Jump to content

Malware/virus that malware/antimalware doesn't find or avast and runs svc.host.exe as 100% computer usage.


Recommended Posts

Hi,

I've tried several tools including malware/avast. I also tried the program that runs for 5 hours and it stops midway finding 8 trojans but never completes to get rid of them. Not sure what to do on this laptop but it has been infected for over a year and its getting worse. I've run the program that deletes all the malware removal tools and also manually deleted them so not sure what their names are. The computer is still running super slow with 100% usuage on a program called svc.host.exe (not the real one, one run by a virus)

Link to post
Share on other sites

Welcome to the forum, please start at the link below:

http://forums.malwar...?showtopic=9573

Post back the 2 logs here.....DDS.txt and Attach.txt

(please don't put logs in code or quotes)

P2P Warning:

If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

<====><====><====><====><====><====><====><====>

Next................

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller 32 bit to your desktop.

RogueKiller<---use this one for 64 bit systems

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes)

MrC

Note:

Please read all of my instructions completely including these.

Make sure you're subscribed to this topic:
Click on the
Follow This Topic Button
(at the top right of this page), make sure that the
Receive notification
box is checked and that it is set to
Instantly

Removing malware can be unpredictable
...things can go very wrong!
Backup
any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>
Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>
Please stick with me until I give you the "all clear" and
Please don't waste my time by leaving before that
.

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

Link to post
Share on other sites

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

Database version: v2013.05.06.11

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Big Kahun Global :: BIGKAHUNASIGNS [administrator]

5/10/2013 8:50:50 PM

mbam-log-2013-05-10 (20-50-50).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 247426

Time elapsed: 11 minute(s), 16 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16448

Run by Big Kahun Global at 22:22:14 on 2013-05-10

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3003.2124 [GMT -4:00]

.

AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k HsfXAudioService

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files\Alwil Software\Avast5\AvastUI.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb

mStart Page = hxxp://www.google.com

mDefault_Page_URL = hxxp://www.google.com

mWinlogon: Userinit = userinit.exe,

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll

BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll

EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file>

uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe -update activex

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

uPolicies-System: WallpaperStyle = 2

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

mPolicies-System: WallpaperStyle = 2

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

LSP: mswsock.dll

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab

DPF: {75A6AEA3-F26E-4608-AE9B-8DA78C87576E} - hxxps://kingsisle.hs.llnwd.net/e1/static/themes/wizard101A/activex/Wizard101GameLauncher.CAB

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab

DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} - hxxp://panda-plugin.disney.go.com/plugin/win32/p3dactivex.cab

DPF: {CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: NameServer = 192.168.0.1 192.168.0.1

TCP: Interfaces\{5DA49A46-E85B-4912-B435-2193C68FDFEB} : DHCPNameServer = 192.168.0.1 192.168.0.1

TCP: Interfaces\{5DA49A46-E85B-4912-B435-2193C68FDFEB}\2456C6B696E6F5E4F575962756C6563737F5637333832454 : DHCPNameServer = 192.168.2.1

TCP: Interfaces\{5DA49A46-E85B-4912-B435-2193C68FDFEB}\249474B4148455E414F5E4564777F627B6 : DHCPNameServer = 192.168.2.1

TCP: Interfaces\{5DA49A46-E85B-4912-B435-2193C68FDFEB}\777777E2269676B6168657E616868696E236F6D6 : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{5DA49A46-E85B-4912-B435-2193C68FDFEB}\94E695F657276416365635B656564735B6565647 : DHCPNameServer = 192.168.2.1

TCP: Interfaces\{5DA49A46-E85B-4912-B435-2193C68FDFEB}\B4164627160284F6D65602E4564777F627B60213 : DHCPNameServer = 192.168.2.1

TCP: Interfaces\{8F7F8904-9C36-4DBF-99D6-E0304BCC96F1} : DHCPNameServer = 192.168.2.1

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

SSODL: WebCheck - <orphaned>

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb

x64-mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb

x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll

x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll

x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>

x64-Notify: igfxcui - igfxdev.dll

x64-SSODL: WebCheck - <orphaned>

.

============= SERVICES / DRIVERS ===============

.

R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-5-6 65336]

R0 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-5-6 189936]

R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-9-14 52856]

R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2011-9-16 1025808]

R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2011-1-19 378432]

R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2011-1-19 33400]

R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2011-1-19 80816]

R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2013-5-6 46808]

R2 HsfXAudioService;HsfXAudioService;C:\Windows\System32\svchost.exe -k HsfXAudioService [2009-7-13 27136]

R3 CAXHWAZL;CAXHWAZL;C:\Windows\System32\drivers\CAXHWAZL.sys [2009-6-24 292864]

R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\System32\drivers\IntcHdmi.sys [2009-5-26 138752]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-11-20 215040]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-8-17 228408]

S3 FlyUsb;FLY Fusion;C:\Windows\System32\drivers\FlyUsb.sys [2011-11-12 24576]

S3 HP1210FAX;HP1210MFP FAX;C:\Windows\System32\drivers\HPM1210FAX.sys [2012-5-8 16384]

S3 mvusbews;USB EWS Device;C:\Windows\System32\drivers\mvusbews.sys [2012-5-8 20480]

S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2009-8-17 216064]

S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]

S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]

S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-30 59392]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-3-3 1255736]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]

S4 PSI_SVC_2_x64;Protexis Licensing V2 x64;C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2010-11-30 336824]

.

=============== Created Last 30 ================

.

2013-05-09 01:44:44 -------- d-----w- C:\Windows\ERUNT

2013-05-09 01:38:16 -------- d-----w- C:\JRT

2013-05-06 23:27:16 72016 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys

2013-05-06 23:27:14 189936 ----a-w- C:\Windows\System32\drivers\aswVmm.sys

2013-05-06 23:27:13 65336 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys

2013-05-06 23:17:28 -------- d-----w- C:\Program Files (x86)\ESET

2013-05-01 19:15:39 -------- d-----w- C:\Users\Big Kahun Global\AppData\Local\Apple

2013-04-26 02:40:58 -------- d-----w- C:\Windows\SysWow64\Extensions

2013-04-26 02:40:57 -------- d-----w- C:\Windows\SysWow64\searchplugins

2013-04-20 05:48:55 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys

2013-04-20 05:47:58 -------- d-----w- C:\Program Files\iPod

2013-04-20 05:47:56 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2013-04-20 05:47:56 -------- d-----w- C:\Program Files\iTunes

2013-04-20 05:47:56 -------- d-----w- C:\Program Files (x86)\iTunes

2013-04-20 05:44:18 -------- d-----w- C:\Program Files\Bonjour

2013-04-20 05:44:18 -------- d-----w- C:\Program Files (x86)\Bonjour

.

==================== Find3M ====================

.

2013-05-01 23:34:06 1025808 ----a-w- C:\Windows\System32\drivers\aswSnx.sys

2013-05-01 23:34:05 80816 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys

2013-05-01 23:33:35 41664 ----a-w- C:\Windows\avastSS.scr

2013-04-15 19:56:34 6392 ----a-w- C:\Windows\System32\PerfStringBackup.TMP

2013-04-04 18:50:32 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2013-03-16 18:52:55 693976 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-03-16 18:52:54 73432 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-03-12 18:04:20 43832 ----a-w- C:\Windows\help\OEM\Scripts\PWAlertEnable.exe

2013-03-07 22:13:10 74552 ----a-w- C:\Windows\help\OEM\Scripts\HPSAUpdaterObj.exe

2013-03-01 21:00:30 21208 ----a-w- C:\Windows\help\OEM\Scripts\PSGRedirector.exe

2013-02-25 19:19:00 49152 ----a-w- C:\Windows\help\OEM\Scripts\Interop.TaskScheduler.dll

.

============= FINISH: 22:23:39.08 ===============

Link to post
Share on other sites

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Big Kahun Global [Admin rights]

Mode : Scan -- Date : 05/10/2013 22:34:12

| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND

[HJ SMENU] HKCU\[...]\Advanced : Start_TrackProgs (0) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK3263GSX ATA Device +++++

--- User ---

[MBR] 2b46a27b2b3e7c92e5a9f46aaa944528

[bSP] 6911f7ab74d4895f89189076d3f0233b : Windows Vista/7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 292848 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 600162304 | Size: 12196 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1]_S_05102013_02d2234.txt >>

RKreport[1]_S_05102013_02d2234.txt

Link to post
Share on other sites

Do you mean svchost.exe or svc.host.exe.

----------------------------------------

Download Malwarebytes Anti-Rootkit from HERE

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txt

To attach a log if needed:

Bottom right corner of this page.

more-reply-options.jpg

New window that comes up.

choose-files1.jpg

~~~~~~~~~~~~~~~~~~~~~~~

Note:

If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:

Internet access

Windows Update

Windows Firewall

If there are additional problems with your system, such as any of those listed above or other system issues, then run the fixdamage tool included with Malwarebytes Anti-Rootkit and reboot. It's located in the Plugins folder which is in the MBAR folder.

Just run fixdamage.exe.

Verify that your system is now functioning normally.

MrC

Link to post
Share on other sites

Yes, looks clean....next:

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites

Uh oh I have really messed someething up. I fogoet that the virus was so bad I started another user account. I was on that doing everything and not the one that was really infected. I tried to run combofix and it said an error, no permission, so I hit the x on combofix to close nad it started flipping out. I changed user names and the computer is now on crack. wpmnetwork or somehting is at 100% and I am literally typing at 1wpm. These boxes keep popping up saying combofix and then disappearing, finally got that to quit...but I am back at 100% usage again.

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-05-2013 01

Ran by Big Kahuna Signs (administrator) on 12-05-2013 15:15:02

Running from C:\Users\Big Kahuna Signs\Downloads

Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)

Internet Explorer Version 9

Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe

(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe

(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\system32\taskmgr.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Farbar) C:\Users\Big Kahuna Signs\Downloads\FRST64.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [combofix] C:\ComboFix\CF16561.3XE /c C:\ComboFix\Combobatch.bat [8272 2013-05-12] ()

HKCU\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW [1668664 2009-07-15] (Hewlett-Packard)

HKCU\...\Run: [AdobeBridge] [x]

MountPoints2: {0bc61fa0-9855-11e1-811e-00262db11bec} - F:\SISetup.exe

MountPoints2: {0bc61fa2-9855-11e1-811e-00262db11bec} - F:\TL-Bootstrap.exe

MountPoints2: {1f0ef818-3ef8-11e0-b172-00262db11bec} - F:\setup.exe -a

MountPoints2: {87d634d2-d600-11de-b989-806e6f6e6963} - E:\start.exe

MountPoints2: {e5c9611b-c5d5-11e0-a8ed-00262db11bec} - F:\TL-Bootstrap.exe

HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-01-28] (Apple Inc.)

HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-02-20] (Apple Inc.)

HKU\Big Kahun Global\...\Policies\system: [LogonHoursAction] 2

HKU\Big Kahun Global\...\Policies\system: [DontDisplayLogonHoursWarnings] 1

HKU\Default\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [1668664 2009-07-15] (Hewlett-Packard)

HKU\Default\...\Policies\system: [WallpaperStyle] 2

HKU\Default User\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [1668664 2009-07-15] (Hewlett-Packard)

HKU\Default User\...\Policies\system: [WallpaperStyle] 2

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com

URLSearchHook: (No Name) - {37153479-1976-43c3-a1ee-557513977b64} - No File

SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKLM - {397CFBAF-01FE-4A0D-950E-041F4905DC38} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl

SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKCU - {397CFBAF-01FE-4A0D-950E-041F4905DC38} URL =

SearchScopes: HKCU - {403CE8DA-BA42-478B-945D-BCD60FB70B3C} URL =

BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)

BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)

BHO-x32: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)

Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)

Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File

Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

Toolbar: HKCU - No Name - {37153479-1976-43C3-A1EE-557513977B64} - No File

PDF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

PDF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab

PDF: HKLM-x32 {75A6AEA3-F26E-4608-AE9B-8DA78C87576E} https://kingsisle.hs.llnwd.net/e1/static/themes/wizard101A/activex/Wizard101GameLauncher.CAB

PDF: HKLM-x32 {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} http://panda-plugin.disney.go.com/plugin/win32/p3dactivex.cab

PDF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)

Handler-x32: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)

Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)

Winsock: Catalog5 01 %SystemRoot%\System32\mswsock.dll [232448] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

Winsock: Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [20992] (Microsoft Corporation)

Winsock: Catalog5-x64 01 %SystemRoot%\System32\mswsock.dll [326144] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

Winsock: Catalog5-x64 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Chrome:

=======

CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}

CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}

CHR Extension: (Surf Canyon) - C:\Users\Big Kahuna Signs\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcjagnifjocnddgeknajocbkkhlgibem\5.0.5_0

==================== Services (Whitelisted) =================

S3 AdobeActiveFileMonitor6.0; C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [124832 2007-09-10] ()

R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [46808 2013-05-01] (AVAST Software)

S4 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [336824 2010-11-30] (arvato digital services llc)

S4 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-01-21] ()

==================== Drivers (Whitelisted) ====================

R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-01] (AVAST Software)

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-01] (AVAST Software)

R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-01] (AVAST Software)

R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-01] ()

R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1025808 2013-05-01] (AVAST Software)

R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378432 2013-05-01] (AVAST Software)

R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-01] (AVAST Software)

R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-05-02] ()

S3 FlyUsb; C:\Windows\System32\DRIVERS\FlyUsb.sys [24576 2011-11-12] (LeapFrog)

S3 HP1210FAX; C:\Windows\System32\Drivers\HPM1210FAX.sys [16384 2010-04-28] ()

S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2010-04-28] (Marvell Semiconductor, Inc.)

S1 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)

S3 catchme; \??\C:\ComboFix\catchme.sys [x]

S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [x]

S1 SydexFDD; system32\drives\sydexfdd.sys [x]

S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [x]

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit

C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit

C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\adp94xx.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\adpahci.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\adpu320.sys ==> MD5 is legit

C:\Windows\system32\drivers\afd.sys 1C7857B62DE5994A75B054A9FD4C3825

C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit

C:\Windows\System32\drivers\aliide.sys ==> MD5 is legit

C:\Windows\System32\drivers\amdide.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\amdppm.sys ==> MD5 is legit

C:\Windows\System32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49

C:\Windows\System32\DRIVERS\amdsbs.sys ==> MD5 is legit

C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048

C:\Windows\system32\drivers\appid.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\arc.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\arcsas.sys ==> MD5 is legit

C:\Windows\System32\Drivers\aswFsBlk.sys F3F5F2FDE0DEABA4F2CE336E9454FAE2

C:\Windows\system32\drivers\aswMonFlt.sys 90980D5291F8E725700272E4B64EDA10

C:\Windows\System32\Drivers\aswrdr2.sys A4C94945B8A1FFE449A500C2CF0B5882

C:\Windows\System32\Drivers\aswRvrt.sys A06E330475C1957C50C13B483D41F2BD

C:\Windows\System32\Drivers\aswSnx.sys 9237BE2AB3C7D611F1F8FB7018691BAC

C:\Windows\System32\Drivers\aswSP.sys D8FEC7F7BFE1BAD685DC8D1EF384693D

C:\Windows\System32\Drivers\aswTdi.sys 3D9BA0EF6C5847E4482FC01ABCD26683

C:\Windows\System32\Drivers\aswVmm.sys 3C7D772F6059C142991D00FE3AB61D40

C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit

C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\athrx.sys 38562A6A9CB10844759EAF2B01A7FCD3

C:\Windows\system32\DRIVERS\bxvbda.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit

C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\blbdrive.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\bridge.sys 5C2F352A4E961D72518261257AAE204B

C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit

C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit

C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit

C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\CAXHWAZL.sys D1787E11C6A0078DDEAF8CF3EE2AB293

C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit

C:\Windows\system32\drivers\cdrom.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit

C:\Windows\System32\CLFS.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\CmBatt.sys ==> MD5 is legit

C:\Windows\System32\drivers\cmdide.sys ==> MD5 is legit

C:\Windows\System32\Drivers\cng.sys 9AC4F97C2D3E93367E2148EA940CD2CD

C:\Windows\System32\drivers\CHDRT64.sys 3CB10294F7A59FD22501F4BAD915F250

C:\Windows\System32\DRIVERS\compbatt.sys ==> MD5 is legit

C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit

C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit

C:\Windows\System32\drivers\discache.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit

C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit

C:\Windows\System32\drivers\dxgkrnl.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\evbda.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\elxstor.sys ==> MD5 is legit

C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit

C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit

C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legit

C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit

C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legit

C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\FlyUsb.sys 6CD6BB45BD3E0EEF6CE496BF52854FF1

C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit

C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B

C:\Windows\System32\DRIVERS\fvevol.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\GEARAspiWDM.sys 8E98D21EE06192492A5671A6144D092F

C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit

C:\Windows\system32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A

C:\Windows\system32\drivers\HDAudBus.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit

C:\Windows\system32\drivers\hidusb.sys ==> MD5 is legit

C:\Windows\System32\Drivers\HPM1210FAX.sys 0570A17A2E5001B97E20C15B4FC516AE

C:\Windows\system32\DRIVERS\HpqKbFiltr.sys 9AF482D058BE59CC28BCE52E7C4B747C

C:\Windows\System32\drivers\HpSAMD.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\CAX_DPV.sys 26C5D00321937E49B6BC91029947D094

C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit

C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit

C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit

C:\Windows\System32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366

C:\Windows\System32\DRIVERS\igdkmd64.sys 677AA5991026A65ADA128C4B59CF2BAD

C:\Windows\System32\DRIVERS\iirsp.sys ==> MD5 is legit

C:\Windows\System32\drivers\IntcHdmi.sys D485D3BD3E2179AA86853A182F70699F

C:\Windows\System32\drivers\intelide.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit

C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit

C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit

C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit

C:\Windows\System32\drivers\isapnp.sys ==> MD5 is legit

C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legit

C:\Windows\system32\drivers\kbdclass.sys ==> MD5 is legit

C:\Windows\system32\drivers\kbdhid.sys ==> MD5 is legit

C:\Windows\System32\Drivers\ksecdd.sys 97A7070AEA4C058B6418519E869A63B4

C:\Windows\System32\Drivers\ksecpkg.sys 26C43A7C2862447EC59DEDA188D1DA07

C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\lsi_fc.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\lsi_sas.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\lsi_sas2.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\lsi_scsi.sys ==> MD5 is legit

C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\mdmxsdk.sys E4F44EC214B3E381E1FC844A02926666

C:\Windows\System32\DRIVERS\megasas.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\MegaSR.sys ==> MD5 is legit

C:\Windows\System32\drivers\modem.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit

C:\Windows\system32\drivers\mouclass.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit

C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit

C:\Windows\System32\drivers\mpio.sys ==> MD5 is legit

C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit

C:\Windows\system32\drivers\mrxdav.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC

C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163

C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C

C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit

C:\Windows\System32\drivers\msdsm.sys ==> MD5 is legit

C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit

C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit

C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit

C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit

C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit

C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit

C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit

C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit

C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit

C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit

C:\Windows\System32\Drivers\mvusbews.sys 09818558C2579B45D78AB18A759B0CA8

C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit

C:\Windows\System32\drivers\ndis.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit

C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\netw5v64.sys 64428DFDAF6E88366CB51F45A79C5F69

C:\Windows\System32\DRIVERS\nfrd960.sys ==> MD5 is legit

C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit

C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit

C:\Windows\System32\Drivers\Ntfs.sys A2F74975097F52A00745F9637451FDD8

C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit

C:\Windows\System32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD

C:\Windows\System32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A

C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit

C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\parport.sys ==> MD5 is legit

C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C

C:\Windows\System32\drivers\pci.sys ==> MD5 is legit

C:\Windows\System32\drivers\pciide.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit

C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit

C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit

C:\Windows\System32\Drivers\PxHlpa64.sys A6BF0A9B5A30D743623CA0D3BE35DF05

C:\Windows\System32\DRIVERS\ql2300.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\ql40xx.sys ==> MD5 is legit

C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\rdpbus.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit

C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit

C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit

C:\Windows\System32\Drivers\RDPWD.sys E61608AA35E98999AF9AAEEEA6114B0A

C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit

C:\Windows\System32\Drivers\RtsUStor.sys 2DB8116D52B19216812C4E6D5D837810

C:\Windows\System32\DRIVERS\Rt64win7.sys ==> MD5 is legit

C:\Windows\System32\drivers\sbp2port.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit

C:\Windows\system32\drivers\sdbus.sys 111E0EBC0AD79CB0FA014B907B231CF0

C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\serenum.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\serial.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit

C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit

C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit

C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\sfloppy.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\SiSRaid2.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\sisraid4.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit

C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B

C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28

C:\Windows\System32\DRIVERS\VSTAZL6.SYS 0C4540311E11664B245A263E1154CEF8

C:\Windows\System32\DRIVERS\VSTDPV6.SYS 02071D207A9858FBE3A48CBFD59C4A04

C:\Windows\System32\DRIVERS\VSTCNXT6.SYS 18E40C245DBFAF36FD0134A7EF2DF396

C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3

C:\Windows\System32\DRIVERS\stexstor.sys ==> MD5 is legit

C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\SynTP.sys BCF305959B53B200CEB2AD25AD22F8A7

C:\Windows\System32\drivers\tcpip.sys ACB82BDA8F46C84F465C1AFA517DC4B9

C:\Windows\System32\DRIVERS\tcpip.sys ACB82BDA8F46C84F465C1AFA517DC4B9

C:\Windows\System32\drivers\tcpipreg.sys ==> MD5 is legit

C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit

C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8

C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit

C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\tssecsrv.sys ==> MD5 is legit

C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit

C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit

C:\Windows\system32\drivers\umbus.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit

C:\Windows\System32\Drivers\usbaapl64.sys C9E9D59C0099A9FF51697E9306A44240

C:\Windows\System32\DRIVERS\usbccgp.sys 6F1A3157A1C89435352CEB543CDB359C

C:\Windows\system32\drivers\usbcir.sys ==> MD5 is legit

C:\Windows\system32\drivers\usbehci.sys C025055FE7B87701EB042095DF1A2D7B

C:\Windows\System32\DRIVERS\usbhub.sys 287C6C9410B111B68B52CA298F7B8C24

C:\Windows\system32\drivers\usbohci.sys 9840FC418B4CBD632D3D0A667A725C31

C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\usbscan.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6

C:\Windows\system32\drivers\usbuhci.sys 62069A34518BCF9C1FD9E74B3F6DB7CD

C:\Windows\System32\Drivers\usbvideo.sys 454800C2BC7F3927CE030141EE4F4C50

C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit

C:\Windows\System32\drivers\vga.sys ==> MD5 is legit

C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit

C:\Windows\System32\drivers\viaide.sys ==> MD5 is legit

C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit

C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit

C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\vsmraid.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\wd.sys ==> MD5 is legit

C:\Windows\System32\drivers\Wdf01000.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit

C:\Windows\SysWow64\drivers\wimmount.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\CAX_CNXT.sys A6EA7A3FC4B00F48535B506DB1E86EFD

C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D

C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit

C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit

C:\Windows\System32\drivers\WudfPf.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\WUDFRd.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\XAudio64.sys E8F3FA126A06F8E7088F63757112A186

C:\Windows\System32\DRIVERS\yk62x64.sys B3EEACF62445E24FBB2CD4B0FB4DB026

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-05-12 15:14 - 2013-05-12 15:14 - 01875978 ____A (Farbar) C:\Users\Big Kahuna Signs\Downloads\FRST64.exe

2013-05-12 15:14 - 2013-05-12 15:14 - 00000000 ____D C:\FRST

2013-05-12 02:48 - 2011-06-26 02:45 - 00256000 ____A C:\Windows\PEV.exe

2013-05-12 02:48 - 2010-11-07 13:20 - 00208896 ____A C:\Windows\MBR.exe

2013-05-12 02:48 - 2009-04-20 00:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe

2013-05-12 02:48 - 2000-08-30 20:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe

2013-05-12 02:48 - 2000-08-30 20:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe

2013-05-12 02:48 - 2000-08-30 20:00 - 00098816 ____A C:\Windows\sed.exe

2013-05-12 02:48 - 2000-08-30 20:00 - 00080412 ____A C:\Windows\grep.exe

2013-05-12 02:48 - 2000-08-30 20:00 - 00068096 ____A C:\Windows\zip.exe

2013-05-12 02:47 - 2013-05-12 03:43 - 00000000 ___SD C:\ComboFix

2013-05-12 02:38 - 2013-05-12 02:48 - 00000000 ____D C:\Qoobox

2013-05-12 02:36 - 2013-05-12 03:11 - 00000000 ____D C:\Windows\erdnt

2013-05-12 02:35 - 2013-05-12 02:36 - 05068868 ____R (Swearware) C:\Users\Big Kahun Global\Desktop\ComboFix.exe

2013-05-11 15:29 - 2013-05-11 15:29 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2013-05-11 15:25 - 2013-05-11 15:25 - 00000000 ____D C:\Users\Big Kahun Global\AppData\Local\Apple Computer

2013-05-10 23:28 - 2013-05-11 15:45 - 00000000 ____D C:\Users\Big Kahun Global\Desktop\mbar

2013-05-10 23:13 - 2013-05-10 23:14 - 12917756 ____A C:\Users\Big Kahun Global\Downloads\mbar-1.05.0.1001.zip

2013-05-10 22:36 - 2013-05-10 22:36 - 00001356 ____A C:\Users\Big Kahun Global\Desktop\RKreport[3]_D_05102013_02d2236.txt

2013-05-10 22:35 - 2013-05-10 22:35 - 00001462 ____A C:\Users\Big Kahun Global\Desktop\RKreport[2]_D_05102013_02d2235.txt

2013-05-10 22:34 - 2013-05-10 22:34 - 00001409 ____A C:\Users\Big Kahun Global\Desktop\RKreport[1]_S_05102013_02d2234.txt

2013-05-10 22:32 - 2013-05-10 22:34 - 00000000 ____D C:\Users\Big Kahun Global\Desktop\RK_Quarantine

2013-05-10 22:31 - 2013-05-10 22:31 - 00816128 ____A C:\Users\Big Kahun Global\Downloads\RogueKiller (1).exe

2013-05-10 22:30 - 2013-05-10 22:30 - 00816128 ____A C:\Users\Big Kahun Global\Downloads\RogueKiller.exe

2013-05-10 22:23 - 2013-05-10 22:23 - 00013216 ____A C:\Users\Big Kahun Global\Desktop\dds.txt

2013-05-10 22:23 - 2013-05-10 22:23 - 00012904 ____A C:\Users\Big Kahun Global\Desktop\attach.txt

2013-05-10 22:16 - 2013-05-10 22:17 - 00688992 ____R (Swearware) C:\Users\Big Kahun Global\Desktop\dds.com

2013-05-08 22:19 - 2013-05-08 22:19 - 00012348 ____A C:\AdwCleaner[s1].txt

2013-05-08 22:18 - 2013-05-08 22:19 - 00012189 ____A C:\AdwCleaner[R1].txt

2013-05-08 22:16 - 2013-05-08 22:16 - 00628743 ____A C:\Users\Big Kahuna Signs\Downloads\adwcleaner.exe

2013-05-08 21:52 - 2013-05-08 21:52 - 00005455 ____A C:\Users\Big Kahuna Signs\Desktop\JRT.txt

2013-05-08 21:44 - 2013-05-08 21:44 - 00000000 ____D C:\Windows\ERUNT

2013-05-08 21:38 - 2013-05-08 21:38 - 00000000 ____D C:\JRT

2013-05-08 21:35 - 2013-05-08 21:35 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Big Kahuna Signs\Desktop\JRT.exe

2013-05-08 19:04 - 2013-05-08 21:38 - 00000000 ____D C:\Users\Big Kahuna Signs\Desktop\To add to website

2013-05-06 19:27 - 2013-05-02 11:44 - 00189936 ____A C:\Windows\System32\Drivers\aswVmm.sys

2013-05-06 19:27 - 2013-05-01 19:34 - 00072016 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys

2013-05-06 19:27 - 2013-05-01 19:34 - 00065336 ____A C:\Windows\System32\Drivers\aswRvrt.sys

2013-05-06 19:17 - 2013-05-06 19:17 - 00000000 ____D C:\Program Files (x86)\ESET

2013-05-06 19:15 - 2013-05-06 19:15 - 02347384 ____A (ESET) C:\Users\Big Kahuna Signs\Downloads\esetsmartinstaller_enu.exe

2013-05-06 19:15 - 2013-05-06 19:15 - 00002193 ____A C:\Users\Big Kahuna Signs\Desktop\RKreport[2]_D_05062013_02d1915.txt

2013-05-06 18:56 - 2013-05-06 18:56 - 00002537 ____A C:\Users\Big Kahuna Signs\Desktop\RKreport[1]_S_05062013_02d1856.txt

2013-05-06 18:54 - 2013-05-06 19:14 - 00000000 ____D C:\Users\Big Kahuna Signs\Desktop\RK_Quarantine

2013-05-06 18:54 - 2013-05-06 18:54 - 00816128 ____A C:\Users\Big Kahuna Signs\Downloads\RogueKiller.exe

2013-05-06 18:52 - 2013-05-08 17:50 - 00212992 __ASH C:\Users\Big Kahuna Signs\Thumbs.db

2013-05-06 14:00 - 2013-05-06 14:00 - 00000000 ____D C:\Users\Big Kahuna Signs\Desktop\30 Golden HInd

2013-05-01 15:15 - 2013-05-01 15:15 - 00000000 ____D C:\Users\Big Kahun Global\AppData\Local\Apple

2013-05-01 14:59 - 2013-05-11 15:25 - 00000000 ____D C:\Users\Big Kahun Global\AppData\Roaming\Apple Computer

2013-04-26 11:10 - 2013-05-12 03:12 - 00006188 ____A C:\Windows\PFRO.log

2013-04-25 22:51 - 2013-04-25 23:18 - 338579762 ____A C:\Users\Big Kahuna Signs\Desktop\iPhone1,2_4.2.1_8C148_Restore.ipsw

2013-04-25 22:43 - 2013-04-25 22:43 - 00000000 ____D C:\Users\Big Kahuna Signs\AppData\Roaming\redsn0w

2013-04-25 22:42 - 2013-04-25 22:42 - 00000000 ____D C:\Users\Big Kahuna Signs\Desktop\redsn0w_win_0.9.6b6

2013-04-25 22:40 - 2013-04-25 22:40 - 00000000 ____D C:\Windows\SysWOW64\searchplugins

2013-04-25 22:40 - 2013-04-25 22:40 - 00000000 ____D C:\Windows\SysWOW64\Extensions

2013-04-25 22:38 - 2013-04-25 22:41 - 11182376 ____A C:\Users\Big Kahuna Signs\Downloads\redsn0w_win_0.9.6b6.zip

2013-04-25 22:27 - 2013-04-25 22:27 - 00865576 ____A (SetupManager) C:\Users\Big Kahuna Signs\Desktop\RedSn0w_Setup.exe

2013-04-25 22:17 - 2013-04-25 22:18 - 01460600 ____A C:\Users\Big Kahuna Signs\Desktop\redsn0w_win_0.9.6b6.exe

2013-04-25 21:53 - 2013-04-25 21:54 - 01307696 ____A (Bandoo Media Inc) C:\Users\Big Kahuna Signs\Downloads\iLividSetup-r757-n-bc (1).exe

2013-04-24 21:09 - 2013-05-12 04:12 - 00770940 ____A C:\Windows\WindowsUpdate.log

2013-04-24 20:59 - 2013-04-26 11:22 - 00000000 ____D C:\Users\Big Kahuna Signs\Desktop\2013-04-24 iphonejunk

2013-04-20 13:21 - 2013-04-20 13:22 - 00004876 ____A C:\Users\Big Kahuna Signs\Documents\cc_20130420_110833.reg

2013-04-20 01:48 - 2012-08-21 13:01 - 00033240 ____A (GEAR Software Inc.) C:\Windows\System32\Drivers\GEARAspiWDM.sys

2013-04-20 01:47 - 2013-04-20 01:48 - 00000000 ____D C:\Program Files\iTunes

2013-04-20 01:47 - 2013-04-20 01:48 - 00000000 ____D C:\Program Files (x86)\iTunes

2013-04-20 01:47 - 2013-04-20 01:47 - 00000000 ____D C:\Program Files\iPod

2013-04-20 01:45 - 2013-04-20 01:45 - 00000000 ____D C:\Program Files (x86)\Apple Software Update

2013-04-20 01:44 - 2013-04-20 01:44 - 00000000 ____D C:\Program Files\Common Files\Apple

2013-04-20 01:44 - 2013-04-20 01:44 - 00000000 ____D C:\Program Files\Bonjour

2013-04-20 01:44 - 2013-04-20 01:44 - 00000000 ____D C:\Program Files (x86)\Bonjour

2013-04-20 01:32 - 2013-04-20 01:39 - 90130256 ____A (Apple Inc.) C:\Users\Big Kahuna Signs\Downloads\iTunes64Setup.exe

2013-04-16 22:57 - 2013-04-25 21:22 - 00000000 ___RD C:\Users\Big Kahuna Signs\Dropbox

2013-04-16 22:51 - 2013-04-16 22:51 - 03097618 ____A C:\Users\Big Kahuna Signs\Downloads\tshirt_volunteer_back-02.eps

2013-04-16 22:36 - 2013-04-26 11:10 - 00000000 ____D C:\Users\Big Kahuna Signs\AppData\Roaming\Dropbox

2013-04-16 22:31 - 2013-04-16 22:35 - 32746544 ____A (Dropbox, Inc.) C:\Users\Big Kahuna Signs\Downloads\Dropbox 2.0.6.exe

2013-04-14 22:15 - 2013-04-14 22:15 - 00338763 ____A C:\Users\Big Kahuna Signs\Desktop\pronto businedd cards art.eps

==================== One Month Modified Files and Folders =======

2013-05-12 15:15 - 2013-04-24 21:09 - 00770940 ____A C:\Windows\WindowsUpdate.log

2013-05-12 15:14 - 2013-05-12 15:14 - 01875978 ____A (Farbar) C:\Users\Big Kahuna Signs\Downloads\FRST64.exe

2013-05-12 15:14 - 2013-05-12 15:14 - 00000000 ____D C:\FRST

2013-05-12 15:14 - 2009-07-14 00:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-05-12 15:14 - 2009-07-14 00:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-05-12 15:07 - 2013-01-31 23:34 - 00000914 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2013-05-12 15:06 - 2013-02-02 00:31 - 00018606 ____A C:\Windows\setupact.log

2013-05-12 15:06 - 2009-07-14 01:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2013-05-12 04:10 - 2009-07-14 01:08 - 00032540 ____A C:\Windows\Tasks\SCHEDLGU.TXT

2013-05-12 03:53 - 2012-09-20 20:56 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-05-12 03:49 - 2013-01-31 23:34 - 00000918 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2013-05-12 03:43 - 2013-05-12 02:47 - 00000000 ___SD C:\ComboFix

2013-05-12 03:12 - 2013-04-26 11:10 - 00006188 ____A C:\Windows\PFRO.log

2013-05-12 03:11 - 2013-05-12 02:36 - 00000000 ____D C:\Windows\erdnt

2013-05-12 02:48 - 2013-05-12 02:38 - 00000000 ____D C:\Qoobox

2013-05-12 02:36 - 2013-05-12 02:35 - 05068868 ____R (Swearware) C:\Users\Big Kahun Global\Desktop\ComboFix.exe

2013-05-12 01:08 - 2013-04-08 18:20 - 00000378 ____A C:\Windows\Tasks\HPCeeScheduleForBig Kahuna Signs.job

2013-05-11 15:45 - 2013-05-10 23:28 - 00000000 ____D C:\Users\Big Kahun Global\Desktop\mbar

2013-05-11 15:29 - 2013-05-11 15:29 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2013-05-11 15:25 - 2013-05-11 15:25 - 00000000 ____D C:\Users\Big Kahun Global\AppData\Local\Apple Computer

2013-05-11 15:25 - 2013-05-01 14:59 - 00000000 ____D C:\Users\Big Kahun Global\AppData\Roaming\Apple Computer

2013-05-10 23:14 - 2013-05-10 23:13 - 12917756 ____A C:\Users\Big Kahun Global\Downloads\mbar-1.05.0.1001.zip

2013-05-10 23:09 - 2013-02-01 09:47 - 00000000 ____D C:\users\Big Kahun Global

2013-05-10 23:08 - 2013-02-10 23:58 - 00000000 ____D C:\Users\Big Kahun Global\Clipart to add to website

2013-05-10 22:36 - 2013-05-10 22:36 - 00001356 ____A C:\Users\Big Kahun Global\Desktop\RKreport[3]_D_05102013_02d2236.txt

2013-05-10 22:35 - 2013-05-10 22:35 - 00001462 ____A C:\Users\Big Kahun Global\Desktop\RKreport[2]_D_05102013_02d2235.txt

2013-05-10 22:34 - 2013-05-10 22:34 - 00001409 ____A C:\Users\Big Kahun Global\Desktop\RKreport[1]_S_05102013_02d2234.txt

2013-05-10 22:34 - 2013-05-10 22:32 - 00000000 ____D C:\Users\Big Kahun Global\Desktop\RK_Quarantine

2013-05-10 22:31 - 2013-05-10 22:31 - 00816128 ____A C:\Users\Big Kahun Global\Downloads\RogueKiller (1).exe

2013-05-10 22:30 - 2013-05-10 22:30 - 00816128 ____A C:\Users\Big Kahun Global\Downloads\RogueKiller.exe

2013-05-10 22:23 - 2013-05-10 22:23 - 00013216 ____A C:\Users\Big Kahun Global\Desktop\dds.txt

2013-05-10 22:23 - 2013-05-10 22:23 - 00012904 ____A C:\Users\Big Kahun Global\Desktop\attach.txt

2013-05-10 22:17 - 2013-05-10 22:16 - 00688992 ____R (Swearware) C:\Users\Big Kahun Global\Desktop\dds.com

2013-05-10 18:26 - 2010-03-01 21:19 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log

2013-05-08 22:19 - 2013-05-08 22:19 - 00012348 ____A C:\AdwCleaner[s1].txt

2013-05-08 22:19 - 2013-05-08 22:18 - 00012189 ____A C:\AdwCleaner[R1].txt

2013-05-08 22:19 - 2010-01-10 19:19 - 00000000 ____D C:\users\Big Kahuna Signs

2013-05-08 22:16 - 2013-05-08 22:16 - 00628743 ____A C:\Users\Big Kahuna Signs\Downloads\adwcleaner.exe

2013-05-08 21:52 - 2013-05-08 21:52 - 00005455 ____A C:\Users\Big Kahuna Signs\Desktop\JRT.txt

2013-05-08 21:44 - 2013-05-08 21:44 - 00000000 ____D C:\Windows\ERUNT

2013-05-08 21:38 - 2013-05-08 21:38 - 00000000 ____D C:\JRT

2013-05-08 21:38 - 2013-05-08 19:04 - 00000000 ____D C:\Users\Big Kahuna Signs\Desktop\To add to website

2013-05-08 21:35 - 2013-05-08 21:35 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Big Kahuna Signs\Desktop\JRT.exe

2013-05-08 17:50 - 2013-05-06 18:52 - 00212992 __ASH C:\Users\Big Kahuna Signs\Thumbs.db

2013-05-06 19:27 - 2010-09-11 00:35 - 00000000 ____A C:\Windows\SysWOW64\config.nt

2013-05-06 19:17 - 2013-05-06 19:17 - 00000000 ____D C:\Program Files (x86)\ESET

2013-05-06 19:15 - 2013-05-06 19:15 - 02347384 ____A (ESET) C:\Users\Big Kahuna Signs\Downloads\esetsmartinstaller_enu.exe

2013-05-06 19:15 - 2013-05-06 19:15 - 00002193 ____A C:\Users\Big Kahuna Signs\Desktop\RKreport[2]_D_05062013_02d1915.txt

2013-05-06 19:14 - 2013-05-06 18:54 - 00000000 ____D C:\Users\Big Kahuna Signs\Desktop\RK_Quarantine

2013-05-06 18:56 - 2013-05-06 18:56 - 00002537 ____A C:\Users\Big Kahuna Signs\Desktop\RKreport[1]_S_05062013_02d1856.txt

2013-05-06 18:54 - 2013-05-06 18:54 - 00816128 ____A C:\Users\Big Kahuna Signs\Downloads\RogueKiller.exe

2013-05-06 18:47 - 2011-12-04 12:28 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-05-06 14:00 - 2013-05-06 14:00 - 00000000 ____D C:\Users\Big Kahuna Signs\Desktop\30 Golden HInd

2013-05-02 11:44 - 2013-05-06 19:27 - 00189936 ____A C:\Windows\System32\Drivers\aswVmm.sys

2013-05-01 19:34 - 2013-05-06 19:27 - 00072016 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys

2013-05-01 19:34 - 2013-05-06 19:27 - 00065336 ____A C:\Windows\System32\Drivers\aswRvrt.sys

2013-05-01 19:34 - 2011-09-16 08:38 - 01025808 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys

2013-05-01 19:34 - 2011-01-19 19:04 - 00378432 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys

2013-05-01 19:34 - 2011-01-19 19:04 - 00080816 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys

2013-05-01 19:34 - 2011-01-19 19:04 - 00064288 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys

2013-05-01 19:34 - 2011-01-19 19:04 - 00033400 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys

2013-05-01 19:33 - 2011-09-16 08:38 - 00287840 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe

2013-05-01 19:33 - 2011-01-19 19:04 - 00041664 ____A (AVAST Software) C:\Windows\avastSS.scr

2013-05-01 16:02 - 2013-03-25 18:34 - 00000378 ____A C:\Windows\Tasks\HPCeeScheduleForBig Kahun Global.job

2013-05-01 15:15 - 2013-05-01 15:15 - 00000000 ____D C:\Users\Big Kahun Global\AppData\Local\Apple

2013-04-26 11:22 - 2013-04-24 20:59 - 00000000 ____D C:\Users\Big Kahuna Signs\Desktop\2013-04-24 iphonejunk

2013-04-26 11:10 - 2013-04-16 22:36 - 00000000 ____D C:\Users\Big Kahuna Signs\AppData\Roaming\Dropbox

2013-04-25 23:18 - 2013-04-25 22:51 - 338579762 ____A C:\Users\Big Kahuna Signs\Desktop\iPhone1,2_4.2.1_8C148_Restore.ipsw

2013-04-25 22:43 - 2013-04-25 22:43 - 00000000 ____D C:\Users\Big Kahuna Signs\AppData\Roaming\redsn0w

2013-04-25 22:42 - 2013-04-25 22:42 - 00000000 ____D C:\Users\Big Kahuna Signs\Desktop\redsn0w_win_0.9.6b6

2013-04-25 22:41 - 2013-04-25 22:38 - 11182376 ____A C:\Users\Big Kahuna Signs\Downloads\redsn0w_win_0.9.6b6.zip

2013-04-25 22:40 - 2013-04-25 22:40 - 00000000 ____D C:\Windows\SysWOW64\searchplugins

2013-04-25 22:40 - 2013-04-25 22:40 - 00000000 ____D C:\Windows\SysWOW64\Extensions

2013-04-25 22:27 - 2013-04-25 22:27 - 00865576 ____A (SetupManager) C:\Users\Big Kahuna Signs\Desktop\RedSn0w_Setup.exe

2013-04-25 22:18 - 2013-04-25 22:17 - 01460600 ____A C:\Users\Big Kahuna Signs\Desktop\redsn0w_win_0.9.6b6.exe

2013-04-25 21:54 - 2013-04-25 21:53 - 01307696 ____A (Bandoo Media Inc) C:\Users\Big Kahuna Signs\Downloads\iLividSetup-r757-n-bc (1).exe

2013-04-25 21:22 - 2013-04-16 22:57 - 00000000 ___RD C:\Users\Big Kahuna Signs\Dropbox

2013-04-24 21:13 - 2012-06-30 00:06 - 00000000 ____D C:\Users\Big Kahuna Signs\AppData\Roaming\Apple Computer

2013-04-23 23:59 - 2010-09-27 23:27 - 00000000 ____D C:\ProgramData\WinZip

2013-04-20 13:22 - 2013-04-20 13:21 - 00004876 ____A C:\Users\Big Kahuna Signs\Documents\cc_20130420_110833.reg

2013-04-20 01:48 - 2013-04-20 01:47 - 00000000 ____D C:\Program Files\iTunes

2013-04-20 01:48 - 2013-04-20 01:47 - 00000000 ____D C:\Program Files (x86)\iTunes

2013-04-20 01:47 - 2013-04-20 01:47 - 00000000 ____D C:\Program Files\iPod

2013-04-20 01:45 - 2013-04-20 01:45 - 00000000 ____D C:\Program Files (x86)\Apple Software Update

2013-04-20 01:44 - 2013-04-20 01:44 - 00000000 ____D C:\Program Files\Common Files\Apple

2013-04-20 01:44 - 2013-04-20 01:44 - 00000000 ____D C:\Program Files\Bonjour

2013-04-20 01:44 - 2013-04-20 01:44 - 00000000 ____D C:\Program Files (x86)\Bonjour

2013-04-20 01:39 - 2013-04-20 01:32 - 90130256 ____A (Apple Inc.) C:\Users\Big Kahuna Signs\Downloads\iTunes64Setup.exe

2013-04-16 22:51 - 2013-04-16 22:51 - 03097618 ____A C:\Users\Big Kahuna Signs\Downloads\tshirt_volunteer_back-02.eps

2013-04-16 22:35 - 2013-04-16 22:31 - 32746544 ____A (Dropbox, Inc.) C:\Users\Big Kahuna Signs\Downloads\Dropbox 2.0.6.exe

2013-04-15 15:56 - 2012-08-20 10:10 - 00006392 ____A C:\Windows\System32\PerfStringBackup.TMP

2013-04-14 22:15 - 2013-04-14 22:15 - 00338763 ____A C:\Users\Big Kahuna Signs\Desktop\pronto businedd cards art.eps

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== BCD ================================

Windows Boot Manager

--------------------

identifier {bootmgr}

device partition=\Device\HarddiskVolume1

description Windows Boot Manager

locale en-US

inherit {globalsettings}

extendedinput Yes

default {current}

resumeobject {f04f848d-78e1-11de-b692-abbf25df600e}

displayorder {current}

toolsdisplayorder {memdiag}

timeout 30

customactions 0x1000085000001

0x5400000f

custom:5400000f {25912ae5-d605-11de-ba20-b6199edbd847}

Windows Boot Loader

-------------------

identifier {25912ae5-d605-11de-ba20-b6199edbd847}

device ramdisk=[D:]\Recovery\WindowsRE\Winre.wim,{25912ae6-d605-11de-ba20-b6199edbd847}

path \windows\system32\winload.exe

description Windows Recovery Environment

inherit {bootloadersettings}

osdevice ramdisk=[D:]\Recovery\WindowsRE\Winre.wim,{25912ae6-d605-11de-ba20-b6199edbd847}

systemroot \windows

nx OptIn

winpe Yes

Windows Boot Loader

-------------------

identifier {572bcd60-ffa7-11d9-aae0-0007e994107d}

device ramdisk=[boot]\sources\boot.wim,{ramdiskoptions}

path \windows\system32\boot\winload.exe

description Microsoft Windows PE 2.0

osdevice ramdisk=[boot]\sources\boot.wim,{ramdiskoptions}

systemroot \windows

detecthal Yes

winpe Yes

ems Yes

Windows Boot Loader

-------------------

identifier {current}

device partition=C:

path \Windows\system32\winload.exe

description Windows 7

locale en-US

inherit {bootloadersettings}

recoverysequence {25912ae5-d605-11de-ba20-b6199edbd847}

recoveryenabled Yes

osdevice partition=C:

systemroot \Windows

resumeobject {f04f848d-78e1-11de-b692-abbf25df600e}

nx OptIn

Resume from Hibernate

---------------------

identifier {f04f848d-78e1-11de-b692-abbf25df600e}

device partition=C:

path \Windows\system32\winresume.exe

description Windows Resume Application

locale en-US

inherit {resumeloadersettings}

filedevice partition=C:

filepath \hiberfil.sys

debugoptionenabled No

Windows Memory Tester

---------------------

identifier {memdiag}

device partition=\Device\HarddiskVolume1

path \boot\memtest.exe

description Windows Memory Diagnostic

locale en-US

inherit {globalsettings}

badmemoryaccess Yes

EMS Settings

------------

identifier {emssettings}

bootems Yes

Debugger Settings

-----------------

identifier {dbgsettings}

debugtype Serial

debugport 1

baudrate 115200

RAM Defects

-----------

identifier {badmemory}

Global Settings

---------------

identifier {globalsettings}

inherit {dbgsettings}

{emssettings}

{badmemory}

Boot Loader Settings

--------------------

identifier {bootloadersettings}

inherit {globalsettings}

{hypervisorsettings}

Hypervisor Settings

-------------------

identifier {hypervisorsettings}

hypervisordebugtype Serial

hypervisordebugport 1

hypervisorbaudrate 115200

Resume Loader Settings

----------------------

identifier {resumeloadersettings}

inherit {globalsettings}

Device options

--------------

identifier {25912ae6-d605-11de-ba20-b6199edbd847}

description Ramdisk Options

ramdisksdidevice partition=D:

ramdisksdipath \Recovery\WindowsRE\boot.sdi

Setup Ramdisk Options

---------------------

identifier {ramdiskoptions}

description Ramdisk Options

ramdisksdidevice boot

ramdisksdipath \boot\boot.sdi

Last Boot: 2013-05-08 13:54

==================== End Of Log ============================

Link to post
Share on other sites

I don't see anything that could cause 100% cpu usage.

Run the uninstaller for ComboFix:

http://download.blee...s/CF_UNINST.EXE

Then......run TDSSKiller (it can be run in safe mode if needed)

Please read the directions carefully so you don't end up deleting something that is good!!

If in doubt about an entry....please ask or choose Skip!!!!

Don't Delete anything unless instructed to!

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

If a suspicious object is detected, the default action will be Skip, click on Continue

Please note that TDSSKiller can be run in safe mode if needed.

Here's a video that explains how to run it if needed:

Please download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    image000q.png
  • Put a checkmark beside loaded modules.
    2012081514h0118.png
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
    clip.jpg
  • Click the Start Scan button.
    19695967.jpg
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
    67776163.jpg
    Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose Skip.
    If in doubt about an entry....please ask or choose Skip
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    62117367.jpg
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here. There may be 3 logs > so post or attach all of them.
  • Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

Here's a summary of what to do if you would like to print it out:

If in doubt about an entry....please ask or choose Skip

Don't Delete anything unless instructed to!

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose Skip.

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

~~~~~~~~~~~~~~~~~~~~

You can attach the logs if they're too long:

Bottom right corner of this page.

more-reply-options.jpg

New window that comes up.

choose-files1.jpg

MrC

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.