

S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35344]

S2 ReportServer;SQL Server Reporting Services (MSSQLSERVER);c:\program files\Microsoft SQL Server\MSRS10_50.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2011-04-24 2175328]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]

S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2011-06-23 174680]

S3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);c:\windows\system32\DRIVERS\JME.sys [2011-01-14 132624]

S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-24 22408]

S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-24 16008]

S3 MSSQLFDLauncher;SQL Full-text Filter Daemon Launcher (MSSQLSERVER);c:\program files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe [2010-04-03 32096]

S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-11-19 80384]

S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-11-19 181248]

S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [2011-12-22 876136]

S3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys [2009-12-01 38992]

S3 SSLDrv;Virtual Passage SSLDrv Adapter;c:\windows\system32\DRIVERS\SSLDrv.sys [2010-05-01 21576]

S3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\DRIVERS\vcsvad.sys [2008-12-26 21504]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

iissvcs REG_MULTI_SZ w3svc was

apphost REG_MULTI_SZ apphostsvc

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-01-26 11775592]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-20 170264]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-20 398616]

"Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-20 439064]

"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-04 1580368]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]

"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2012-11-29 7406392]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.com/

mLocal Page = c:\windows\SysWOW64\blank.htm

TCP: DhcpNameServer = 10.0.0.1

FF - ProfilePath - c:\users\David\AppData\Roaming\Mozilla\Firefox\Profiles\31uue3i1.default\

.

- - - - ORPHANS REMOVED - - - -

.

SafeBoot-69949517.sys

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MsDepSvc]

"ImagePath"="\"c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe\" -runService:MsDepSvc"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2013-04-15 11:13:26

ComboFix-quarantined-files.txt 2013-04-15 16:13

.

Pre-Run: 286,634,082,304 bytes free

Post-Run: 289,581,719,552 bytes free

.

- - End Of File - - F366766F43AADF2C739CE03EFF57797E

Link to post
Share on other sites

  • Staff

Please run the following:

Please create a new system restore point before running Malwarebytes Anti-Rootkit if you can.

MBAR tutorial

Download Malwarebytes Anti-Rootkit from HERE

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txt

~~~~~~~~~~~~~~~~~~~~~~~

Note:

If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:

Internet access

Windows Update

Windows Firewall

If there are additional problems with your system, such as any of those listed above or other system issues, then run the fixdamage tool included with Malwarebytes Anti-Rootkit and reboot.

Verify that your system is now functioning normally.

Link to post
Share on other sites

Malwarebytes Anti-Rootkit BETA 1.05.0.1001

www.malwarebytes.org

Database version: v2013.04.16.06

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

David :: DPL9-12 [administrator]

4/16/2013 9:27:01 AM

mbar-log-2013-04-16 (09-27-01).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P

Scan options disabled:

Objects scanned: 35046

Time elapsed: 12 minute(s), 30 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.05.0.1001

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 9.0.8112.16421

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED

CPU speed: 1.995000 GHz

Memory total: 8492380160, free: 5111205888

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.05.0.1001

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 9.0.8112.16421

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED

CPU speed: 1.995000 GHz

Memory total: 8492380160, free: 5142761472

------------ Kernel report ------------

04/13/2013 22:09:33

------------ Loaded modules -----------

\SystemRoot\system32\ntoskrnl.exe

\SystemRoot\system32\hal.dll

\SystemRoot\system32\kdcom.dll

\SystemRoot\system32\mcupdate_GenuineIntel.dll

\SystemRoot\system32\PSHED.dll

\SystemRoot\system32\CLFS.SYS

\SystemRoot\system32\CI.dll

\SystemRoot\system32\drivers\Wdf01000.sys

\SystemRoot\system32\drivers\WDFLDR.SYS

\SystemRoot\system32\drivers\ACPI.sys

\SystemRoot\system32\drivers\WMILIB.SYS

\SystemRoot\system32\drivers\msisadrv.sys

\SystemRoot\system32\drivers\pci.sys

\SystemRoot\system32\drivers\vdrvroot.sys

\SystemRoot\System32\drivers\partmgr.sys

\SystemRoot\system32\DRIVERS\compbatt.sys

\SystemRoot\system32\DRIVERS\BATTC.SYS

\SystemRoot\system32\drivers\volmgr.sys

\SystemRoot\System32\drivers\volmgrx.sys

\SystemRoot\System32\drivers\mountmgr.sys

\SystemRoot\system32\drivers\atapi.sys

\SystemRoot\system32\drivers\ataport.SYS

\SystemRoot\system32\drivers\msahci.sys

\SystemRoot\system32\drivers\PCIIDEX.SYS

\SystemRoot\system32\drivers\amdxata.sys

\SystemRoot\system32\drivers\fltmgr.sys

\SystemRoot\system32\drivers\fileinfo.sys

\SystemRoot\system32\DRIVERS\MpFilter.sys

\SystemRoot\System32\Drivers\Ntfs.sys

\SystemRoot\System32\Drivers\msrpc.sys

\SystemRoot\System32\Drivers\ksecdd.sys

\SystemRoot\System32\Drivers\cng.sys

\SystemRoot\System32\drivers\pcw.sys

\SystemRoot\System32\Drivers\Fs_Rec.sys

\SystemRoot\system32\drivers\ndis.sys

\SystemRoot\system32\drivers\NETIO.SYS

\SystemRoot\System32\Drivers\ksecpkg.sys

\SystemRoot\System32\drivers\tcpip.sys

\SystemRoot\System32\drivers\fwpkclnt.sys

\SystemRoot\system32\drivers\vmstorfl.sys

\SystemRoot\system32\drivers\volsnap.sys

\SystemRoot\System32\Drivers\spldr.sys

\SystemRoot\System32\drivers\rdyboost.sys

\SystemRoot\system32\DRIVERS\nvpciflt.sys

\SystemRoot\System32\Drivers\mup.sys

\SystemRoot\System32\drivers\hwpolicy.sys

\SystemRoot\System32\DRIVERS\fvevol.sys

\SystemRoot\system32\drivers\disk.sys

\SystemRoot\system32\drivers\CLASSPNP.SYS

\SystemRoot\system32\DRIVERS\cdrom.sys

\SystemRoot\System32\Drivers\Null.SYS

\SystemRoot\System32\Drivers\Beep.SYS

\SystemRoot\System32\drivers\vga.sys

\SystemRoot\System32\drivers\VIDEOPRT.SYS

\SystemRoot\System32\drivers\watchdog.sys

\SystemRoot\System32\DRIVERS\RDPCDD.sys

\SystemRoot\system32\drivers\rdpencdd.sys

\SystemRoot\system32\drivers\rdprefmp.sys

\SystemRoot\System32\Drivers\Msfs.SYS

\SystemRoot\System32\Drivers\Npfs.SYS

\SystemRoot\system32\DRIVERS\tdx.sys

\SystemRoot\system32\DRIVERS\TDI.SYS

\SystemRoot\system32\drivers\afd.sys

\SystemRoot\System32\DRIVERS\netbt.sys

\SystemRoot\system32\DRIVERS\wfplwf.sys

\SystemRoot\system32\DRIVERS\pacer.sys

\SystemRoot\system32\DRIVERS\vwififlt.sys

\SystemRoot\system32\DRIVERS\netbios.sys

\SystemRoot\system32\DRIVERS\wanarp.sys

\SystemRoot\system32\DRIVERS\termdd.sys

\SystemRoot\system32\DRIVERS\rdbss.sys

\SystemRoot\system32\drivers\nsiproxy.sys

\SystemRoot\system32\DRIVERS\mssmbios.sys

\SystemRoot\System32\drivers\discache.sys

\SystemRoot\system32\drivers\csc.sys

\SystemRoot\System32\Drivers\dfsc.sys

\SystemRoot\system32\DRIVERS\blbdrive.sys

\SystemRoot\system32\DRIVERS\tunnel.sys

\SystemRoot\system32\DRIVERS\nvlddmkm.sys

\SystemRoot\System32\drivers\dxgkrnl.sys

\SystemRoot\System32\drivers\dxgmms1.sys

\SystemRoot\system32\DRIVERS\igdkmd64.sys

\SystemRoot\system32\DRIVERS\HECIx64.sys

\SystemRoot\system32\drivers\usbehci.sys

\SystemRoot\system32\drivers\USBPORT.SYS

\SystemRoot\system32\DRIVERS\HDAudBus.sys

\SystemRoot\system32\DRIVERS\nusb3xhc.sys

\SystemRoot\system32\DRIVERS\USBD.SYS

\SystemRoot\system32\DRIVERS\rtl8192Ce.sys

\SystemRoot\system32\DRIVERS\vwifibus.sys

\SystemRoot\system32\DRIVERS\JME.sys

\SystemRoot\system32\DRIVERS\jmcr.sys

\SystemRoot\system32\DRIVERS\SCSIPORT.SYS

\SystemRoot\system32\DRIVERS\i8042prt.sys

\SystemRoot\system32\DRIVERS\kbdclass.sys

\SystemRoot\system32\DRIVERS\SynTP.sys

\SystemRoot\system32\DRIVERS\mouclass.sys

\SystemRoot\system32\DRIVERS\CmBatt.sys

\SystemRoot\system32\DRIVERS\wmiacpi.sys

\SystemRoot\system32\DRIVERS\intelppm.sys

\SystemRoot\system32\DRIVERS\CompositeBus.sys

\SystemRoot\system32\DRIVERS\vcsvad.sys

\SystemRoot\system32\DRIVERS\portcls.sys

\SystemRoot\system32\DRIVERS\drmk.sys

\SystemRoot\system32\DRIVERS\ks.sys

\SystemRoot\system32\drivers\ksthunk.sys

\SystemRoot\system32\drivers\ScreamingBAudio64.sys

\SystemRoot\system32\DRIVERS\AgileVpn.sys

\SystemRoot\system32\DRIVERS\rasl2tp.sys

\SystemRoot\system32\DRIVERS\ndistapi.sys

\SystemRoot\system32\DRIVERS\ndiswan.sys

\SystemRoot\system32\DRIVERS\raspppoe.sys

\SystemRoot\system32\DRIVERS\raspptp.sys

\SystemRoot\system32\DRIVERS\rassstp.sys

\SystemRoot\system32\DRIVERS\rdpbus.sys

\SystemRoot\system32\DRIVERS\swenum.sys

\SystemRoot\system32\drivers\LGBusEnum.sys

\SystemRoot\system32\DRIVERS\umbus.sys

\SystemRoot\system32\DRIVERS\SSLDrv.sys

\SystemRoot\system32\DRIVERS\usbhub.sys

\SystemRoot\system32\DRIVERS\nusb3hub.sys

\SystemRoot\System32\Drivers\NDProxy.SYS

\SystemRoot\system32\drivers\RTKVHD64.sys

\SystemRoot\system32\DRIVERS\IntcDAud.sys

\SystemRoot\System32\Drivers\crashdmp.sys

\SystemRoot\System32\Drivers\dump_dumpata.sys

\SystemRoot\System32\Drivers\dump_msahci.sys

\SystemRoot\System32\Drivers\dump_dumpfve.sys

\SystemRoot\System32\win32k.sys

\SystemRoot\System32\drivers\Dxapi.sys

\SystemRoot\system32\DRIVERS\USBSTOR.SYS

\SystemRoot\system32\DRIVERS\monitor.sys

\SystemRoot\System32\TSDDD.dll

\SystemRoot\system32\DRIVERS\usbccgp.sys

\SystemRoot\system32\DRIVERS\hidusb.sys

\SystemRoot\system32\DRIVERS\HIDCLASS.SYS

\SystemRoot\system32\DRIVERS\HIDPARSE.SYS

\SystemRoot\system32\DRIVERS\kbdhid.sys

\SystemRoot\system32\DRIVERS\mouhid.sys

\SystemRoot\System32\cdd.dll

\SystemRoot\System32\Drivers\usbvideo.sys

\SystemRoot\system32\drivers\luafv.sys

\SystemRoot\system32\drivers\WudfPf.sys

\SystemRoot\system32\DRIVERS\lltdio.sys

\SystemRoot\system32\DRIVERS\nwifi.sys

\SystemRoot\system32\DRIVERS\ndisuio.sys

\SystemRoot\system32\DRIVERS\rspndr.sys

\SystemRoot\System32\Drivers\fastfat.SYS

\SystemRoot\system32\drivers\HTTP.sys

\SystemRoot\system32\DRIVERS\bowser.sys

\SystemRoot\System32\drivers\mpsdrv.sys

\SystemRoot\system32\DRIVERS\mrxsmb.sys

\SystemRoot\system32\DRIVERS\mrxsmb10.sys

\SystemRoot\system32\DRIVERS\mrxsmb20.sys

\SystemRoot\system32\DRIVERS\NisDrvWFP.sys

\SystemRoot\system32\drivers\npf.sys

\SystemRoot\system32\drivers\peauth.sys

\SystemRoot\System32\Drivers\secdrv.SYS

\SystemRoot\System32\DRIVERS\srvnet.sys

\SystemRoot\System32\drivers\tcpipreg.sys

\SystemRoot\System32\DRIVERS\srv2.sys

\SystemRoot\System32\DRIVERS\srv.sys

\SystemRoot\system32\DRIVERS\WUDFRd.sys

\SystemRoot\system32\drivers\LGVirHid.sys

\SystemRoot\system32\DRIVERS\asyncmac.sys

\??\C:\Windows\system32\Drivers\PROCEXP152.SYS

\??\C:\Windows\system32\drivers\mbamchameleon.sys

\??\C:\Windows\system32\drivers\mbamswissarmy.sys

\Windows\System32\ntdll.dll

\Windows\System32\smss.exe

\Windows\System32\apisetschema.dll

\Windows\System32\autochk.exe

\Windows\System32\rpcrt4.dll

\Windows\System32\ole32.dll

\Windows\System32\wininet.dll

\Windows\System32\imagehlp.dll

\Windows\System32\msvcrt.dll

\Windows\System32\comdlg32.dll

\Windows\System32\shell32.dll

\Windows\System32\normaliz.dll

\Windows\System32\kernel32.dll

\Windows\System32\msctf.dll

\Windows\System32\ws2_32.dll

\Windows\System32\Wldap32.dll

\Windows\System32\shlwapi.dll

\Windows\System32\urlmon.dll

\Windows\System32\difxapi.dll

\Windows\System32\clbcatq.dll

\Windows\System32\usp10.dll

\Windows\System32\lpk.dll

\Windows\System32\setupapi.dll

\Windows\System32\gdi32.dll

\Windows\System32\oleaut32.dll

\Windows\System32\user32.dll

\Windows\System32\psapi.dll

\Windows\System32\imm32.dll

\Windows\System32\advapi32.dll

\Windows\System32\iertutil.dll

\Windows\System32\nsi.dll

\Windows\System32\sechost.dll

\Windows\System32\wintrust.dll

\Windows\System32\cfgmgr32.dll

\Windows\System32\KernelBase.dll

\Windows\System32\comctl32.dll

\Windows\System32\crypt32.dll

\Windows\System32\devobj.dll

\Windows\System32\msasn1.dll

----------- End -----------

<<<1>>>

Upper Device Name: \Device\Harddisk1\DR1

Upper Device Object: 0xfffffa8009d6b790

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\00000087\

Lower Device Object: 0xfffffa80099f5b60

Lower Device Driver Name: \Driver\USBSTOR\

Driver name found: USBSTOR

Initialization returned 0x0

Load Function returned 0x0

<<<1>>>

Upper Device Name: \Device\Harddisk0\DR0

Upper Device Object: 0xfffffa8007a8b790

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\Ide\IdeDeviceP1T0L0-1\

Lower Device Object: 0xfffffa800747a060

Lower Device Driver Name: \00000255\

Driver name found: atapi

Initialization returned 0x0

Port sub-driver loaded: \??\C:\Windows\System32\drivers\ataport.sys (0x0)

Load Function returned 0x0

Downloaded database version: v2013.04.13.08

Downloaded database version: v2013.03.25.01

Initializing...

Done!

<<<2>>>

Device number: 0, partition: 2

Physical Sector Size: 512

Drive: 0, DevicePointer: 0xfffffa8007a8b790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa8007a8b2c0, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa8007a8b790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa800747d9b0, DeviceName: Unknown, DriverName: \Driver\ACPI\

DevicePointer: 0xfffffa800747a060, DeviceName: \Device\Ide\IdeDeviceP1T0L0-1\, DriverName: \00000255\

------------ End ----------

Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

Upper DeviceData: 0xfffff8a0054df5b0, 0xfffffa8007a8b790, 0xfffffa8007b31790

Lower DeviceData: 0xfffff8a0138dd810, 0xfffffa800747a060, 0xfffffa8007ce5430

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Scanning directory: C:\Windows\system32\drivers...

<<<2>>>

Device number: 0, partition: 2

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Done!

Drive 0

Scanning MBR on drive 0...

MBR buffers are not equal

MBR is forged! [5b875a22f8ce39ec096216471c83be3f]

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: D3C8055C

Partition information:

Partition 0 type is Empty (0x0)

Partition is ACTIVE.

Partition starts at LBA: 28 Numsec = 0

Partition is not bootable

Infected: VBR on Empty active partition --> [unknown Rootkit VBR Infection]

Changing partition to empty and not active. New active partition is 0 on drive 0 ...

Partition 0 type is Primary (0x7)

Partition is ACTIVE.

Partition starts at LBA: 63 Numsec = 208782

Partition file system is NTFS

Partition is bootable

Partition 1 type is Primary (0x7)

Partition is NOT ACTIVE.

Partition starts at LBA: 208896 Numsec = 976562176

Partition 2 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

MBR infection found on drive 0

Disk Size: 500107862016 bytes

Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-27-976753168-976773168)...

Physical Sector Size: 512

Drive: 1, DevicePointer: 0xfffffa8009d6b790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa80099c6b90, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa8009d6b790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa80099f5b60, DeviceName: \Device\00000087\, DriverName: \Driver\USBSTOR\

------------ End ----------

Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\

Upper DeviceData: 0xfffff8a013c5de30, 0xfffffa8009d6b790, 0xfffffa8006ef7250

Lower DeviceData: 0xfffff8a012af5ce0, 0xfffffa80099f5b60, 0xfffffa8007cba270

Drive 1

Scanning MBR on drive 1...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: 57F74A

Partition information:

Partition 0 type is Other (0xc)

Partition is ACTIVE.

Partition starts at LBA: 128 Numsec = 31375232

Partition file system is FAT32

Partition is not bootable

Partition 1 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Disk Size: 16064184320 bytes

Sector size: 512 bytes

Done!

Performing system, memory and registry scan...

Done!

Scan finished

Creating System Restore point...

Scheduling clean up...

<<<2>>>

Device number: 0, partition: 2

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Removal scheduling successful. System shutdown needed.

System shutdown occurred

=======================================

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.05.0.1001

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 9.0.8112.16421

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED

CPU speed: 1.995000 GHz

Memory total: 8492380160, free: 6509232128

Removal queue found; removal started

Removal finished

=======================================

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.05.0.1001

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 9.0.8112.16421

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED

CPU speed: 1.995000 GHz

Memory total: 8492380160, free: 6330515456

------------ Kernel report ------------

04/13/2013 22:29:05

------------ Loaded modules -----------

\SystemRoot\system32\ntoskrnl.exe

\SystemRoot\system32\hal.dll

\SystemRoot\system32\kdcom.dll

\SystemRoot\system32\mcupdate_GenuineIntel.dll

\SystemRoot\system32\PSHED.dll

\SystemRoot\system32\CLFS.SYS

\SystemRoot\system32\CI.dll

\SystemRoot\system32\drivers\Wdf01000.sys

\SystemRoot\system32\drivers\WDFLDR.SYS

\SystemRoot\system32\drivers\ACPI.sys

\SystemRoot\system32\drivers\WMILIB.SYS

\SystemRoot\system32\drivers\msisadrv.sys

\SystemRoot\system32\drivers\pci.sys

\SystemRoot\system32\drivers\vdrvroot.sys

\SystemRoot\System32\drivers\partmgr.sys

\SystemRoot\system32\DRIVERS\compbatt.sys

\SystemRoot\system32\DRIVERS\BATTC.SYS

\SystemRoot\system32\drivers\volmgr.sys

\SystemRoot\System32\drivers\volmgrx.sys

\SystemRoot\System32\drivers\mountmgr.sys

\SystemRoot\system32\drivers\atapi.sys

\SystemRoot\system32\drivers\ataport.SYS

\SystemRoot\system32\drivers\msahci.sys

\SystemRoot\system32\drivers\PCIIDEX.SYS

\SystemRoot\system32\drivers\amdxata.sys

\SystemRoot\system32\drivers\fltmgr.sys

\SystemRoot\system32\drivers\fileinfo.sys

\SystemRoot\system32\DRIVERS\MpFilter.sys

\SystemRoot\System32\Drivers\Ntfs.sys

\SystemRoot\System32\Drivers\msrpc.sys

\SystemRoot\System32\Drivers\ksecdd.sys

\SystemRoot\System32\Drivers\cng.sys

\SystemRoot\System32\drivers\pcw.sys

\SystemRoot\System32\Drivers\Fs_Rec.sys

\SystemRoot\system32\drivers\ndis.sys

\SystemRoot\system32\drivers\NETIO.SYS

\SystemRoot\System32\Drivers\ksecpkg.sys

\SystemRoot\System32\drivers\tcpip.sys

\SystemRoot\System32\drivers\fwpkclnt.sys

\SystemRoot\system32\drivers\vmstorfl.sys

\SystemRoot\system32\drivers\volsnap.sys

\SystemRoot\System32\Drivers\spldr.sys

\SystemRoot\System32\drivers\rdyboost.sys

\SystemRoot\system32\DRIVERS\nvpciflt.sys

\SystemRoot\System32\Drivers\mup.sys

\SystemRoot\System32\drivers\hwpolicy.sys

\SystemRoot\System32\DRIVERS\fvevol.sys

\SystemRoot\system32\drivers\disk.sys

\SystemRoot\system32\drivers\CLASSPNP.SYS

\SystemRoot\system32\DRIVERS\cdrom.sys

\SystemRoot\System32\Drivers\Null.SYS

\SystemRoot\System32\Drivers\Beep.SYS

\SystemRoot\System32\drivers\vga.sys

\SystemRoot\System32\drivers\VIDEOPRT.SYS

\SystemRoot\System32\drivers\watchdog.sys

\SystemRoot\System32\DRIVERS\RDPCDD.sys

\SystemRoot\system32\drivers\rdpencdd.sys

\SystemRoot\system32\drivers\rdprefmp.sys

\SystemRoot\System32\Drivers\Msfs.SYS

\SystemRoot\System32\Drivers\Npfs.SYS

\SystemRoot\system32\DRIVERS\tdx.sys

\SystemRoot\system32\DRIVERS\TDI.SYS

\SystemRoot\system32\drivers\afd.sys

\SystemRoot\System32\DRIVERS\netbt.sys

\SystemRoot\system32\DRIVERS\wfplwf.sys

\SystemRoot\system32\DRIVERS\pacer.sys

\SystemRoot\system32\DRIVERS\vwififlt.sys

\SystemRoot\system32\DRIVERS\netbios.sys

\SystemRoot\system32\DRIVERS\wanarp.sys

\SystemRoot\system32\DRIVERS\termdd.sys

\SystemRoot\system32\DRIVERS\rdbss.sys

\SystemRoot\system32\drivers\nsiproxy.sys

\SystemRoot\system32\DRIVERS\mssmbios.sys

\SystemRoot\System32\drivers\discache.sys

\SystemRoot\system32\drivers\csc.sys

\SystemRoot\System32\Drivers\dfsc.sys

\SystemRoot\system32\DRIVERS\blbdrive.sys

\SystemRoot\system32\DRIVERS\tunnel.sys

\SystemRoot\system32\DRIVERS\nvlddmkm.sys

\SystemRoot\System32\drivers\dxgkrnl.sys

\SystemRoot\System32\drivers\dxgmms1.sys

\SystemRoot\system32\DRIVERS\igdkmd64.sys

\SystemRoot\system32\DRIVERS\HECIx64.sys

\SystemRoot\system32\drivers\usbehci.sys

\SystemRoot\system32\drivers\USBPORT.SYS

\SystemRoot\system32\DRIVERS\HDAudBus.sys

\SystemRoot\system32\DRIVERS\nusb3xhc.sys

\SystemRoot\system32\DRIVERS\USBD.SYS

\SystemRoot\system32\DRIVERS\rtl8192Ce.sys

\SystemRoot\system32\DRIVERS\vwifibus.sys

\SystemRoot\system32\DRIVERS\JME.sys

\SystemRoot\system32\DRIVERS\jmcr.sys

\SystemRoot\system32\DRIVERS\SCSIPORT.SYS

\SystemRoot\system32\DRIVERS\i8042prt.sys

\SystemRoot\system32\DRIVERS\kbdclass.sys

\SystemRoot\system32\DRIVERS\SynTP.sys

\SystemRoot\system32\DRIVERS\mouclass.sys

\SystemRoot\system32\DRIVERS\CmBatt.sys

\SystemRoot\system32\DRIVERS\wmiacpi.sys

\SystemRoot\system32\DRIVERS\intelppm.sys

\SystemRoot\system32\DRIVERS\CompositeBus.sys

\SystemRoot\system32\DRIVERS\vcsvad.sys

\SystemRoot\system32\DRIVERS\portcls.sys

\SystemRoot\system32\DRIVERS\drmk.sys

\SystemRoot\system32\DRIVERS\ks.sys

\SystemRoot\system32\drivers\ksthunk.sys

\SystemRoot\system32\drivers\ScreamingBAudio64.sys

\SystemRoot\system32\DRIVERS\AgileVpn.sys

\SystemRoot\system32\DRIVERS\rasl2tp.sys

\SystemRoot\system32\DRIVERS\ndistapi.sys

\SystemRoot\system32\DRIVERS\ndiswan.sys

\SystemRoot\system32\DRIVERS\raspppoe.sys

\SystemRoot\system32\DRIVERS\raspptp.sys

\SystemRoot\system32\DRIVERS\rassstp.sys

\SystemRoot\system32\DRIVERS\rdpbus.sys

\SystemRoot\system32\DRIVERS\swenum.sys

\SystemRoot\system32\drivers\LGBusEnum.sys

\SystemRoot\system32\DRIVERS\umbus.sys

\SystemRoot\system32\DRIVERS\SSLDrv.sys

\SystemRoot\system32\DRIVERS\usbhub.sys

\SystemRoot\system32\DRIVERS\nusb3hub.sys

\SystemRoot\System32\Drivers\NDProxy.SYS

\SystemRoot\system32\drivers\RTKVHD64.sys

\SystemRoot\system32\DRIVERS\IntcDAud.sys

\SystemRoot\System32\Drivers\crashdmp.sys

\SystemRoot\System32\Drivers\dump_dumpata.sys

\SystemRoot\System32\Drivers\dump_msahci.sys

\SystemRoot\System32\Drivers\dump_dumpfve.sys

\SystemRoot\System32\win32k.sys

\SystemRoot\System32\drivers\Dxapi.sys

\SystemRoot\system32\DRIVERS\USBSTOR.SYS

\SystemRoot\system32\DRIVERS\usbccgp.sys

\SystemRoot\system32\DRIVERS\hidusb.sys

\SystemRoot\system32\DRIVERS\HIDCLASS.SYS

\SystemRoot\system32\DRIVERS\HIDPARSE.SYS

\SystemRoot\system32\DRIVERS\kbdhid.sys

\SystemRoot\system32\DRIVERS\mouhid.sys

\SystemRoot\system32\DRIVERS\monitor.sys

\SystemRoot\System32\TSDDD.dll

\SystemRoot\System32\cdd.dll

\SystemRoot\System32\Drivers\usbvideo.sys

\SystemRoot\system32\drivers\luafv.sys

\SystemRoot\system32\drivers\WudfPf.sys

\SystemRoot\system32\DRIVERS\lltdio.sys

\SystemRoot\system32\DRIVERS\nwifi.sys

\SystemRoot\system32\DRIVERS\ndisuio.sys

\SystemRoot\system32\DRIVERS\rspndr.sys

\SystemRoot\System32\Drivers\fastfat.SYS

\SystemRoot\system32\drivers\HTTP.sys

\SystemRoot\system32\DRIVERS\bowser.sys

\SystemRoot\System32\drivers\mpsdrv.sys

\SystemRoot\system32\DRIVERS\mrxsmb.sys

\SystemRoot\system32\DRIVERS\mrxsmb10.sys

\SystemRoot\system32\DRIVERS\mrxsmb20.sys

\SystemRoot\system32\DRIVERS\NisDrvWFP.sys

\SystemRoot\system32\drivers\npf.sys

\SystemRoot\system32\drivers\peauth.sys

\SystemRoot\System32\Drivers\secdrv.SYS

\SystemRoot\System32\DRIVERS\srvnet.sys

\SystemRoot\System32\drivers\tcpipreg.sys

\SystemRoot\System32\DRIVERS\srv2.sys

\SystemRoot\System32\DRIVERS\srv.sys

\SystemRoot\system32\DRIVERS\WUDFRd.sys

\SystemRoot\system32\drivers\LGVirHid.sys

\??\C:\Windows\system32\drivers\mbamchameleon.sys

\??\C:\Windows\system32\drivers\mbamswissarmy.sys

\Windows\System32\ntdll.dll

\Windows\System32\smss.exe

\Windows\System32\apisetschema.dll

\Windows\System32\autochk.exe

\Windows\System32\shlwapi.dll

\Windows\System32\normaliz.dll

\Windows\System32\user32.dll

\Windows\System32\gdi32.dll

\Windows\System32\oleaut32.dll

\Windows\System32\nsi.dll

\Windows\System32\psapi.dll

\Windows\System32\imm32.dll

\Windows\System32\sechost.dll

\Windows\System32\urlmon.dll

\Windows\System32\clbcatq.dll

\Windows\System32\ole32.dll

\Windows\System32\msctf.dll

\Windows\System32\usp10.dll

\Windows\System32\lpk.dll

\Windows\System32\rpcrt4.dll

\Windows\System32\advapi32.dll

\Windows\System32\ws2_32.dll

\Windows\System32\msvcrt.dll

\Windows\System32\imagehlp.dll

\Windows\System32\Wldap32.dll

\Windows\System32\setupapi.dll

\Windows\System32\wininet.dll

\Windows\System32\difxapi.dll

\Windows\System32\shell32.dll

\Windows\System32\iertutil.dll

\Windows\System32\kernel32.dll

\Windows\System32\comdlg32.dll

\Windows\System32\comctl32.dll

\Windows\System32\cfgmgr32.dll

\Windows\System32\devobj.dll

\Windows\System32\wintrust.dll

\Windows\System32\crypt32.dll

\Windows\System32\KernelBase.dll

\Windows\System32\msasn1.dll

----------- End -----------

<<<1>>>

Upper Device Name: \Device\Harddisk1\DR1

Upper Device Object: 0xfffffa800a0af790

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\00000085\

Lower Device Object: 0xfffffa80098cdb60

Lower Device Driver Name: \Driver\USBSTOR\

Driver name found: USBSTOR

Initialization returned 0x0

Load Function returned 0x0

<<<1>>>

Upper Device Name: \Device\Harddisk0\DR0

Upper Device Object: 0xfffffa8007a6f790

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\Ide\IdeDeviceP1T0L0-1\

Lower Device Object: 0xfffffa8007856060

Lower Device Driver Name: \Driver\atapi\

Driver name found: atapi

Initialization returned 0x0

Port sub-driver loaded: \??\C:\Windows\System32\drivers\ataport.sys (0x0)

Load Function returned 0x0

Initializing...

Done!

<<<2>>>

Device number: 0, partition: 2

Physical Sector Size: 512

Drive: 0, DevicePointer: 0xfffffa8007a6f790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa8007a6f2c0, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa8007a6f790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa8007859e40, DeviceName: Unknown, DriverName: \Driver\ACPI\

DevicePointer: 0xfffffa8007856060, DeviceName: \Device\Ide\IdeDeviceP1T0L0-1\, DriverName: \Driver\atapi\

------------ End ----------

Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

Upper DeviceData: 0xfffff8a004df8150, 0xfffffa8007a6f790, 0xfffffa8006bf8790

Lower DeviceData: 0xfffff8a005764590, 0xfffffa8007856060, 0xfffffa800ab5b650

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Scanning directory: C:\Windows\system32\drivers...

<<<2>>>

Device number: 0, partition: 2

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Done!

Drive 0

Scanning MBR on drive 0...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: D3C8055C

Partition information:

Partition 0 type is Primary (0x7)

Partition is ACTIVE.

Partition starts at LBA: 63 Numsec = 208782

Partition file system is NTFS

Partition is bootable

Partition 1 type is Primary (0x7)

Partition is NOT ACTIVE.

Partition starts at LBA: 208896 Numsec = 976562176

Partition 2 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Disk Size: 500107862016 bytes

Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-976753168-976773168)...

Physical Sector Size: 512

Drive: 1, DevicePointer: 0xfffffa800a0af790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa80098cbb90, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa800a0af790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa80098cdb60, DeviceName: \Device\00000085\, DriverName: \Driver\USBSTOR\

------------ End ----------

Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\

Upper DeviceData: 0xfffff8a005664040, 0xfffffa800a0af790, 0xfffffa800b51a790

Lower DeviceData: 0xfffff8a005783590, 0xfffffa80098cdb60, 0xfffffa800ab34a20

Drive 1

Scanning MBR on drive 1...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: 57F74A

Partition information:

Partition 0 type is Other (0xc)

Partition is ACTIVE.

Partition starts at LBA: 128 Numsec = 31375232

Partition file system is FAT32

Partition is not bootable

Partition 1 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Disk Size: 16064184320 bytes

Sector size: 512 bytes

Done!

Performing system, memory and registry scan...

Done!

Scan finished

=======================================

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.05.0.1001

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 9.0.8112.16421

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED

CPU speed: 1.995000 GHz

Memory total: 8492380160, free: 6454714368

Removal queue found; removal started

Removal finished

=======================================

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.05.0.1001

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 9.0.8112.16421

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED

CPU speed: 1.995000 GHz

Memory total: 8492380160, free: 5700317184

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.05.0.1001

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 9.0.8112.16421

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED

CPU speed: 1.995000 GHz

Memory total: 8492380160, free: 6462959616

------------ Kernel report ------------

04/16/2013 09:13:33

------------ Loaded modules -----------

\SystemRoot\system32\ntoskrnl.exe

\SystemRoot\system32\hal.dll

\SystemRoot\system32\kdcom.dll

\SystemRoot\system32\mcupdate_GenuineIntel.dll

\SystemRoot\system32\PSHED.dll

\SystemRoot\system32\CLFS.SYS

\SystemRoot\system32\CI.dll

\SystemRoot\system32\drivers\Wdf01000.sys

\SystemRoot\system32\drivers\WDFLDR.SYS

\SystemRoot\system32\drivers\ACPI.sys

\SystemRoot\system32\drivers\WMILIB.SYS

\SystemRoot\system32\drivers\msisadrv.sys

\SystemRoot\system32\drivers\pci.sys

\SystemRoot\system32\drivers\vdrvroot.sys

\SystemRoot\System32\drivers\partmgr.sys

\SystemRoot\system32\DRIVERS\compbatt.sys

\SystemRoot\system32\DRIVERS\BATTC.SYS

\SystemRoot\system32\drivers\volmgr.sys

\SystemRoot\System32\drivers\volmgrx.sys

\SystemRoot\System32\drivers\mountmgr.sys

\SystemRoot\system32\drivers\atapi.sys

\SystemRoot\system32\drivers\ataport.SYS

\SystemRoot\system32\drivers\msahci.sys

\SystemRoot\system32\drivers\PCIIDEX.SYS

\SystemRoot\system32\drivers\amdxata.sys

\SystemRoot\system32\drivers\fltmgr.sys

\SystemRoot\system32\drivers\fileinfo.sys

\SystemRoot\system32\DRIVERS\MpFilter.sys

\SystemRoot\System32\Drivers\Ntfs.sys

\SystemRoot\System32\Drivers\msrpc.sys

\SystemRoot\System32\Drivers\ksecdd.sys

\SystemRoot\System32\Drivers\cng.sys

\SystemRoot\System32\drivers\pcw.sys

\SystemRoot\System32\Drivers\Fs_Rec.sys

\SystemRoot\system32\drivers\ndis.sys

\SystemRoot\system32\drivers\NETIO.SYS

\SystemRoot\System32\Drivers\ksecpkg.sys

\SystemRoot\System32\drivers\tcpip.sys

\SystemRoot\System32\drivers\fwpkclnt.sys

\SystemRoot\system32\drivers\vmstorfl.sys

\SystemRoot\system32\drivers\volsnap.sys

\SystemRoot\System32\Drivers\spldr.sys

\SystemRoot\System32\drivers\rdyboost.sys

\SystemRoot\system32\DRIVERS\nvpciflt.sys

\SystemRoot\System32\Drivers\mup.sys

\SystemRoot\System32\drivers\hwpolicy.sys

\SystemRoot\System32\DRIVERS\fvevol.sys

\SystemRoot\system32\drivers\disk.sys

\SystemRoot\system32\drivers\CLASSPNP.SYS

\SystemRoot\system32\DRIVERS\cdrom.sys

\SystemRoot\System32\Drivers\Null.SYS

\SystemRoot\System32\Drivers\Beep.SYS

\SystemRoot\System32\drivers\vga.sys

\SystemRoot\System32\drivers\VIDEOPRT.SYS

\SystemRoot\System32\drivers\watchdog.sys

\SystemRoot\System32\DRIVERS\RDPCDD.sys

\SystemRoot\system32\drivers\rdpencdd.sys

\SystemRoot\system32\drivers\rdprefmp.sys

\SystemRoot\System32\Drivers\Msfs.SYS

\SystemRoot\System32\Drivers\Npfs.SYS

\SystemRoot\system32\DRIVERS\tdx.sys

\SystemRoot\system32\DRIVERS\TDI.SYS

\SystemRoot\system32\drivers\afd.sys

\SystemRoot\System32\DRIVERS\netbt.sys

\SystemRoot\system32\drivers\ws2ifsl.sys

\SystemRoot\system32\DRIVERS\wfplwf.sys

\SystemRoot\system32\DRIVERS\pacer.sys

\SystemRoot\system32\DRIVERS\vwififlt.sys

\SystemRoot\system32\DRIVERS\netbios.sys

\SystemRoot\system32\DRIVERS\wanarp.sys

\SystemRoot\system32\DRIVERS\termdd.sys

\SystemRoot\system32\DRIVERS\rdbss.sys

\SystemRoot\system32\drivers\nsiproxy.sys

\SystemRoot\system32\DRIVERS\mssmbios.sys

\SystemRoot\System32\drivers\discache.sys

\SystemRoot\system32\drivers\csc.sys

\SystemRoot\System32\Drivers\dfsc.sys

\SystemRoot\system32\DRIVERS\blbdrive.sys

\SystemRoot\system32\DRIVERS\tunnel.sys

\SystemRoot\system32\DRIVERS\nvlddmkm.sys

\SystemRoot\System32\drivers\dxgkrnl.sys

\SystemRoot\System32\drivers\dxgmms1.sys

\SystemRoot\system32\DRIVERS\igdkmd64.sys

\SystemRoot\system32\DRIVERS\HECIx64.sys

\SystemRoot\system32\drivers\usbehci.sys

\SystemRoot\system32\drivers\USBPORT.SYS

\SystemRoot\system32\DRIVERS\HDAudBus.sys

\SystemRoot\system32\DRIVERS\nusb3xhc.sys

\SystemRoot\system32\DRIVERS\USBD.SYS

\SystemRoot\system32\DRIVERS\rtl8192Ce.sys

\SystemRoot\system32\DRIVERS\vwifibus.sys

\SystemRoot\system32\DRIVERS\JME.sys

\SystemRoot\system32\DRIVERS\jmcr.sys

\SystemRoot\system32\DRIVERS\SCSIPORT.SYS

\SystemRoot\system32\DRIVERS\i8042prt.sys

\SystemRoot\system32\DRIVERS\kbdclass.sys

\SystemRoot\system32\DRIVERS\SynTP.sys

\SystemRoot\system32\DRIVERS\mouclass.sys

\SystemRoot\system32\DRIVERS\CmBatt.sys

\SystemRoot\system32\DRIVERS\wmiacpi.sys

\SystemRoot\system32\DRIVERS\intelppm.sys

\SystemRoot\system32\DRIVERS\CompositeBus.sys

\SystemRoot\system32\DRIVERS\vcsvad.sys

\SystemRoot\system32\DRIVERS\portcls.sys

\SystemRoot\system32\DRIVERS\drmk.sys

\SystemRoot\system32\DRIVERS\ks.sys

\SystemRoot\system32\drivers\ksthunk.sys

\SystemRoot\system32\drivers\ScreamingBAudio64.sys

\SystemRoot\system32\DRIVERS\AgileVpn.sys

\SystemRoot\system32\DRIVERS\rasl2tp.sys

\SystemRoot\system32\DRIVERS\ndistapi.sys

\SystemRoot\system32\DRIVERS\ndiswan.sys

\SystemRoot\system32\DRIVERS\raspppoe.sys

\SystemRoot\system32\DRIVERS\raspptp.sys

\SystemRoot\system32\DRIVERS\rassstp.sys

\SystemRoot\system32\DRIVERS\rdpbus.sys

\SystemRoot\system32\DRIVERS\swenum.sys

\SystemRoot\system32\drivers\LGBusEnum.sys

\SystemRoot\system32\DRIVERS\umbus.sys

\SystemRoot\system32\DRIVERS\SSLDrv.sys

\SystemRoot\system32\DRIVERS\usbhub.sys

\SystemRoot\system32\DRIVERS\nusb3hub.sys

\SystemRoot\System32\Drivers\NDProxy.SYS

\SystemRoot\system32\drivers\RTKVHD64.sys

\SystemRoot\system32\DRIVERS\IntcDAud.sys

\SystemRoot\system32\DRIVERS\usbccgp.sys

\SystemRoot\system32\drivers\usbaudio.sys

\SystemRoot\system32\DRIVERS\hidusb.sys

\SystemRoot\system32\DRIVERS\HIDCLASS.SYS

\SystemRoot\system32\DRIVERS\HIDPARSE.SYS

\SystemRoot\System32\Drivers\crashdmp.sys

\SystemRoot\System32\Drivers\dump_dumpata.sys

\SystemRoot\System32\Drivers\dump_msahci.sys

\SystemRoot\System32\Drivers\dump_dumpfve.sys

\SystemRoot\System32\win32k.sys

\SystemRoot\System32\drivers\Dxapi.sys

\SystemRoot\system32\DRIVERS\kbdhid.sys

\SystemRoot\system32\DRIVERS\mouhid.sys

\SystemRoot\system32\DRIVERS\monitor.sys

\SystemRoot\System32\TSDDD.dll

\SystemRoot\System32\cdd.dll

\SystemRoot\System32\Drivers\usbvideo.sys

\SystemRoot\system32\drivers\luafv.sys

\SystemRoot\system32\drivers\WudfPf.sys

\SystemRoot\system32\DRIVERS\lltdio.sys

\SystemRoot\system32\DRIVERS\nwifi.sys

\SystemRoot\system32\DRIVERS\ndisuio.sys

\SystemRoot\system32\DRIVERS\rspndr.sys

\SystemRoot\system32\drivers\HTTP.sys

\SystemRoot\system32\DRIVERS\bowser.sys

\SystemRoot\System32\drivers\mpsdrv.sys

\SystemRoot\system32\DRIVERS\mrxsmb.sys

\SystemRoot\system32\DRIVERS\mrxsmb10.sys

\SystemRoot\system32\DRIVERS\mrxsmb20.sys

\SystemRoot\system32\DRIVERS\NisDrvWFP.sys

\SystemRoot\system32\drivers\npf.sys

\SystemRoot\system32\drivers\peauth.sys

\SystemRoot\System32\Drivers\secdrv.SYS

\SystemRoot\System32\DRIVERS\srvnet.sys

\SystemRoot\System32\drivers\tcpipreg.sys

\SystemRoot\System32\DRIVERS\srv2.sys

\SystemRoot\System32\DRIVERS\srv.sys

\SystemRoot\system32\drivers\LGVirHid.sys

\??\C:\Windows\system32\drivers\mbamchameleon.sys

\??\C:\Windows\system32\drivers\mbamswissarmy.sys

\Windows\System32\ntdll.dll

\Windows\System32\smss.exe

\Windows\System32\apisetschema.dll

\Windows\System32\autochk.exe

\Windows\System32\shlwapi.dll

\Windows\System32\user32.dll

\Windows\System32\msvcrt.dll

\Windows\System32\usp10.dll

\Windows\System32\wininet.dll

\Windows\System32\kernel32.dll

\Windows\System32\clbcatq.dll

\Windows\System32\rpcrt4.dll

\Windows\System32\psapi.dll

\Windows\System32\setupapi.dll

\Windows\System32\imm32.dll

\Windows\System32\imagehlp.dll

\Windows\System32\sechost.dll

\Windows\System32\ws2_32.dll

\Windows\System32\difxapi.dll

\Windows\System32\shell32.dll

\Windows\System32\oleaut32.dll

\Windows\System32\ole32.dll

\Windows\System32\Wldap32.dll

\Windows\System32\gdi32.dll

\Windows\System32\urlmon.dll

\Windows\System32\msctf.dll

\Windows\System32\nsi.dll

\Windows\System32\lpk.dll

\Windows\System32\normaliz.dll

\Windows\System32\advapi32.dll

\Windows\System32\iertutil.dll

\Windows\System32\comdlg32.dll

\Windows\System32\crypt32.dll

\Windows\System32\comctl32.dll

\Windows\System32\cfgmgr32.dll

\Windows\System32\wintrust.dll

\Windows\System32\KernelBase.dll

\Windows\System32\devobj.dll

\Windows\System32\msasn1.dll

----------- End -----------

<<<1>>>

Upper Device Name: \Device\Harddisk0\DR0

Upper Device Object: 0xfffffa8007a8b790

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\Ide\IdeDeviceP1T0L0-1\

Lower Device Object: 0xfffffa800787b060

Lower Device Driver Name: \Driver\atapi\

Driver name found: atapi

Initialization returned 0x0

Port sub-driver loaded: \??\C:\Windows\System32\drivers\ataport.sys (0x0)

Load Function returned 0x0

Downloaded database version: v2013.04.16.06

Initializing...

Done!

<<<2>>>

Device number: 0, partition: 2

Physical Sector Size: 512

Drive: 0, DevicePointer: 0xfffffa8007a8b790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa8007a8b2c0, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa8007a8b790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa800787e9b0, DeviceName: Unknown, DriverName: \Driver\ACPI\

DevicePointer: 0xfffffa800787b060, DeviceName: \Device\Ide\IdeDeviceP1T0L0-1\, DriverName: \Driver\atapi\

------------ End ----------

Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

Upper DeviceData: 0xfffff8a004b8fa50, 0xfffffa8007a8b790, 0xfffffa800b32c790

Lower DeviceData: 0xfffff8a004ae8a40, 0xfffffa800787b060, 0xfffffa800ababa90

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Scanning directory: C:\Windows\system32\drivers...

<<<2>>>

Device number: 0, partition: 2

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Done!

Drive 0

Scanning MBR on drive 0...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: D3C8055C

Partition information:

Partition 0 type is Primary (0x7)

Partition is ACTIVE.

Partition starts at LBA: 63 Numsec = 208782

Partition file system is NTFS

Partition is bootable

Partition 1 type is Primary (0x7)

Partition is NOT ACTIVE.

Partition starts at LBA: 208896 Numsec = 976562176

Partition 2 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Disk Size: 500107862016 bytes

Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-976753168-976773168)...

Done!

Performing system, memory and registry scan...

Done!

Scan finished

=======================================

Link to post
Share on other sites

My Machine seems to be virus free thanks to you CatByte, but my processor performance has taken a big hit it seems. My Visual Studios for work has slowed down considerably and when I play games the FPS is terrible. I noticed my WEI processor score is only 4.6 for an I7 and I'm pretty sure it was 7+ last time I looked. Any idea what was changed and how I can get this back where it belongs? Your help is greatly appreciated!!!

Link to post
Share on other sites

  • Staff

I'm really not certain what could have caused that.

Try running a defrag:

First open an elevated Command Prompt

  • Go to Start > All Programs > Accessories
  • right click on the Command Prompt and choose “Run as administrator”
  • Type the following see how much your hard drive is fragmented (in this example, your C:\ drive):
  • defrag c: -a (be patient, this can take a while)
  • The resulting analysis will tell you a “Percent file fragmentation” and at the bottom, if you need to defragment the drive or not.
  • To fully defragment your C:\ drive type the following:
  • defrag c: -w
  • Give it time to run (it can take a while, best to leave the computer alone) and then you’re done!

Then run the following:

Please download Windows Repair (all in one) from here

Install the program then run it

Go to step 2 and allow it to run Disk check

Capture3.gif

Once that is done then go to step 3 and allow it to run SFC

Capture.gif

On the the Start Repairs tab => Click the Start

7fthj.png

Click on the select all check box and then click on Start

DON'T use the computer while each scan is in progress.

Restart may be needed to finish the repair procedure.

Let me know if that makes any difference

Link to post
Share on other sites

I checked on defrag and it wasn't needed. The current image on the HD has only been on there since September 2012. The windows repair didn't seem to change anything but now that I think about it, I didn't run it as administrator which would probably make a big difference. As far as the virus goes I think I'm clean. Thanks alot for the help. Hopefully I'll be able to figure this performance issue out. I may just have to reimage again.

Link to post
Share on other sites

  • Staff

Let's make sure there are no lefovers, please run the following:

Please download Junkware Removal Tool to your desktop.

  • Shutdown your antivirus to avoid any conflicts.
  • Right-mouse click JRT.exe and select Run as administrator
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message

NEXT

Download AdwCleaner from here and save it to your desktop.

  • Run AdwCleaner and select Delete
  • Once done it will ask to reboot, allow the reboot
  • On reboot a log will be produced, please attach the content of the log to your next reply

NEXT

  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

NEXT

Go here to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Link to post
Share on other sites

I screwed up and didn't run ESET correctly by keeping "Remove found threats" ticked and not going into advanced settings. I've started another scan anyway following the correct instructions but it found a few threats that were removed due to keeping that checkbox checked.... Here are the 3 log files including the removed threat ESET scan.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 4.8.9 (04.22.2013:1)

OS: Windows 7 Ultimate x64

Ran by David on Tue 04/23/2013 at 10:07:15.23

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] "hkey_current_user\software\apn pip"

Successfully deleted: [Registry Key] "hkey_local_machine\software\pip"

~~~ Files

~~~ Folders

~~~ FireFox

Successfully deleted: [File] C:\Users\David\AppData\Roaming\mozilla\firefox\profiles\31uue3i1.default\extensions\czazsshbze@czazsshbze.org.xpi [Tracur]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Tue 04/23/2013 at 10:10:05.79

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

Database version: v2013.04.23.04

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

David :: DPL9-12 [administrator]

4/23/2013 10:27:28 AM

mbam-log-2013-04-23 (10-27-28).txt

Scan type: Full scan (C:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 714586

Time elapsed: 1 hour(s), 29 minute(s), 41 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

# AdwCleaner v2.202 - Logfile created 04/23/2013 at 10:21:37

# Updated 23/04/2013 by Xplode

# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)

# User : David - DPL9-12

# Boot Mode : Normal

# Running from : C:\Users\David\Desktop\adwcleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

***** [Registry] *****

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16476

[OK] Registry is clean.

-\\ Mozilla Firefox v20.0.1 (en-US)

File : C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\31uue3i1.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [791 octets] - [23/04/2013 10:21:17]

AdwCleaner[s1].txt - [723 octets] - [23/04/2013 10:21:37]

########## EOF - C:\AdwCleaner[s1].txt - [782 octets] ##########

# AdwCleaner v2.202 - Logfile created 04/23/2013 at 10:21:17

# Updated 23/04/2013 by Xplode

# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)

# User : David - DPL9-12

# Boot Mode : Normal

# Running from : C:\Users\David\Desktop\adwcleaner.exe

# Option [search]

***** [services] *****

***** [Files / Folders] *****

***** [Registry] *****

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16476

[OK] Registry is clean.

-\\ Mozilla Firefox v20.0.1 (en-US)

File : C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\31uue3i1.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [664 octets] - [23/04/2013 10:21:17]

########## EOF - C:\AdwCleaner[R1].txt - [723 octets] ##########

C:\Qoobox\Quarantine\C\ProgramData\Microsoft\Windows\DRM\18AB.tmp.vir Win64/Olmarik.AY trojan cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\ProgramData\Microsoft\Windows\DRM\18AC.tmp.vir Win64/Olmarik.AY trojan cleaned by deleting - quarantined

Link to post
Share on other sites

  • Staff

That's OK that those files were removed, they were in the ComboFix quarantine folder.

Please run the following:

Visit ADOBE and download the latest version of Acrobat Reader (version XI)

Having the latest updates ensures there are no security vulnerabilities in your system.

Decline any additional installs that may be offered.

NEXT

javaicon.jpg

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

  • Download the latest version of Java Runtime Environment (JRE) 7 and Save it to your Desktop.
  • Scroll down to where it says Java SE 7u21
  • Click the Download button under JRE to the right.
  • Read the License Agreement then select Accept License Agreement
  • Click on the link to download Windows x86 Offline and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add or Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java 6) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7u21-windows-i586.exe to install the newest version.
  • Decline any additional installs that may be offered.

  • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are three options in the window to clear the cache - Leave these two Checked

      • Trace and Log Files
        Cached Applications and Applets

    • Click OK on Delete Temporary Files Window
      Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
    • Click OK to leave the Temporary Files Window
    • Click OK to leave the Java Control Panel.

Please advise how the computer is running now and if there are any outstanding issues

Link to post
Share on other sites

  • 2 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.