Jump to content

I'm infected too

pkmarquez
 Share

Recommended Posts

pkmarquez

pkmarquez

Posted
Posted

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16483

Run by Phillip at 17:09:29 on 2013-06-09

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4029.2121 [GMT -5:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\agent_x64.exe

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k RPCSS

c:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Windows\SysWOW64\svchost.exe -k Akamai

C:\Windows\system32\svchost.exe -k apphost

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Windows\system32\taskhost.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Clearwire\Connection Manager\clearwireDeviceDiagnosticsService.exe

C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe

C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

C:\Windows\system32\lxebcoms.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

c:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe

C:\Program Files (x86)\Clearwire\Connection Manager\DeviceLaunchSvc.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebmon.exe

C:\Program Files\Microsoft IntelliType Pro\itype.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Users\Phillip\AppData\Local\Akamai\netsession_win.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Users\Phillip\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe

C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe

C:\Users\Phillip\AppData\Local\Akamai\netsession_win.exe

C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe

C:\Users\Phillip\AppData\Local\Google\Update\1.3.21.145\GoogleCrashHandler.exe

C:\Users\Phillip\AppData\Local\Google\Update\1.3.21.145\GoogleCrashHandler64.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe

C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe

C:\Windows\system32\svchost.exe -k iissvcs

C:\Program Files\IIS\Microsoft Web Farm Framework\WebFarmService.exe

C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe

C:\ProgramData\FLEXnet\Connect\11\agent.exe

C:\Program Files (x86)\Nikon\NkView6\NkvMon.exe

C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE

C:\Users\Phillip\AppData\Local\Apps\2.0\JK89L9LN.HR5\5JH29H1V.ZTW\curs..tion_9e9e83ddf3ed3ead_0005.0001_181b5e0542e9eb6c\CurseClient.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\SearchIndexer.exe

c:\Program Files\Microsoft Security Client\NisSrv.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

c:\windows\system32\inetsrv\w3wp.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\System32\WUDFHost.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

c:\Program Files\Microsoft Security Client\MpCmdRun.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uWindow Title = Internet Explorer, optimized for Bing and MSN

mWinlogon: Userinit = userinit.exe,

BHO: Lexmark Toolbar: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} -

BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll

BHO: Dragon NaturallySpeaking Rich Internet Application Support - Extension: {73A89C60-CF59-4EC7-9215-9B7EF05ECEA4} - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ieShim.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL

BHO: Lexmark Printable Web: {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB: Lexmark Toolbar: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll

TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB: Lexmark Toolbar: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll

TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

uRun: [Akamai NetSession Interface] "C:\Users\Phillip\AppData\Local\Akamai\netsession_win.exe"

uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe

uRun: [Google Update] "C:\Users\Phillip\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [skyDrive] "C:\Users\Phillip\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background

uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe

uRun: [iSUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler

uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

uRun: [Overwolf] C:\Program Files (x86)\Overwolf\Overwolf.exe -silent

mRun: [ASUS Ai Charger] C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [iSUSPM] C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe -scheduler

mRun: [DNS7reminder] "C:\Program Files (x86)\Nuance\NaturallySpeaking12\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking12\Ereg.ini"

StartupFolder: C:\Users\Phillip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip

StartupFolder: C:\Users\Phillip\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NETGEA~1.LNK - C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NKVMON~1.LNK - C:\Program Files (x86)\Nikon\NkView6\NkvMon.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:0

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableLUA = dword:0

mPolicies-System: EnableUIADesktopToggle = dword:0

mPolicies-System: PromptOnSecureDesktop = dword:0

IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {76c5fb99-dd0a-4186-9e75-65d1bf3da283} - C:\Program Files (x86)\Amazon\Add to Wish List IE Extension\run.htm

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab

DPF: {75A6AEA3-F26E-4608-AE9B-8DA78C87576E} - hxxps://kingsisle.hs.llnwd.net/e1/static/themes/wizard101A/activex/Wizard101GameLauncher.CAB

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.13.0.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: NameServer = 192.168.1.254

TCP: Interfaces\{CC007360-8268-45CA-AEE1-B6CF3DC23BB0} : DHCPNameServer = 192.168.1.254

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SSODL: WebCheck - <orphaned>

mASetup: Neat ADF Scanner 2008 - reg copy "HKLM\Software\Wow6432Node\The Neat Company\Neat ADF Scanner 2008" "HKCU\Software\The Neat Company\Neat ADF Scanner 2008" /s /f

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"

x64-BHO: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - <orphaned>

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL

x64-BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - <orphaned>

x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe

x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe

x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe

x64-Run: [intelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"

x64-Run: [lxebmon.exe] "C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebmon.exe"

x64-Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe"

x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" -f "C:\ProgramData\NVIDIA\Updatus\NvTmru\nvtmru.dat"

x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-Notify: igfxcui - igfxdev.dll

x64-SSODL: WebCheck - <orphaned>

x64-mASetup: Send To Neat - reg copy "HKLM\Software\The Neat Company\Send To Neat" "HKCU\Software\The Neat Company\Send To Neat" /s /f

.

============= SERVICES / DRIVERS ===============

.

R0 AiCharger;ASUS Charger Driver;C:\Windows\System32\drivers\AiCharger.sys [2011-11-29 14592]

R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320]

R0 SCMNdisP;General NDIS Protocol Driver;C:\Windows\System32\drivers\SCMNdisP.sys [2010-12-15 25312]

R2 Agent;Agent;C:\Windows\agent_x64.exe [2012-7-8 102912]

R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 27136]

R2 clearwireDeviceDiagnosticsService;Clearwire Device Diagnostics Service;C:\Program Files (x86)\Clearwire\Connection Manager\clearwireDeviceDiagnosticsService.exe [2010-6-17 398848]

R2 Dokan;Dokan;C:\Windows\System32\drivers\dokan.sys [2011-1-10 120408]

R2 DokanMounter;DokanMounter;C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe [2011-1-10 14848]

R2 DragonSvc;Dragon Service;C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe [2013-2-11 311184]

R2 lxeb_device;lxeb_device;C:\Windows\System32\lxebcoms.exe -service --> C:\Windows\System32\lxebcoms.exe -service [?]

R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-22 418376]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-22 701512]

R2 MsDepSvc;Web Deployment Agent Service;C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe [2011-4-1 67400]

R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-3-20 130008]

R2 SMSI Device Launch Service;Clearwire Device Launch Service;C:\Program Files (x86)\Clearwire\Connection Manager\DeviceLaunchSvc.exe [2010-9-1 107856]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-3-14 383264]

R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-8-31 2754984]

R2 WebFarmService;Web Farm Controller Service;C:\Program Files\IIS\Microsoft Web Farm Framework\WebFarmService.exe [2011-7-26 15640]

R2 WSWNA3100;WSWNA3100;C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe [2010-12-15 278528]

R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2012-9-19 102368]

R3 e1yexpress;Intel® Gigabit Network Connections Driver;C:\Windows\System32\drivers\e1y60x64.sys [2009-6-10 281088]

R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2011-2-2 25928]

R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]

R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2012-9-19 203104]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 lxebCATSCustConnectService;lxebCATSCustConnectService;C:\Windows\System32\spool\drivers\x64\3\lxebserv.exe [2011-3-31 45736]

S3 bcm;WiMAX Network Adapter;C:\Windows\System32\drivers\drxvi314_64.sys [2010-7-8 357248]

S3 bcmbusctr;WiMAX Bus Driver;C:\Windows\System32\drivers\BcmBusCtr_64.sys [2010-7-8 62976]

S3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;C:\Windows\System32\drivers\bcmwlhigh664.sys [2010-12-15 838136]

S3 BRDriver64;BRDriver64;C:\ProgramData\bitraider\BRDriver64.sys [2013-3-15 74024]

S3 BRSptSvc;BitRaider Mini-Support Service;C:\ProgramData\bitraider\BRSptSvc.exe [2013-3-15 915736]

S3 CACLEARWIRE;Clearwire Con App Svc;C:\Program Files (x86)\Clearwire\Connection Manager\ConAppsSvc.exe [2010-9-1 124240]

S3 CLEARWIRERcAppSvc;Clearwire RcAppSvc;C:\Program Files (x86)\Clearwire\Connection Manager\RcAppSvc.exe [2010-9-1 120144]

S3 cpudrv64;cpudrv64;C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [2011-6-2 17864]

S3 npggsvc;nProtect GameGuard Service;C:\Windows\System32\GameMon.des -service --> C:\Windows\System32\GameMon.des -service [?]

S3 PCTINDIS5X64;PCTINDIS5X64 NDIS Protocol Driver;C:\Windows\System32\PCTINDIS5X64.sys [2010-9-1 43032]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-3 19456]

S3 ssudnflt;Remote NDIS Filter Driver;C:\Windows\System32\drivers\ssudnflt.sys [2012-9-28 19520]

S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-3 57856]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-10-16 1255736]

S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2010-4-3 59744]

S4 RsFx0151;RsFx0151 Driver;C:\Windows\System32\drivers\RsFx0151.sys [2011-6-17 313696]

S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-6-17 431456]

.

=============== Created Last 30 ================

.

2013-06-09 18:29:35 9460464 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{69C5C488-E687-4C99-B8A9-04B245C6E3D3}\mpengine.dll

2013-06-08 12:03:20 9460464 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2013-06-04 22:19:38 -------- d-----w- C:\Program Files (x86)\Gazillion Entertainment

2013-06-01 22:40:21 -------- d-----w- C:\Users\Phillip\AppData\Local\WarThunder

2013-06-01 22:40:21 -------- d-----w- C:\ProgramData\WarThunder

2013-06-01 22:36:21 -------- d-----w- C:\Program Files (x86)\War Thunder

2013-05-30 05:10:36 -------- d-----w- C:\Users\Phillip\AppData\Roaming\ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1

2013-05-30 05:10:27 -------- d-----w- C:\Program Files (x86)\Zinio Reader 4

2013-05-28 22:33:42 212992 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ILog.dll

2013-05-23 00:28:06 964552 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A2A2B269-C61B-4E34-89B6-23474F55F2CC}\gapaengine.dll

2013-05-14 23:27:03 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2013-05-14 23:27:03 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2013-05-14 23:12:40 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys

.

==================== Find3M ====================

.

2013-05-15 00:00:02 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-05-15 00:00:02 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-05-02 15:29:56 278800 ------w- C:\Windows\System32\MpSigStub.exe

2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll

2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll

2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll

2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll

2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll

2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll

2013-04-12 14:45:08 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys

2013-04-10 06:01:54 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys

2013-04-10 03:30:50 3153920 ----a-w- C:\Windows\System32\win32k.sys

2013-04-05 01:08:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2013-04-05 01:00:30 1392128 ----a-w- C:\Windows\System32\wininet.dll

2013-04-05 00:59:24 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2013-04-05 00:56:16 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2013-04-05 00:55:47 599040 ----a-w- C:\Windows\System32\vbscript.dll

2013-04-04 22:11:34 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2013-04-04 22:02:59 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2013-04-04 22:02:17 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2013-04-04 21:58:51 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2013-04-04 21:57:45 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll

2013-04-04 19:50:32 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2013-03-19 06:04:06 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe

2013-03-19 05:53:58 48640 ----a-w- C:\Windows\System32\wwanprotdim.dll

2013-03-19 05:53:58 230400 ----a-w- C:\Windows\System32\wwansvc.dll

2013-03-19 05:46:56 43520 ----a-w- C:\Windows\System32\csrsrv.dll

2013-03-19 05:04:13 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2013-03-19 05:04:10 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2013-03-19 04:47:50 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll

2013-03-19 03:06:33 112640 ----a-w- C:\Windows\System32\smss.exe

2013-03-15 04:16:18 3477280 ----a-w- C:\Windows\System32\nvsvc64.dll

2013-03-15 04:16:17 6398240 ----a-w- C:\Windows\System32\nvcpl.dll

2013-03-15 04:16:10 877856 ----a-w- C:\Windows\System32\nvvsvc.exe

2013-03-15 04:16:10 63776 ----a-w- C:\Windows\System32\nvshext.dll

2013-03-15 04:16:10 237856 ----a-w- C:\Windows\System32\nvmctray.dll

2013-03-15 03:07:52 559904 ----a-w- C:\Windows\SysWow64\nvStreaming.exe

.

============= FINISH: 17:10:26.69 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 10/15/2010 10:32:54 PM

System Uptime: 6/9/2013 1:17:37 PM (4 hours ago)

.

Motherboard: Intel Corporation | | DG43GT

Processor: Pentium® Dual-Core CPU E5300 @ 2.60GHz | PROCESSOR | 2600/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 932 GiB total, 112.651 GiB free.

D: is CDROM (CDFS)

E: is Removable

F: is Removable

.

==== Disabled Device Manager Items =============

.

Class GUID:

Description: PCI Simple Communications Controller

Device ID: PCI\VEN_8086&DEV_2E24&SUBSYS_00288086&REV_03\3&11583659&0&18

Manufacturer:

Name: PCI Simple Communications Controller

PNP Device ID: PCI\VEN_8086&DEV_2E24&SUBSYS_00288086&REV_03\3&11583659&0&18

Service:

.

==== System Restore Points ===================

.

RP328: 6/3/2013 1:13:32 PM - Windows Update

RP329: 6/4/2013 5:20:34 PM - Installed DirectX

RP330: 6/4/2013 5:21:27 PM - Installed DirectX

RP331: 6/4/2013 5:22:29 PM - Installed DirectX

RP332: 6/8/2013 7:02:20 AM - Windows Update

RP333: 6/8/2013 10:37:23 PM - Installed DirectX

.

==== Installed Programs ======================

.

ABBYY FineReader 6.0 Sprint

Adobe Acrobat X Standard

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.6)

Akamai NetSession Interface

Akamai NetSession Interface Service

Amazon Add to Wish List IE Extension 1.2

Amazon Kindle

Amazon MP3 Downloader 1.0.17

Apple Application Support

Apple Mobile Device Support

Apple Software Update

ASUS Ai Charger

Bastion

BitRaider Web Client

Boardmaker

Bonjour

CCleaner

Citrix XenApp Web Plugin

CLEAR Connection Manager

Curse Client

D3DX10

Darksiders II

DC Universe Online

DC Universe Online Live

DeepTrawl 3.2

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Diablo III

DivX Player

DivX Setup

Dokan Library 0.6.0

Dragon NaturallySpeaking 12

EverQuest II

EVGA Precision 1.8.1

Fallout 2

Fallout 3 - Game of the Year Edition

FastStone Image Viewer 4.6

ffdshow [rev 2527] [2008-12-19]

FloorPlan 3D v11

Fraps (remove only)

Frontline Tactics

FTL: Faster Than Light

GameSpy Arcade

GIMP 2.6.11

Global Agenda

Google Chrome

Hitman: Blood Money

Hotfix for Microsoft Visual Web Developer 2010 Express - ENU (KB2548139)

Hotfix for Microsoft Visual Web Developer 2010 Express - ENU (KB2635973)

iCloud

IIS 7.5 Express

IIS URL Rewrite Module 2

iSEEK AnswerWorks English Runtime

iTunes

Java 6 Update 31

Left 4 Dead 2

Legend of Grimrock

Lexmark Printable Web

Lexmark Pro200-S500 Series

Lexmark Toolbar

LightScribe System Software

Magic Online

Majesty Gold HD

Malwarebytes Anti-Malware version 1.75.0.1300

Marvel Heroes

MechWarrior Online

Microsoft .NET Framework 1.1

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft .NET Framework 4 Multi-Targeting Pack

Microsoft Access 2010

Microsoft Application Error Reporting

Microsoft ASP.NET MVC 2

Microsoft ASP.NET MVC 2 - VWD Express 2010 Tools

Microsoft ASP.NET MVC 3

Microsoft ASP.NET MVC 3 - VWD Express 2010 Tools Update

Microsoft ASP.NET Web Pages

Microsoft ASP.NET Web Pages - VWD Express 2010 Tools

Microsoft Expression Encoder 4

Microsoft Expression Encoder 4 Screen Capture Codec

Microsoft Games for Windows - LIVE Redistributable

Microsoft Games for Windows Marketplace

Microsoft Help Viewer 1.1

Microsoft IntelliPoint 8.0

Microsoft IntelliType Pro 8.2

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access 2010

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Home and Student 2010

Microsoft Office Office 64-bit Components 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared 64-bit MUI (English) 2010

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Single Image 2010

Microsoft Office Word MUI (English) 2010

Microsoft Security Client

Microsoft Security Essentials

Microsoft Silverlight

Microsoft Silverlight 3 SDK

Microsoft Silverlight 4 SDK

Microsoft SkyDrive

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft SQL Server 2008 R2 (64-bit)

Microsoft SQL Server 2008 R2 Management Objects

Microsoft SQL Server 2008 R2 Management Objects (x64)

Microsoft SQL Server 2008 R2 Native Client

Microsoft SQL Server 2008 R2 RsFx Driver

Microsoft SQL Server 2008 R2 Setup (English)

Microsoft SQL Server 2008 Setup Support Files

Microsoft SQL Server Browser

Microsoft SQL Server Compact 3.5 SP2 ENU

Microsoft SQL Server Compact 3.5 SP2 x64 ENU

Microsoft SQL Server Compact 4.0 x64 ENU

Microsoft SQL Server Database Publishing Wizard 1.4

Microsoft SQL Server System CLR Types

Microsoft SQL Server System CLR Types (x64)

Microsoft SQL Server VSS Writer

Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219

Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219

Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools

Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU

Microsoft Visual Studio 2010 Service Pack 1

Microsoft Visual Studio 2010 Tools for Office Runtime (x64)

Microsoft Visual Web Developer 2010 Express - ENU

Microsoft Web Deploy 2.0

Microsoft Web Farm Framework Version 2 for IIS 7

Microsoft Web Platform Installer 3.0

Microsoft XNA Framework Redistributable 3.1

MobileMe Control Panel

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Neat

Neat ADF Scanner 2008 Driver

Neat ADF Scanner Driver

Neat Core Files

Neat Mobile Scanner (Silver) Driver

Neat Mobile Scanner 2008 Driver

Neat Mobile Scanner Driver

NETGEAR WNA3100 wireless USB 2.0 adapter

Nikon View 6

Notepad++

NuGet

NVIDIA 3D Vision Controller Driver 314.22

NVIDIA 3D Vision Driver 314.22

NVIDIA Control Panel 314.22

NVIDIA GeForce Experience 1.1

NVIDIA Graphics Driver 314.22

NVIDIA Install Application

NVIDIA PhysX

NVIDIA Stereoscopic 3D Driver

NVIDIA Update 3.10.8

NVIDIA Update Components

OneTouch USB Driver

Orcs Must Die!

Pando Media Booster

PVSonyDll

Quicken 2011

QuickTime

Realtek High Definition Audio Driver

RIFT

Safari

SAMSUNG USB Driver for Mobile Phones

Sanctum

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft .NET Framework 4 Extended (KB2736428)

Security Update for Microsoft .NET Framework 4 Extended (KB2742595)

Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition

Security Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition

Security Update for Microsoft OneNote 2010 (KB2760600) 32-Bit Edition

Security Update for Microsoft Publisher 2010 (KB2553147) 32-Bit Edition

Security Update for Microsoft Visio 2010 (KB2810068) 32-Bit Edition

Security Update for Microsoft Visio Viewer 2010 (KB2687505) 32-Bit Edition

Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition

Semper Driver Backup

Send To Neat

Service Pack 1 for SQL Server 2008 R2 (KB2528583) (64-bit)

SQL Server 2008 R2 SP1 Common Files

SQL Server 2008 R2 SP1 Database Engine Services

SQL Server 2008 R2 SP1 Database Engine Shared

Sql Server Customer Experience Improvement Program

Star Trek Online

Star Wars: The Old Republic

Steam

System Requirements Lab

System Requirements Lab for Intel

TeamSpeak 3 Client

TeamViewer 7

The Elder Scrolls V: Skyrim

The Logo Creator v5.2

The Lord of the Rings Online™

The Lord of the Rings Online™ v03.07.01.8015

Torchlight

Torchlight II

Unity Web Player

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition

Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition

Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition

Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition

Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition

Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition

Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition

VC80CRTRedist - 8.0.50727.6195

Ventrilo Client

Ventrilo Client for Windows x64

ViewSonic Windows 7 x64 Signed Files

Visual Studio 2010 SP1 Tools for SQL Server Compact 4.0 ENU

VLC media player 2.0.5

War Thunder Launcher 1.0.1.199

WCF RIA Services V1.0 SP1

Web Deployment Tool

Windows Azure AppFabric SDK V1.0

Windows Azure SDK

Windows Azure Tools for Microsoft Visual Studio 2010 1.4

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

WinRAR 4.20 (32-bit)

Wizard101

World of Tanks

World of Warcraft

World of Warplanes

XCOM: Enemy Unknown

Zinio Reader 4

.

==== Event Viewer Messages From Past Week ========

.

6/9/2013 1:20:57 PM, Error: Service Control Manager [7022] - The Web Farm Controller Service service hung on starting.

6/9/2013 1:18:43 PM, Error: Service Control Manager [7038] - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

6/9/2013 1:18:43 PM, Error: Service Control Manager [7000] - The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure.

6/9/2013 1:18:40 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the lxebCATSCustConnectService service to connect.

6/9/2013 1:18:40 PM, Error: Service Control Manager [7000] - The lxebCATSCustConnectService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

6/2/2013 1:13:01 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.151.1435.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9506.0 Error code: 0x80072f76 Error description: The requested header was not found

.

==== End Of File ===========================

Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

Welcome to the forum. What's your concerns with the computer??

Please download and run RogueKiller 32 Bit to your desktop.

RogueKiller 64 Bit <---use this one for 64 bit systems

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes)

P2P Warning:

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

MrC

Note:

Please read all of my instructions completely including these.

Make sure you're subscribed to this topic:
Click on the
Follow This Topic Button
(at the top right of this page), make sure that the
Receive notification
box is checked and that it is set to
Instantly

Removing malware can be unpredictable
...things can go very wrong!
Backup
any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>Please stick with me until I give you the "all clear" and
Please don't waste my time by leaving before that
.

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

Link to post
Share on other sites
pkmarquez

pkmarquez

Posted
  • Author
Posted

Successfully blocked access to a potentially malicious website: It goes on to post Port and IP Adresses. I thought it was seeing my game patchers at first so I disabled malware bytes and all of the sudden I started streaming what sounded like infomerical audio on my headset. It was random junk about child care, money making through flipping houses, etc. I turned on malware protection again and i get the constant popups. Here is the report requested.

RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Phillip [Admin rights]

Mode : Scan -- Date : 06/09/2013 17:34:23

| ARK || FAK || MBR |

¤¤¤ Bad processes : 3 ¤¤¤

[sUSP PATH] agent_x64.exe -- C:\Windows\agent_x64.exe [-] -> KILLED [TermProc]

[sUSP PATH] agent.exe -- C:\ProgramData\FLEXnet\Connect\11\agent.exe [7] -> KILLED [TermProc]

[sUSP PATH] CurseClient.exe -- C:\Users\Phillip\AppData\Local\Apps\2.0\JK89L9LN.HR5\5JH29H1V.ZTW\curs..tion_9e9e83ddf3ed3ead_0005.0001_181b5e0542e9eb6c\CurseClient.exe [-] -> KILLED [TermProc]

¤¤¤ Registry Entries : 14 ¤¤¤

[RUN][sUSP PATH] HKLM\[...]\Run : Nvtmru ("C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" -f "C:\ProgramData\NVIDIA\Updatus\NvTmru\nvtmru.dat") [-] -> FOUND

[HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND

[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND

[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND

[HJPOL] HKLM\[...]\Wow6432Node\System : DisableTaskMgr (0) -> FOUND

[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND

[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND

[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND

[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND

[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> FOUND

[HJ DESK] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD1001FALS-00J7B1 ATA Device +++++

--- User ---

[MBR] 539387aa22a30ce5496cfbc1ccb91009

[bSP] 762e267a84d034bfeda1743a4791ccd2 : Windows 7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 953859 Mo

User = LL1 ... OK!

User != LL2 ... KO!

--- LL2 ---

[MBR] 1aea59b4a0b510a596ff4cc35593b975

[bSP] 5702a56791744d3b8cde2ce39b6fa62c : Windows Vista/7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 953859 Mo

Finished : << RKreport[1]_S_06092013_02d1734.txt >>

RKreport[1]_S_06092013_02d1734.txt

Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

Download Malwarebytes Anti-Rootkit from HERE

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txt

To attach a log if needed:

Bottom right corner of this page.

more-reply-options.jpg

New window that comes up.

choose-files1.jpg

~~~~~~~~~~~~~~~~~~~~~~~

Note:

If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:

Internet access

Windows Update

Windows Firewall

If there are additional problems with your system, such as any of those listed above or other system issues, then run the fixdamage tool included with Malwarebytes Anti-Rootkit and reboot. It's located in the Plugins folder which is in the MBAR folder.

Just run fixdamage.exe.

Verify that they are now functioning normally.

MrC

Link to post
Share on other sites
pkmarquez

pkmarquez

Posted
  • Author
Posted

Here are the logs from the initial pass. It has taken away the constant error messages that were popping up at the bottom right. I am running the 2nd scan now. I have internet as I am able to respond to you on this machine. I have windows firewall everything shows green check marks. I have windows updates and there are some pending and it was willing to start installing. I just don't want to interrupt 2nd scan.

Malwarebytes Anti-Rootkit BETA 1.06.0.1003

www.malwarebytes.org

Database version: v2013.06.11.08

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Phillip :: PHILLIP-PC [administrator]

6/11/2013 7:02:57 PM

mbar-log-2013-06-11 (19-02-57).txt

Scan type: Quick scan

Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | Deep Anti-Rootkit Scan | PUM | P2P

Scan options disabled: PUP

Objects scanned: 319887

Time elapsed: 22 minute(s), 4 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

Physical Sectors Detected: 3

Master Boot Record on Drive #0 (Unknown Rootkit MBR Infection) -> Replace on reboot.

Physical Sector #1953524880 on Drive #0 (Forged physical sector) -> Replace on reboot.

Physical Sector #1953524906 on Drive #0 (Forged physical sector) -> Replace on reboot.

(end)

2nd log

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.06.0.1003

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 9.0.8112.16421

Java version: 1.6.0_31

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED

CPU speed: 2.600000 GHz

Memory total: 4224536576, free: 2177658880

Downloaded database version: v2013.06.11.08

Downloaded database version: v2013.05.22.01

Initializing...

------------ Kernel report ------------

06/11/2013 19:02:50

------------ Loaded modules -----------

\SystemRoot\system32\ntoskrnl.exe

\SystemRoot\system32\hal.dll

\SystemRoot\system32\kdcom.dll

\SystemRoot\system32\mcupdate_GenuineIntel.dll

\SystemRoot\system32\PSHED.dll

\SystemRoot\system32\CLFS.SYS

\SystemRoot\system32\CI.dll

\SystemRoot\system32\drivers\Wdf01000.sys

\SystemRoot\system32\drivers\WDFLDR.SYS

\SystemRoot\system32\drivers\ACPI.sys

\SystemRoot\system32\drivers\WMILIB.SYS

\SystemRoot\system32\drivers\msisadrv.sys

\SystemRoot\system32\drivers\pci.sys

\SystemRoot\system32\drivers\vdrvroot.sys

\SystemRoot\System32\drivers\partmgr.sys

\SystemRoot\system32\drivers\volmgr.sys

\SystemRoot\System32\drivers\volmgrx.sys

\SystemRoot\system32\drivers\pciide.sys

\SystemRoot\system32\drivers\PCIIDEX.SYS

\SystemRoot\system32\DRIVERS\AiCharger.sys

\SystemRoot\System32\drivers\mountmgr.sys

\SystemRoot\system32\drivers\vmbus.sys

\SystemRoot\system32\drivers\winhv.sys

\SystemRoot\system32\drivers\atapi.sys

\SystemRoot\system32\drivers\ataport.SYS

\SystemRoot\system32\drivers\amdxata.sys

\SystemRoot\system32\drivers\fltmgr.sys

\SystemRoot\system32\drivers\fileinfo.sys

\SystemRoot\system32\DRIVERS\MpFilter.sys

\SystemRoot\System32\Drivers\Ntfs.sys

\SystemRoot\System32\Drivers\msrpc.sys

\SystemRoot\System32\Drivers\ksecdd.sys

\SystemRoot\System32\Drivers\cng.sys

\SystemRoot\System32\drivers\pcw.sys

\SystemRoot\System32\Drivers\Fs_Rec.sys

\SystemRoot\system32\drivers\ndis.sys

\SystemRoot\system32\drivers\NETIO.SYS

\SystemRoot\System32\Drivers\ksecpkg.sys

\SystemRoot\System32\drivers\tcpip.sys

\SystemRoot\System32\drivers\fwpkclnt.sys

\SystemRoot\system32\DRIVERS\scmndisp.sys

\SystemRoot\system32\drivers\vmstorfl.sys

\SystemRoot\system32\drivers\volsnap.sys

\SystemRoot\System32\Drivers\spldr.sys

\SystemRoot\System32\drivers\rdyboost.sys

\SystemRoot\System32\Drivers\mup.sys

\SystemRoot\System32\drivers\hwpolicy.sys

\SystemRoot\System32\DRIVERS\fvevol.sys

\SystemRoot\system32\DRIVERS\disk.sys

\SystemRoot\system32\DRIVERS\CLASSPNP.SYS

\SystemRoot\system32\DRIVERS\cdrom.sys

\SystemRoot\System32\Drivers\Null.SYS

\SystemRoot\System32\Drivers\Beep.SYS

\SystemRoot\System32\drivers\vga.sys

\SystemRoot\System32\drivers\VIDEOPRT.SYS

\SystemRoot\System32\drivers\watchdog.sys

\SystemRoot\System32\DRIVERS\RDPCDD.sys

\SystemRoot\system32\drivers\rdpencdd.sys

\SystemRoot\system32\drivers\rdprefmp.sys

\SystemRoot\System32\Drivers\Msfs.SYS

\SystemRoot\System32\Drivers\Npfs.SYS

\SystemRoot\system32\DRIVERS\tdx.sys

\SystemRoot\system32\DRIVERS\TDI.SYS

\SystemRoot\System32\DRIVERS\netbt.sys

\SystemRoot\system32\drivers\afd.sys

\SystemRoot\system32\DRIVERS\wfplwf.sys

\SystemRoot\system32\DRIVERS\pacer.sys

\SystemRoot\system32\DRIVERS\vwififlt.sys

\SystemRoot\system32\DRIVERS\netbios.sys

\SystemRoot\system32\DRIVERS\serial.sys

\SystemRoot\system32\DRIVERS\wanarp.sys

\SystemRoot\system32\drivers\termdd.sys

\SystemRoot\system32\DRIVERS\rdbss.sys

\SystemRoot\system32\drivers\nsiproxy.sys

\SystemRoot\system32\drivers\mssmbios.sys

\SystemRoot\System32\drivers\discache.sys

\SystemRoot\system32\drivers\csc.sys

\SystemRoot\System32\Drivers\dfsc.sys

\SystemRoot\system32\DRIVERS\blbdrive.sys

\SystemRoot\system32\DRIVERS\tunnel.sys

\SystemRoot\system32\DRIVERS\nvlddmkm.sys

\SystemRoot\System32\Drivers\nvBridge.kmd

\SystemRoot\System32\drivers\dxgkrnl.sys

\SystemRoot\System32\drivers\dxgmms1.sys

\SystemRoot\system32\DRIVERS\e1y60x64.sys

\SystemRoot\system32\DRIVERS\usbuhci.sys

\SystemRoot\system32\DRIVERS\USBPORT.SYS

\SystemRoot\system32\DRIVERS\usbehci.sys

\SystemRoot\system32\drivers\HDAudBus.sys

\SystemRoot\system32\drivers\1394ohci.sys

\SystemRoot\system32\DRIVERS\serenum.sys

\SystemRoot\system32\DRIVERS\parport.sys

\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys

\SystemRoot\system32\DRIVERS\intelppm.sys

\SystemRoot\system32\drivers\CompositeBus.sys

\SystemRoot\system32\drivers\windrvr6.sys

\SystemRoot\system32\drivers\USBD.SYS

\SystemRoot\system32\DRIVERS\AgileVpn.sys

\SystemRoot\system32\DRIVERS\rasl2tp.sys

\SystemRoot\system32\DRIVERS\ndistapi.sys

\SystemRoot\system32\DRIVERS\ndiswan.sys

\SystemRoot\system32\DRIVERS\raspppoe.sys

\SystemRoot\system32\DRIVERS\raspptp.sys

\SystemRoot\system32\DRIVERS\rassstp.sys

\SystemRoot\system32\DRIVERS\rdpbus.sys

\SystemRoot\system32\DRIVERS\kbdclass.sys

\SystemRoot\system32\DRIVERS\mouclass.sys

\SystemRoot\system32\drivers\swenum.sys

\SystemRoot\system32\drivers\ks.sys

\SystemRoot\system32\DRIVERS\umbus.sys

\SystemRoot\system32\DRIVERS\usbhub.sys

\SystemRoot\System32\Drivers\NDProxy.SYS

\SystemRoot\system32\drivers\RTKVHD64.sys

\SystemRoot\system32\drivers\portcls.sys

\SystemRoot\system32\drivers\drmk.sys

\SystemRoot\system32\drivers\ksthunk.sys

\SystemRoot\System32\win32k.sys

\SystemRoot\System32\drivers\Dxapi.sys

\SystemRoot\system32\DRIVERS\usbscan.sys

\SystemRoot\system32\DRIVERS\cdfs.sys

\SystemRoot\system32\DRIVERS\hidusb.sys

\SystemRoot\system32\DRIVERS\HIDCLASS.SYS

\SystemRoot\system32\DRIVERS\HIDPARSE.SYS

\SystemRoot\system32\DRIVERS\kbdhid.sys

\SystemRoot\system32\DRIVERS\mouhid.sys

\SystemRoot\system32\DRIVERS\usbccgp.sys

\SystemRoot\System32\Drivers\crashdmp.sys

\SystemRoot\System32\Drivers\dump_dumpata.sys

\SystemRoot\System32\Drivers\dump_atapi.sys

\SystemRoot\System32\Drivers\dump_dumpfve.sys

\SystemRoot\system32\DRIVERS\monitor.sys

\SystemRoot\System32\TSDDD.dll

\SystemRoot\System32\cdd.dll

\SystemRoot\System32\ATMFD.DLL

\SystemRoot\system32\drivers\luafv.sys

\??\C:\Windows\system32\drivers\mbam.sys

\SystemRoot\system32\DRIVERS\lltdio.sys

\SystemRoot\system32\DRIVERS\nwifi.sys

\SystemRoot\system32\DRIVERS\ndisuio.sys

\SystemRoot\system32\DRIVERS\rspndr.sys

\SystemRoot\system32\drivers\HTTP.sys

\SystemRoot\system32\DRIVERS\bowser.sys

\SystemRoot\System32\drivers\mpsdrv.sys

\SystemRoot\system32\DRIVERS\mrxsmb.sys

\SystemRoot\system32\DRIVERS\mrxsmb10.sys

\SystemRoot\system32\DRIVERS\mrxsmb20.sys

\??\C:\Windows\system32\drivers\dokan.sys

\SystemRoot\system32\DRIVERS\NisDrvWFP.sys

\SystemRoot\system32\drivers\peauth.sys

\SystemRoot\System32\Drivers\secdrv.SYS

\SystemRoot\System32\DRIVERS\srvnet.sys

\SystemRoot\System32\drivers\tcpipreg.sys

\SystemRoot\System32\DRIVERS\srv2.sys

\SystemRoot\System32\DRIVERS\srv.sys

\SystemRoot\system32\DRIVERS\asyncmac.sys

\SystemRoot\system32\drivers\WudfPf.sys

\SystemRoot\System32\Drivers\usbaapl64.sys

\SystemRoot\system32\DRIVERS\ssudbus.sys

\SystemRoot\system32\DRIVERS\USBSTOR.SYS

\SystemRoot\system32\DRIVERS\ssudmdm.sys

\SystemRoot\system32\drivers\modem.sys

\SystemRoot\system32\DRIVERS\WUDFRd.sys

\SystemRoot\system32\DRIVERS\WinUsb.sys

\??\C:\Windows\system32\drivers\mbamchameleon.sys

\??\C:\Windows\system32\drivers\mbamswissarmy.sys

\Windows\System32\ntdll.dll

\Windows\System32\smss.exe

\Windows\System32\apisetschema.dll

\Windows\System32\autochk.exe

\Windows\System32\shell32.dll

\Windows\System32\shlwapi.dll

\Windows\System32\ole32.dll

\Windows\System32\kernel32.dll

\Windows\System32\rpcrt4.dll

\Windows\System32\normaliz.dll

\Windows\System32\nsi.dll

\Windows\System32\usp10.dll

\Windows\System32\comdlg32.dll

\Windows\System32\psapi.dll

\Windows\System32\difxapi.dll

\Windows\System32\sechost.dll

\Windows\System32\gdi32.dll

\Windows\System32\oleaut32.dll

\Windows\System32\Wldap32.dll

\Windows\System32\msvcrt.dll

\Windows\System32\imagehlp.dll

\Windows\System32\user32.dll

\Windows\System32\urlmon.dll

\Windows\System32\clbcatq.dll

\Windows\System32\iertutil.dll

\Windows\System32\imm32.dll

\Windows\System32\wininet.dll

\Windows\System32\setupapi.dll

\Windows\System32\msctf.dll

\Windows\System32\ws2_32.dll

\Windows\System32\lpk.dll

\Windows\System32\advapi32.dll

\Windows\System32\crypt32.dll

\Windows\System32\cfgmgr32.dll

\Windows\System32\KernelBase.dll

\Windows\System32\comctl32.dll

\Windows\System32\wintrust.dll

\Windows\System32\devobj.dll

\Windows\System32\msasn1.dll

\Windows\SysWOW64\normaliz.dll

----------- End -----------

Done!

<<<1>>>

Upper Device Name: \Device\Harddisk2\DR4

Upper Device Object: 0xfffffa80067c7210

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\000000a4\

Lower Device Object: 0xfffffa800705f3c0

Lower Device Driver Name: \Driver\USBSTOR\

<<<1>>>

Upper Device Name: \Device\Harddisk1\DR3

Upper Device Object: 0xfffffa8006c69640

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\000000a3\

Lower Device Object: 0xfffffa80046f88f0

Lower Device Driver Name: \Driver\USBSTOR\

<<<1>>>

Upper Device Name: \Device\Harddisk0\DR0

Upper Device Object: 0xfffffa8004b5a060

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\Ide\IdeDeviceP3T0L0-3\

Lower Device Object: 0xfffffa8004a17060

Lower Device Driver Name: \00000733\

IRP handler 0 of \Driver\atapi points to an unknown module

Unhooking enabled.

<<<1>>>

Upper Device Name: \Device\Harddisk2\DR4

Upper Device Object: 0xfffffa80067c7210

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\000000a4\

Lower Device Object: 0xfffffa800705f3c0

Lower Device Driver Name: \Driver\USBSTOR\

Driver name found: USBSTOR

Initialization returned 0x0

Load Function returned 0x0

<<<1>>>

Upper Device Name: \Device\Harddisk1\DR3

Upper Device Object: 0xfffffa8006c69640

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\000000a3\

Lower Device Object: 0xfffffa80046f88f0

Lower Device Driver Name: \Driver\USBSTOR\

Driver name found: USBSTOR

<<<1>>>

Upper Device Name: \Device\Harddisk0\DR0

Upper Device Object: 0xfffffa8004b5a060

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\Ide\IdeDeviceP3T0L0-3\

Lower Device Object: 0xfffffa8004a17060

Lower Device Driver Name: \00000733\

Driver name found: atapi

Initialization returned 0x0

Port sub-driver loaded: \??\C:\Windows\System32\drivers\ataport.sys (0x0)

Load Function returned 0x0

<<<2>>>

Device number: 0, partition: 1

Physical Sector Size: 512

Drive: 0, DevicePointer: 0xfffffa8004b5a060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa8004b59560, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa8004b5a060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa8004a17060, DeviceName: \Device\Ide\IdeDeviceP3T0L0-3\, DriverName: \00000733\

------------ End ----------

Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

Upper DeviceData: 0xfffff8a00e0850e0, 0xfffffa8004b5a060, 0xfffffa8005101090

Lower DeviceData: 0xfffff8a013764300, 0xfffffa8004a17060, 0xfffffa8006020650

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

<<<2>>>

Device number: 0, partition: 1

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Scanning drivers directory: C:\Windows\system32\drivers...

<<<2>>>

Device number: 0, partition: 1

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Done!

Drive 0

Scanning MBR on drive 0...

MBR buffers are not equal

MBR is forged! []

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: 6BF76BF7

Partition information:

Partition 0 type is Primary (0x7)

Partition is ACTIVE.

Partition starts at LBA: 63 Numsec = 1953503937

Partition file system is NTFS

Partition is bootable

Partition 1 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Replacement MBR for a drive 0 found

MBR infection found on drive 0

Disk Size: 1000204886016 bytes

Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-1953505168-1953525168)...

Sectors 1953524880 - 1953524903 --> [Forged physical sectors]

Done!

Physical Sector Size: 0

Drive: 1, DevicePointer: 0xfffffa8006c69640, DeviceName: \Device\Harddisk1\DR3\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa800788e320, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa8006c69640, DeviceName: \Device\Harddisk1\DR3\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa80046f88f0, DeviceName: \Device\000000a3\, DriverName: \Driver\USBSTOR\

------------ End ----------

Physical Sector Size: 0

Drive: 2, DevicePointer: 0xfffffa80067c7210, DeviceName: \Device\Harddisk2\DR4\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa8007fc7480, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa80067c7210, DeviceName: \Device\Harddisk2\DR4\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa800705f3c0, DeviceName: \Device\000000a4\, DriverName: \Driver\USBSTOR\

------------ End ----------

Scan finished

Creating System Restore point...

Cleaning up...

<<<2>>>

Device number: 0, partition: 1

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

<<<2>>>

Device number: 0, partition: 1

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

<<<2>>>

Device number: 0, partition: 1

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Removal scheduling successful. System shutdown needed.

System shutdown occurred

=======================================

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.06.0.1003

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 9.0.8112.16421

Java version: 1.6.0_31

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED

CPU speed: 2.600000 GHz

Memory total: 4224532480, free: 2389467136

Initializing...

------------ Kernel report ------------

06/11/2013 19:51:08

------------ Loaded modules -----------

\SystemRoot\system32\ntoskrnl.exe

\SystemRoot\system32\hal.dll

\SystemRoot\system32\kdcom.dll

\SystemRoot\system32\mcupdate_GenuineIntel.dll

\SystemRoot\system32\PSHED.dll

\SystemRoot\system32\CLFS.SYS

\SystemRoot\system32\CI.dll

\SystemRoot\system32\drivers\Wdf01000.sys

\SystemRoot\system32\drivers\WDFLDR.SYS

\SystemRoot\system32\drivers\ACPI.sys

\SystemRoot\system32\drivers\WMILIB.SYS

\SystemRoot\system32\drivers\msisadrv.sys

\SystemRoot\system32\drivers\pci.sys

\SystemRoot\system32\drivers\vdrvroot.sys

\SystemRoot\System32\drivers\partmgr.sys

\SystemRoot\system32\drivers\volmgr.sys

\SystemRoot\System32\drivers\volmgrx.sys

\SystemRoot\system32\drivers\pciide.sys

\SystemRoot\system32\drivers\PCIIDEX.SYS

\SystemRoot\system32\DRIVERS\AiCharger.sys

\SystemRoot\System32\drivers\mountmgr.sys

\SystemRoot\system32\drivers\vmbus.sys

\SystemRoot\system32\drivers\winhv.sys

\SystemRoot\system32\drivers\atapi.sys

\SystemRoot\system32\drivers\ataport.SYS

\SystemRoot\system32\drivers\amdxata.sys

\SystemRoot\system32\drivers\fltmgr.sys

\SystemRoot\system32\drivers\fileinfo.sys

\SystemRoot\system32\DRIVERS\MpFilter.sys

\SystemRoot\System32\Drivers\Ntfs.sys

\SystemRoot\System32\Drivers\msrpc.sys

\SystemRoot\System32\Drivers\ksecdd.sys

\SystemRoot\System32\Drivers\cng.sys

\SystemRoot\System32\drivers\pcw.sys

\SystemRoot\System32\Drivers\Fs_Rec.sys

\SystemRoot\system32\drivers\ndis.sys

\SystemRoot\system32\drivers\NETIO.SYS

\SystemRoot\System32\Drivers\ksecpkg.sys

\SystemRoot\System32\drivers\tcpip.sys

\SystemRoot\System32\drivers\fwpkclnt.sys

\SystemRoot\system32\DRIVERS\scmndisp.sys

\SystemRoot\system32\drivers\vmstorfl.sys

\SystemRoot\system32\drivers\volsnap.sys

\SystemRoot\System32\Drivers\spldr.sys

\SystemRoot\System32\drivers\rdyboost.sys

\SystemRoot\System32\Drivers\mup.sys

\SystemRoot\System32\drivers\hwpolicy.sys

\SystemRoot\System32\DRIVERS\fvevol.sys

\SystemRoot\system32\DRIVERS\disk.sys

\SystemRoot\system32\DRIVERS\CLASSPNP.SYS

\SystemRoot\system32\DRIVERS\cdrom.sys

\SystemRoot\System32\Drivers\Null.SYS

\SystemRoot\System32\Drivers\Beep.SYS

\SystemRoot\System32\drivers\vga.sys

\SystemRoot\System32\drivers\VIDEOPRT.SYS

\SystemRoot\System32\drivers\watchdog.sys

\SystemRoot\System32\DRIVERS\RDPCDD.sys

\SystemRoot\system32\drivers\rdpencdd.sys

\SystemRoot\system32\drivers\rdprefmp.sys

\SystemRoot\System32\Drivers\Msfs.SYS

\SystemRoot\System32\Drivers\Npfs.SYS

\SystemRoot\system32\DRIVERS\tdx.sys

\SystemRoot\system32\DRIVERS\TDI.SYS

\SystemRoot\System32\DRIVERS\netbt.sys

\SystemRoot\system32\drivers\afd.sys

\SystemRoot\system32\DRIVERS\wfplwf.sys

\SystemRoot\system32\DRIVERS\pacer.sys

\SystemRoot\system32\DRIVERS\vwififlt.sys

\SystemRoot\system32\DRIVERS\netbios.sys

\SystemRoot\system32\DRIVERS\serial.sys

\SystemRoot\system32\DRIVERS\wanarp.sys

\SystemRoot\system32\drivers\termdd.sys

\SystemRoot\system32\DRIVERS\rdbss.sys

\SystemRoot\system32\drivers\nsiproxy.sys

\SystemRoot\system32\drivers\mssmbios.sys

\SystemRoot\System32\drivers\discache.sys

\SystemRoot\system32\drivers\csc.sys

\SystemRoot\System32\Drivers\dfsc.sys

\SystemRoot\system32\DRIVERS\blbdrive.sys

\SystemRoot\system32\DRIVERS\tunnel.sys

\SystemRoot\system32\DRIVERS\nvlddmkm.sys

\SystemRoot\System32\Drivers\nvBridge.kmd

\SystemRoot\System32\drivers\dxgkrnl.sys

\SystemRoot\System32\drivers\dxgmms1.sys

\SystemRoot\system32\DRIVERS\e1y60x64.sys

\SystemRoot\system32\DRIVERS\usbuhci.sys

\SystemRoot\system32\DRIVERS\USBPORT.SYS

\SystemRoot\system32\DRIVERS\usbehci.sys

\SystemRoot\system32\drivers\HDAudBus.sys

\SystemRoot\system32\drivers\1394ohci.sys

\SystemRoot\system32\DRIVERS\serenum.sys

\SystemRoot\system32\DRIVERS\parport.sys

\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys

\SystemRoot\system32\DRIVERS\intelppm.sys

\SystemRoot\system32\drivers\CompositeBus.sys

\SystemRoot\system32\drivers\windrvr6.sys

\SystemRoot\system32\drivers\USBD.SYS

\SystemRoot\system32\DRIVERS\AgileVpn.sys

\SystemRoot\system32\DRIVERS\rasl2tp.sys

\SystemRoot\system32\DRIVERS\ndistapi.sys

\SystemRoot\system32\DRIVERS\ndiswan.sys

\SystemRoot\system32\DRIVERS\raspppoe.sys

\SystemRoot\system32\DRIVERS\raspptp.sys

\SystemRoot\system32\DRIVERS\rassstp.sys

\SystemRoot\system32\DRIVERS\rdpbus.sys

\SystemRoot\system32\DRIVERS\kbdclass.sys

\SystemRoot\system32\DRIVERS\mouclass.sys

\SystemRoot\system32\drivers\swenum.sys

\SystemRoot\system32\drivers\ks.sys

\SystemRoot\system32\DRIVERS\umbus.sys

\SystemRoot\system32\DRIVERS\usbhub.sys

\SystemRoot\System32\Drivers\NDProxy.SYS

\SystemRoot\system32\drivers\RTKVHD64.sys

\SystemRoot\system32\drivers\portcls.sys

\SystemRoot\system32\drivers\drmk.sys

\SystemRoot\system32\drivers\ksthunk.sys

\SystemRoot\System32\win32k.sys

\SystemRoot\System32\drivers\Dxapi.sys

\SystemRoot\system32\DRIVERS\monitor.sys

\SystemRoot\System32\Drivers\usbaapl64.sys

\SystemRoot\system32\DRIVERS\cdfs.sys

\SystemRoot\system32\DRIVERS\usbscan.sys

\SystemRoot\system32\DRIVERS\ssudbus.sys

\SystemRoot\system32\DRIVERS\hidusb.sys

\SystemRoot\system32\DRIVERS\HIDCLASS.SYS

\SystemRoot\system32\DRIVERS\HIDPARSE.SYS

\SystemRoot\system32\DRIVERS\usbccgp.sys

\SystemRoot\system32\DRIVERS\USBSTOR.SYS

\SystemRoot\system32\DRIVERS\ssudmdm.sys

\SystemRoot\system32\drivers\modem.sys

\SystemRoot\system32\DRIVERS\kbdhid.sys

\SystemRoot\system32\DRIVERS\mouhid.sys

\SystemRoot\System32\TSDDD.dll

\SystemRoot\System32\Drivers\crashdmp.sys

\SystemRoot\System32\Drivers\dump_dumpata.sys

\SystemRoot\System32\Drivers\dump_atapi.sys

\SystemRoot\System32\Drivers\dump_dumpfve.sys

\SystemRoot\System32\cdd.dll

\SystemRoot\System32\ATMFD.DLL

\SystemRoot\system32\drivers\luafv.sys

\??\C:\Windows\system32\drivers\mbam.sys

\SystemRoot\system32\DRIVERS\lltdio.sys

\SystemRoot\system32\DRIVERS\nwifi.sys

\SystemRoot\system32\DRIVERS\ndisuio.sys

\SystemRoot\system32\DRIVERS\rspndr.sys

\SystemRoot\system32\drivers\HTTP.sys

\SystemRoot\system32\DRIVERS\bowser.sys

\SystemRoot\System32\drivers\mpsdrv.sys

\SystemRoot\system32\DRIVERS\mrxsmb.sys

\SystemRoot\system32\DRIVERS\mrxsmb10.sys

\SystemRoot\system32\DRIVERS\mrxsmb20.sys

\??\C:\Windows\system32\drivers\dokan.sys

\SystemRoot\system32\DRIVERS\NisDrvWFP.sys

\SystemRoot\system32\drivers\peauth.sys

\SystemRoot\System32\Drivers\secdrv.SYS

\SystemRoot\System32\DRIVERS\srvnet.sys

\SystemRoot\System32\drivers\tcpipreg.sys

\SystemRoot\System32\DRIVERS\srv2.sys

\SystemRoot\System32\DRIVERS\srv.sys

\SystemRoot\system32\drivers\WudfPf.sys

\SystemRoot\system32\DRIVERS\WUDFRd.sys

\??\C:\Windows\system32\drivers\mbamchameleon.sys

\??\C:\Windows\system32\drivers\mbamswissarmy.sys

\Windows\System32\ntdll.dll

\Windows\System32\smss.exe

\Windows\System32\apisetschema.dll

\Windows\System32\autochk.exe

\Windows\System32\advapi32.dll

\Windows\System32\msctf.dll

\Windows\System32\ws2_32.dll

\Windows\System32\imagehlp.dll

\Windows\System32\comdlg32.dll

\Windows\System32\clbcatq.dll

\Windows\System32\usp10.dll

\Windows\System32\imm32.dll

\Windows\System32\oleaut32.dll

\Windows\System32\psapi.dll

\Windows\System32\sechost.dll

\Windows\System32\msvcrt.dll

\Windows\System32\wininet.dll

\Windows\System32\setupapi.dll

\Windows\System32\nsi.dll

\Windows\System32\Wldap32.dll

\Windows\System32\normaliz.dll

\Windows\System32\kernel32.dll

\Windows\System32\lpk.dll

\Windows\System32\shell32.dll

\Windows\System32\ole32.dll

\Windows\System32\difxapi.dll

\Windows\System32\urlmon.dll

\Windows\System32\iertutil.dll

\Windows\System32\rpcrt4.dll

\Windows\System32\gdi32.dll

\Windows\System32\shlwapi.dll

\Windows\System32\user32.dll

\Windows\System32\crypt32.dll

\Windows\System32\comctl32.dll

\Windows\System32\cfgmgr32.dll

\Windows\System32\KernelBase.dll

\Windows\System32\wintrust.dll

\Windows\System32\devobj.dll

\Windows\System32\msasn1.dll

\Windows\SysWOW64\normaliz.dll

----------- End -----------

Done!

<<<1>>>

Upper Device Name: \Device\Harddisk2\DR2

Upper Device Object: 0xfffffa80068a6060

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\00000090\

Lower Device Object: 0xfffffa8004525060

Lower Device Driver Name: \Driver\USBSTOR\

<<<1>>>

Upper Device Name: \Device\Harddisk1\DR1

Upper Device Object: 0xfffffa80068a3430

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\0000008f\

Lower Device Object: 0xfffffa80066db060

Lower Device Driver Name: \Driver\USBSTOR\

<<<1>>>

Upper Device Name: \Device\Harddisk0\DR0

Upper Device Object: 0xfffffa8004b77410

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\Ide\IdeDeviceP3T0L0-4\

Lower Device Object: 0xfffffa8004a38680

Lower Device Driver Name: \Driver\atapi\

<<<2>>>

Device number: 0, partition: 1

Physical Sector Size: 512

Drive: 0, DevicePointer: 0xfffffa8004b77410, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa8004b78040, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa8004b77410, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa8004a38680, DeviceName: \Device\Ide\IdeDeviceP3T0L0-4\, DriverName: \Driver\atapi\

------------ End ----------

Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

Upper DeviceData: 0x0, 0x0, 0x0

Lower DeviceData: 0x0, 0x0, 0x0

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

<<<2>>>

Device number: 0, partition: 1

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Scanning drivers directory: C:\Windows\system32\drivers...

<<<2>>>

Device number: 0, partition: 1

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

Well Done, lets run ComboFix to clear up any leftovers.

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.