Jump to content

Malwarebytes causes blue screen

_LEVI_
 Share

Recommended Posts

_LEVI_

_LEVI_

Posted
Posted

Malwarebytes after three minutes ends with the blue screen. Ran Chameleon, it started Malwarebytes quick scan and still received the blue screen.

I know the computer is infected found WindowsPEx folder with coinutil.dll and macromedia.exe which caused the CPU to work at 100% so far nothing has removed these infections. Also my device manager has went blank.

Updated files

DDS

DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 9.0.8112.16483 BrowserJavaVersion: 10.21.2

Run by Rich at 16:54:47 on 2013-05-19

.

============== Running Processes ================

.

C:\Program Files\Norton 360\Engine\20.3.1.22\ccSvcHst.exe

C:\Program Files\Norton 360\Engine\20.3.1.22\ccSvcHst.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uDefault_Page_URL = about:blank

mStart Page = hxxp://websearch.pu-results.info/?pid=708&r=2013/02/27&hid=2859761466&lg=EN&cc=US

mDefault_Page_URL = hxxp://www.v9.com/?utm_source=b&utm_medium=mlv&from=mlv&uid=ST9320421AS_5TJ07EJPXXXX5TJ07EJP&ts=1355868230

uProxyOverride = <local>

uURLSearchHooks: UrlSearchHook Class: {00000000-6E41-4FD3-8538-502F5495E5FC} - c:\program files\ask.com\GenericAskToolbar.dll

uURLSearchHooks: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - <orphaned>

dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>

BHO: Shareaza Web Download Hook: {0EEDB912-C5FA-486F-8334-57288578C627} - LocalServer32 - <no file="">

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Ant.com browser helper (video detector): {346FDE31-DFF9-418A-90C8-BA31DC9FF2EF} - c:\program files\ant.com\ie add-on\Download.dll

BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy 2\SDHelper.dll

BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\norton 360\engine\20.3.1.22\coieplg.dll

BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton 360\engine\20.3.1.22\ips\ipsbho.dll

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll

BHO: CatcherBHO Class: {9B4DF450-DCC7-4B07-935D-0CD757A64583} - c:\program files\moyea\youtube flv downloader\MoyeaCatcher.dll

BHO: Privacy Safeguard BHO: {A42D2EB4-DD31-4BB5-8AA5-8D4E04806DBE} - c:\program files\privacysafeguard\PrivacySafeGuard.dll

BHO: Adobe Acrobat Create PDF Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\common files\adobe\acrobat\wcieactivex\AcroIEFavClient.dll

BHO: FlashGetBHO: {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - c:\users\rich\appdata\roaming\flashgetbho\FlashGetBHO.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL

BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll

BHO: Adobe Acrobat Create PDF from Selection: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - c:\program files\common files\adobe\acrobat\wcieactivex\AcroIEFavClient.dll

TB: Ant.com Video Downloader toolbar: {2E924F4F-67F0-4BD8-9560-49F468E843D2} - c:\program files\ant.com\ie add-on\AntToolbar.dll

TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll

TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton 360\engine\20.3.1.22\coieplg.dll

TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll

TB: Ant.com Video Downloader toolbar: {2E924F4F-67F0-4BD8-9560-49F468E843D2} - c:\program files\ant.com\ie add-on\AntToolbar.dll

TB: Adobe Acrobat Create PDF Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\wcieactivex\AcroIEFavClient.dll

TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton 360\engine\20.3.1.22\coieplg.dll

uRun: [Logitech Vid] "c:\program files\logitech\vid hd\Vid.exe" -bootmode

uRun: [MobileDocuments] c:\program files\common files\apple\internet services\ubd.exe

uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe

uRun: [Google Update] "c:\users\rich\appdata\local\google\update\GoogleUpdate.exe" /c

uRun: [Akamai NetSession Interface] "c:\users\rich\appdata\local\akamai\netsession_win.exe"

uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe

uRun: [spybot-S&D Cleaning] "c:\program files\spybot - search & destroy 2\SDCleaner.exe" /autoclean

uRun: [DriverMax] "c:\program files\innovative solutions\drivermax\drivermax.exe" -agent

uRun: [DriverMax_RESTART] "c:\program files\innovative solutions\drivermax\drivermax.exe" -RESTART

mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s

mRun: [LWS] c:\program files\logitech\lws\webcam software\LWS.exe -hide

mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide

mRun: [lxdnamon] "c:\program files\lexmark 2600 series\lxdnamon.exe"

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe

mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"

mRun: [switchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe

mRun: [sDTray] "c:\program files\spybot - search & destroy 2\SDTray.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [AdobeCS6ServiceManager] "c:\program files\common files\adobe\cs6servicemanager\CS6ServiceManager.exe" -launchedbylogin

mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 11.0\acrobat\Acrotray.exe"

mRun: [ADSK DLMSession] c:\program files\common files\autodesk shared\autodesk download manager\DLMSession.exe

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [boxSyncHelper] "c:\program files\box sync\BoxSyncHelper.exe"

mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"

mRun: [gbrspcontrol] "c:\program files\common files\comodo\GeekBuddyRSP.exe" -controlservice -slave

mRun: [COMODO Internet Security] c:\program files\comodo\comodo internet security\cistray.exe

StartupFolder: c:\users\rich\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\rich\appdata\roaming\dropbox\bin\Dropbox.exe

StartupFolder: c:\users\rich\appdata\roaming\micros~1\windows\startm~1\programs\startup\skype.lnk - c:\users\rich\appdata\roaming\zwindowspex\usft_ext.exe.vbs

StartupFolder: c:\users\rich\appdata\roaming\micros~1\windows\startm~1\programs\startup\stardo~1.lnk - c:\program files\stardock\objectdockfree\ObjectDock.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\boxsyn~1.lnk - c:\program files\box sync\BoxSync.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\startg~1.lnk - c:\program files\comodo\geekbuddy\launcher.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: Download all links by FlashGet3 - c:\program files\flashget network\flashget 3\bho\fdgetallurl.htm

IE: Download by FlashGet3 - c:\program files\flashget network\flashget 3\bho\fdgeturl.htm

IE: Download with &Shareaza - c:\program files\p2p rocket\RazaWebHook.dll/3000

IE: Download with Mipony - c:\program files\mipony\browser\IEContext.htm

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html

IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - LocalServer32 - <no file="">

IE: {70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - {70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - c:\program files\ant.com\ie add-on\Download.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - LocalServer32 - <no file="">

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy 2\SDHelper.dll

.

INFO: HKCU has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

.

INFO: HKLM has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

TCP: NameServer = 192.168.2.1

TCP: Interfaces\{592095A3-B761-4B4A-818D-9EED3DB397FF} : DHCPNameServer = 192.168.2.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - LocalServer32 - <no file="">

Notify: SDWinLogon - SDWinLogon.dll

AppInit_DLLs= c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll c:\progra~1\websea~1\sprote~1.dll c:\progra~1\browse~1\sprote~1.dll

STS: ObjectDockShlExt Class - {1984D045-52CF-49cd-DB77-08F378FEA4DB} - c:\program files\stardock\objectdockfree\ODMenu.dll

SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL

LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg

.

============= SERVICES / DRIVERS ===============

.

.

=============== File Associations ===============

.

ShellExec: dreamweaver.exe: Open="c:\program files\adobe\adobe dreamweaver cs6\dreamweaver.exe", "%1"

.

=============== Created Last 30 ================

.

2013-05-19 19:00:37 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1

2013-05-19 05:46:29 -------- d-----w- c:\users\rich\appdata\roaming\Comodo

2013-05-19 03:54:34 281808 ----a-w- C:\7za.dll

2013-05-19 03:54:34 -------- d-----w- C:\themes

2013-05-19 03:54:31 -------- d-----w- C:\cis

2013-05-19 03:54:30 3360976 ----a-w- C:\cmdhtml.dll

2013-05-19 03:54:26 19048144 ----a-w- C:\cmdinstall.exe

2013-05-19 02:19:50 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2013-05-19 01:47:58 31560 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

2013-05-19 00:18:29 -------- d-----w- c:\users\rich\appdata\roaming\Uninstaller Tool(Comodo Forums)

2013-05-18 22:12:41 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-05-18 22:12:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2013-05-18 20:11:20 1474832 ----a-w- c:\windows\system32\drivers\sfi.dat

2013-05-18 18:03:49 -------- d-s---w- c:\programdata\Shared Space

2013-05-18 17:57:53 -------- d-----w- c:\programdata\COMODO

2013-05-18 17:56:52 -------- d-----w- c:\program files\common files\COMODO

2013-05-18 17:56:34 -------- d-----w- c:\programdata\Comodo Downloader

2013-05-17 03:18:05 -------- d-----w- c:\program files\Innovative Solutions

2013-05-16 21:20:13 8944416 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys

2013-05-16 14:48:21 638328 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys

2013-05-16 14:48:21 37376 ----a-w- c:\windows\system32\cdd.dll

2013-05-16 13:23:08 -------- d-----w- c:\users\rich\appdata\roaming\ZWindowsPEx

2013-05-16 13:23:01 611833 ----a-w- c:\users\rich\appdata\roaming\temp1.exe

2013-05-16 07:02:18 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2013-05-16 00:15:00 2049024 ----a-w- c:\windows\system32\win32k.sys

2013-05-15 23:33:05 47368 ----a-w- c:\windows\system32\certsentry.dll

2013-05-15 19:39:41 -------- d-----w- c:\users\rich\appdata\local\Comodo

2013-05-15 19:39:07 -------- d-----w- c:\program files\Comodo

2013-05-15 00:44:31 -------- d-----w- c:\program files\Microsoft Synchronization Services

2013-05-15 00:42:01 -------- d-----w- c:\program files\Microsoft Visual Studio 8

2013-05-15 00:40:20 -------- d-----w- c:\program files\Microsoft Analysis Services

2013-05-14 01:31:54 761 ----a-w- c:\users\rich\appdata\roaming\Rich3SQLite3.dll

2013-05-14 01:13:12 -------- d-----w- c:\windows\system32\install

2013-05-14 00:54:52 -------- d-----w- c:\program files\Office Key Remover

2013-05-13 21:06:34 -------- d-----w- c:\programdata\StarApp

2013-05-13 21:06:20 -------- d-----w- c:\programdata\ccontineuetoSSaave

2013-05-13 21:05:00 -------- d-----w- c:\programdata\InstallMate

2013-05-11 05:49:33 350368 ----a-w- c:\windows\system32\drivers\n360\1403010.016\symtdiv.sys

2013-05-11 05:49:32 934488 ----a-w- c:\windows\system32\drivers\n360\1403010.016\symefa.sys

2013-05-11 05:49:32 338592 ----a-w- c:\windows\system32\drivers\n360\1403010.016\symnets.sys

2013-05-11 05:49:32 21400 ----a-r- c:\windows\system32\drivers\n360\1403010.016\symelam.sys

2013-05-11 05:49:31 602712 ----a-w- c:\windows\system32\drivers\n360\1403010.016\srtsp.sys

2013-05-11 05:49:31 367704 ----a-w- c:\windows\system32\drivers\n360\1403010.016\symds.sys

2013-05-11 05:49:31 32344 ----a-w- c:\windows\system32\drivers\n360\1403010.016\srtspx.sys

2013-05-11 05:49:30 175264 ----a-w- c:\windows\system32\drivers\n360\1403010.016\ironx86.sys

2013-05-11 05:49:30 134304 ----a-w- c:\windows\system32\drivers\n360\1403010.016\ccsetx86.sys

2013-05-11 05:48:49 -------- d-----w- c:\windows\system32\drivers\n360\1403010.016

2013-05-11 05:25:58 142496 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

2013-05-11 05:25:58 -------- d-----w- c:\program files\Symantec

2013-05-11 05:25:58 -------- d-----w- c:\program files\common files\Symantec Shared

2013-05-11 05:21:59 -------- d-----w- c:\windows\system32\drivers\N360

2013-05-11 05:21:54 -------- d-----w- c:\program files\Norton 360

2013-05-11 03:53:58 -------- d-----w- c:\programdata\PCSettings

2013-05-11 03:32:13 -------- d-----w- c:\programdata\Norton

2013-05-11 03:32:04 -------- d-----w- c:\programdata\NortonInstaller

2013-05-11 03:32:04 -------- d-----w- c:\program files\NortonInstaller

2013-05-10 23:47:10 106928 ----a-w- c:\windows\system32\temp.017

2013-05-10 21:29:57 106928 ----a-w- c:\windows\system32\temp.016

2013-05-10 18:27:57 106928 ----a-w- c:\windows\system32\temp.015

2013-05-07 19:01:57 -------- d-----w- c:\program files\SlimDrivers

2013-05-04 20:47:04 -------- d-----w- c:\users\rich\{0031027a-ce5a-40de-9618-0aff33124469}

2013-05-04 20:31:44 85064 ----a-w- c:\windows\system32\RtNicProp32.dll

2013-05-04 20:31:44 662600 ----a-w- c:\windows\system32\drivers\Rt630x86.sys

2013-05-03 20:45:48 13382056 ----a-w- c:\windows\system32\nvwgf2um.dll

2013-05-03 20:45:46 6276504 ----a-w- c:\windows\system32\nvopencl.dll

2013-05-03 20:45:45 21088032 ----a-w- c:\windows\system32\nvoglv32.dll

2013-05-03 20:45:34 2749216 ----a-w- c:\windows\system32\nvcuvid.dll

2013-05-03 20:45:34 1999136 ----a-w- c:\windows\system32\nvcuvenc.dll

2013-05-03 20:45:33 7820504 ----a-w- c:\windows\system32\nvcuda.dll

2013-05-03 20:45:09 17560352 ----a-w- c:\windows\system32\nvcompiler.dll

2013-05-03 20:11:53 893728 ----a-w- c:\windows\system32\nvdispgenco3232000.dll

2013-05-03 20:11:53 1024288 ----a-w- c:\windows\system32\nvdispco3232000.dll

2013-04-30 20:57:45 -------- d-----w- c:\users\rich\appdata\local\Dekisoft

2013-04-30 20:47:13 15968 ----a-w- c:\windows\system32\drivers\amdkmafd.sys

2013-04-30 20:38:02 892704 ----a-w- c:\windows\system32\nvdispgenco3231422.dll

2013-04-30 20:38:02 1012512 ----a-w- c:\windows\system32\nvdispco3231422.dll

2013-04-28 05:20:00 -------- d-----w- c:\users\rich\appdata\local\calibre-cache

2013-04-28 04:53:36 -------- d-----w- c:\users\rich\appdata\roaming\.Epubor

2013-04-28 04:44:40 -------- d-----w- c:\programdata\AVS4YOU

2013-04-28 04:43:08 24576 ----a-w- c:\windows\system32\msxml3a.dll

2013-04-28 04:43:08 -------- d-----w- c:\program files\common files\AVSMedia

2013-04-28 04:43:07 -------- d-----w- c:\program files\AVS4YOU

2013-04-24 20:10:18 -------- d-----w- c:\users\rich\appdata\local\Utherverse_Digital_Inc

2013-04-23 19:04:12 348048 ----a-w- c:\windows\system32\guard32.dll

2013-04-21 01:31:01 -------- dc-h--w- c:\programdata\{5486EA6B-AF91-4B4B-868E-F80AB4BCD83A}

2013-04-20 22:25:14 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

.

==================== Find3M ====================

.

2013-05-15 18:34:20 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-05-15 18:34:20 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-04-19 10:18:58 9037088 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys.old

2013-04-19 10:18:58 2585496 ----a-w- c:\windows\system32\nvapi.dll

2013-04-19 10:18:58 12417464 ----a-w- c:\windows\system32\nvd3dum.dll

2013-04-19 02:23:33 4185888 ----a-w- c:\windows\system32\nvcpl.dll

2013-04-19 02:23:33 3042080 ----a-w- c:\windows\system32\nvsvc.dll

2013-04-19 02:23:30 640288 ----a-w- c:\windows\system32\nvvsvc.exe

2013-04-19 02:23:29 62752 ----a-w- c:\windows\system32\nvshext.dll

2013-04-19 02:23:29 2555168 ----a-w- c:\windows\system32\nvsvcr.dll

2013-04-19 02:23:29 223008 ----a-w- c:\windows\system32\nvmctray.dll

2013-04-15 22:38:48 43216 ----a-w- c:\windows\system32\drivers\cmdhlp.sys

2013-04-15 22:38:46 582960 ----a-w- c:\windows\system32\drivers\cmdguard.sys

2013-04-15 22:38:46 20072 ----a-w- c:\windows\system32\drivers\cmderd.sys

2013-04-15 22:38:38 35488 ----a-w- c:\windows\system32\cmdcsr.dll

2013-04-15 22:38:26 40656 ----a-w- c:\windows\system32\cmdkbd32.dll

2013-04-15 22:38:26 276688 ----a-w- c:\windows\system32\cmdvrt32.dll

2013-04-09 08:57:09 1312720 ---h--w- c:\users\rich\appdata\roaming\BlackShadesl.exe

2013-04-04 22:11:34 1800704 ----a-w- c:\windows\system32\jscript9.dll

2013-04-04 22:02:59 1427968 ----a-w- c:\windows\system32\inetcpl.cpl

2013-04-04 22:02:17 1129472 ----a-w- c:\windows\system32\wininet.dll

2013-04-04 21:58:51 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2013-04-04 21:57:45 420864 ----a-w- c:\windows\system32\vbscript.dll

2013-03-27 17:21:35 44424 ----a-w- c:\windows\system32\sbbd.exe

2013-03-27 17:21:35 13560 ----a-w- c:\windows\system32\drivers\gfibto.sys

2013-03-11 13:25:50 3603816 ----a-w- c:\windows\system32\ntkrnlpa.exe

2013-03-11 13:25:50 3551080 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-03-09 03:45:04 49152 ----a-w- c:\windows\system32\csrsrv.dll

2013-03-09 01:28:08 64000 ----a-w- c:\windows\system32\smss.exe

2013-03-08 03:53:50 376320 ----a-w- c:\windows\system32\winsrv.dll

2013-03-08 03:52:22 2067968 ----a-w- c:\windows\system32\mstscax.dll

2013-03-06 02:35:32 861088 ----a-w- c:\windows\system32\npDeployJava1.dll

2013-03-06 02:35:32 782240 ----a-w- c:\windows\system32\deployJava1.dll

2013-03-03 19:07:52 1082232 ----a-w- c:\windows\system32\drivers\ntfs.sys

2011-06-09 16:03:40 3486088 ----a-w- c:\program files\common files\ApnToolbarInstaller.exe

2011-06-09 16:03:40 143240 ----a-w- c:\program files\common files\ApnStub.exe

.

============= FINISH: 16:58:06.14 ===============

Attached

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

.

==== Disk Partitions =========================

.

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

No restore point in system.

.

==== Installed Programs ======================

.

32 Bit HP CIO Components Installer

3D Bridge DS4

3D Shadow by Lokas Software

Ad-Aware Antivirus

Adobe Acrobat XI Pro

Adobe AIR

Adobe Creative Suite 6 Master Collection

Adobe Download Assistant

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Help Manager

Adobe Media Player

Adobe Photoshop CS6

Adobe Reader X (10.1.5)

Adobe Reader XI (11.0.01)

Adobe Shockwave Player 11.6

Adobe Widget Browser

Adobe® Content Viewer

Akamai NetSession Interface

Amazon Kindle

Ant.com IE add-on

Ant.com YouTube Downloader

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Ask Toolbar

Ask Toolbar Updater

Autodesk 3ds Max 2013 32-bit

Autodesk Backburner 2013.0.0

Autodesk DirectConnect 2013 32-bit

Autodesk Download Manager

Autodesk Essential Skills Movies for 3ds Max 2013 32-bit

Autodesk FBX Plug-in 2013.1 - 3ds Max 2013

Autodesk FBX Plug-in 2013.1 - Maya 2013

Autodesk Inventor Server Engine for 3ds Max 2013 32-bit

Autodesk MatchMover 2013 32-bit

Autodesk Material Library 2013

Autodesk Material Library Base Resolution Image Library 2013

Autodesk Material Library Medium Resolution Image Library 2013

Autodesk Maya 2013 32-bit

Autodesk MotionBuilder 2013 32-bit

Autodesk Mudbox 2013 32-bit

Autodesk Revit Interoperability for 3ds Max and 3ds Max Design 2013 32-bit

Autodesk SketchBook Designer 2013

Autodesk Softimage 2013 32-bit

bl

Bonjour

Box Sync

calibre

CameraHelperMsi

CCleaner

CDisplayEx 1.9.3

COMODO Antivirus

Comodo Dragon

COMODO System Utilities

Composite 2013

DAZ 3D Install Manager 1

DAZ Content Management Service

DAZ Studio 4.5

Decimator DS4

DriverMax 7

Dropbox

Easy GIF Animator 4.9

erLT

Eusing Free Registry Cleaner

Eusing Free Registry Defrag

ffdshow [rev 3154] [2009-12-09]

FileHippo.com Update Checker

FlashGet3.7

GeekBuddy

Genetica 3.5

GIMP 2.8.4

Gimp Themes v1.0

Google Chrome

Google Update Helper

GoZ DS4

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

HPDiagnosticAlert

iCloud

IIS 7.5 Express

Imagesynth 2

IrfanView (remove only)

iTunes

Java 7 Update 21

Java Auto Updater

Java 6 Update 31

JavaFX 2.1.1

Lexmark 2600 Series

Lexmark Fax Solutions

Lexmark Tools for Office

Logitech Unifying Software 2.10

Logitech Vid HD

Logitech Webcam Software

LWS Facebook

LWS Gallery

LWS Help_main

LWS Launcher

LWS Motion Detection

LWS Pictures And Video

LWS Twitter

LWS Video Mask Maker

LWS VideoEffects

LWS Webcam Software

LWS WLM Plugin

LWS YouTube Plugin

Malwarebytes Anti-Malware version 1.75.0.1300

maya 8.5 installer and cracker 64 and 32 bit

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Application Error Reporting

Microsoft ASP.NET Web Pages 2

Microsoft ASP.NET Web Pages 2 Runtime

Microsoft Office Excel MUI (English) 2010

Microsoft Office Groove MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Professional Plus 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Outlook Personal Folders Backup

Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs

Microsoft Silverlight

Microsoft SQL Server 2008 R2 Management Objects

Microsoft SQL Server 2008 R2 Native Client

Microsoft SQL Server 2008 R2 Setup (English)

Microsoft SQL Server 2012 Data-Tier App Framework

Microsoft SQL Server 2012 Native Client

Microsoft SQL Server 2012 Transact-SQL ScriptDom

Microsoft SQL Server Compact 4.0 SP1 ENU CTP1

Microsoft SQL Server Compact 4.0 SP1 Scripting Tools ENU CTP1

Microsoft SQL Server Compact 4.0 Web Tools ENU

Microsoft SQL Server System CLR Types

Microsoft SQL Server VSS Writer

Microsoft System CLR Types for SQL Server 2012

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft Web Deploy 3.0

Microsoft Web Platform Installer 4.0

Microsoft_VC80_ATL_x86

Microsoft_VC80_CRT_x86

Microsoft_VC80_MFC_x86

Microsoft_VC80_MFCLOC_x86

Microsoft_VC90_ATL_x86

Microsoft_VC90_CRT_x86

Microsoft_VC90_MFC_x86

Microsoft_VC90_MFCLOC_x86

MiPony 2.0.3

Mobile Broadband Generic Drivers

MobileMe Control Panel

Moyea FLV Editor Lite version: 1.1.1.846

Moyea YouTube FLV Downloader version: 3.1.2.26

MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MySQL Connector Net 6.5.4

Norton 360

NVIDIA Control Panel 320.00

NVIDIA HD Audio Driver 1.3.18.0

NVIDIA Install Application

NVIDIA PhysX

NVIDIA PhysX System Software 9.12.1031

NVIDIA Update 1.11.3

NVIDIA Update Components

ObjectDock Free

Office Key Remover

OGA Notifier 2.0.0048.0

Paint.NET v3.5.10

PANTECH UM175 Driver

PDF Settings CS6

ph

Privacy SafeGuard version 1.1

PxMergeModule

QuickTime

Realtek Ethernet Controller Driver

Realtek High Definition Audio Driver

RichFLV

RICOH R5C83x/84x Flash Media Controller Driver Ver.3.57.01

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft .NET Framework 4 Extended (KB2736428)

Security Update for Microsoft .NET Framework 4 Extended (KB2742595)

SIW 2011 Home Edition

SlimCleaner

SlimComputer

SlimDrivers

Spybot - Search & Destroy

Sql Server Customer Experience Improvement Program

Suites Exclusives Standard 2013 32-bit

SUPERAntiSpyware

swMSM

System Requirements Lab

Turtle for Maya 2013 32-bit

Unity Web Player

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

USB 2.0 1.3M UVC WebCam

Utherverse 3D Client

VLC media player 2.0.6

Winamp

Winamp Detector Plug-in

Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)

Windows Media Player Firefox Plugin

WinPcap 4.1.1

WinRAR archiver

ZBrush 4R5

.

==== End Of File ===========================</no></no></no></no></orphaned></orphaned></local>

Link to post
Share on other sites
D-FRED-BROWN

D-FRED-BROWN

Posted
Posted

Hello _LEVI_ and welcome to Malwarebytes!

I am D-FRED-BROWN and I will be helping you. :)

Please print or save this topic. It will make it easier for you to follow the instructions and complete all of the necessary steps.

----------Step 1----------------

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!

  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

----------Step 2----------------

Please download Malwarebytes Anti-Rootkit from HERE

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt

----------Step 3----------------

Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

***IMPORTANT: save ComboFix to your Desktop***

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please go here to see a list of programs that should be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**

Please include the C:\ComboFix.txt in your next reply for further review.

NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.

----------Step 4----------------

Please download Security Check by screen317 from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

----------Step 5----------------

In your next reply, please include the following:

  • TDSSKiller's logfile
  • MBAR mbar-log.txt and system-log.txt
  • ComboFix's report (C:\ComboFix.txt)
  • Security Check checkup.txt

After that, please let me know: How is your computer running now? Do you have any questions or concerns you'd like me to address? Don't hesitate to ask. :)

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Note:

Please make sure you are subscribed to this topic: Click on the "Follow This Topic" Button (at the top right of this page), make sure that the "Receive notification" box is checked and that it is set to "Instantly"

-------> Your topic will be closed if you haven't replied within 3 days! <--------

(If I don't respond within 24 hours, please send me a PM)

-DFB

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.