Sauur Posted July 2, 2013 ID:697746 Share Posted July 2, 2013 I've noticed my computer is doing weird things and my e-mail was recently 'hacked' into and sent out a nasty e-mail to people. I don't know if its some kind of key logger thing or not but it was pretty awkward. I also get a weird pop saying stuff is out of date, I've been screwed by viruses before so I don't click on anything to update. (Its not windows). Any help would be appreciated! DDS - DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 10.0.9200.16611 BrowserJavaVersion: 10.21.2Run by Alex at 21:53:49 on 2013-07-01Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3058.1645 [GMT -5:00].AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}.============== Running Processes ================.C:\windows\system32\wininit.exeC:\windows\system32\lsm.exeC:\windows\system32\nvvsvc.exeC:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exec:\Program Files\Microsoft Security Client\MsMpEng.exeC:\Program Files\NVIDIA Corporation\Display\nvxdsync.exeC:\windows\system32\nvvsvc.exeC:\windows\System32\spoolsv.exeC:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exeC:\windows\system32\Dwm.exeC:\windows\system32\taskhost.exeC:\windows\Explorer.EXEC:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\LogMeIn Hamachi\hamachi-2.exeC:\Windows\system32\IProsetMonitor.exeC:\Program Files\Google\Update\1.3.21.145\GoogleCrashHandler.exeC:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exec:\Program Files\Common Files\Protexis\License Service\PsiService_2.exeC:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exeC:\Program Files\Spybot - Search & Destroy\SDWinSec.exeC:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exeC:\Program Files\NVIDIA Corporation\Display\nvtray.exec:\Program Files\Microsoft Security Client\NisSrv.exeC:\windows\System32\alg.exeC:\windows\system32\SearchIndexer.exeC:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exeC:\windows\System32\WUDFHost.exeC:\Program Files\Microsoft Office\Office12\GrooveMonitor.exeC:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exeC:\Program Files\Microsoft Security Client\msseces.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Program Files\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exeC:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exeC:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exeC:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exeC:\windows\system32\conhost.exeC:\windows\system32\wuauclt.exeC:\windows\system32\taskhost.exeC:\Program Files\Steam\steam.exeC:\Program Files\Common Files\Steam\SteamService.exeC:\Users\Alex\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Alex\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Alex\AppData\Local\Google\Chrome\Application\chrome.exeC:\Program Files\Microsoft Office\Office12\WINWORD.EXEC:\Users\Alex\AppData\Local\Google\Chrome\Application\chrome.exeC:\windows\system32\taskeng.exeC:\Users\Alex\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Alex\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Alex\AppData\Local\Google\Chrome\Application\chrome.exeC:\windows\system32\conhost.exeC:\windows\system32\wbem\wmiprvse.exeC:\windows\system32\svchost.exe -k DcomLaunchC:\windows\system32\svchost.exe -k RPCSSC:\windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\windows\system32\svchost.exe -k LocalServiceC:\windows\system32\svchost.exe -k netsvcsC:\windows\system32\svchost.exe -k NetworkServiceC:\windows\system32\svchost.exe -k LocalServiceNoNetworkC:\windows\system32\svchost.exe -k imgsvcC:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\windows\System32\svchost.exe -k LocalServicePeerNet.============== Pseudo HJT Report ===============.uStart Page = about:blankuDefault_Page_URL = hxxp:\\www.altex.com\uURLSearchHooks: {37153479-1976-43c3-a1ee-557513977b64} - <orphaned>BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dllBHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dllBHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dllBHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dllBHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dlluRun: [Advanced SystemCare 5] "c:\program files\iobit\advanced systemcare 5\ASCTray.exe" /AutoStartuRun: [Google Update] "c:\users\alex\appdata\local\google\update\GoogleUpdate.exe" /cuRun: [steam] "c:\program files\steam\Steam.exe" -silentuRun: [skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrunuRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil32_11_6_602_180_Plugin.exe -update pluginmRun: [iMSS] "c:\program files\intel\intel® management engine components\imss\PIconStartup.exe"mRun: [NUSB3MON] "c:\program files\renesas electronics\usb 3.0 host controller driver\application\nusb3mon.exe"mRun: [RTHDVCPL] c:\program files\realtek\audio\hda\RtHDVCpl.exe -smRun: [QuickFinder Scheduler] "c:\program files\corel\wordperfect office x5\programs\QFSCHD150.EXE"mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"mRun: [sprint SmartView] "c:\program files\sprint\sprint smartview\SprintSV.exe" -amRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"mRun: [igfxTray] c:\windows\system32\igfxtray.exemRun: [HotKeysCmds] c:\windows\system32\hkcmd.exemRun: [Persistence] c:\windows\system32\igfxpers.exemRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkeymRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"mRun: [LogMeIn Hamachi Ui] "c:\program files\logmein hamachi\hamachi-2-ui.exe" --auto-startmPolicies-System: ConsentPromptBehaviorAdmin = dword:5mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableUIADesktopToggle = dword:0IE: Copy to &Lightning Note - c:\program files\corel\wordperfect lightning\programs\WPLightningCopyToNote.htaIE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000IE: Open with WordPerfect - c:\program files\corel\wordperfect office x5\programs\WPLauncher.htaIE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dllIE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}.INFO: HKCU has more than 50 listed domains.If you wish to scan all of them, select the 'Force scan all domains' option...INFO: HKLM has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option..TCP: NameServer = 192.168.0.1TCP: Interfaces\{D7C22393-3CA8-4985-A846-B50BB2D5EF69} : DHCPNameServer = 192.168.0.1Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dllHandler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dllHandler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dllNotify: igfxcui - igfxdev.dllSSODL: WebCheck - <orphaned>SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dllHosts: 127.0.0.1 www.spywareinfo.com.================= FIREFOX ===================.FF - ProfilePath - c:\users\alex\appdata\roaming\mozilla\firefox\profiles\ex57hmos.default\FF - prefs.js: browser.search.defaulturl - FF - prefs.js: network.proxy.http - 127.0.0.1FF - prefs.js: network.proxy.http_port - 55818FF - prefs.js: network.proxy.type - 0FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dllFF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dllFF - plugin: c:\program files\google\update\1.3.21.145\npGoogleUpdate3.dllFF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dllFF - plugin: c:\program files\microsoft silverlight\5.1.20125.0\npctrlui.dllFF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dllFF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dllFF - plugin: c:\users\alex\appdata\local\google\update\1.3.21.145\npGoogleUpdate3.dllFF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_6_602_180.dllFF - plugin: c:\windows\system32\npDeployJava1.dllFF - plugin: c:\windows\system32\npmproxy.dll.---- FIREFOX POLICIES ----.FF - user.js: extensions.delta.tlbrSrchUrl - FF - user.js: extensions.delta.id - 7c07e57000000000000000224d501385FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}FF - user.js: extensions.delta.instlDay - 15753FF - user.js: extensions.delta.vrsn - 1.8.10.0FF - user.js: extensions.delta.vrsni - 1.8.10.0FF - user.js: extensions.delta.vrsnTs - 1.8.10.023:42:36FF - user.js: extensions.delta.prtnrId - deltaFF - user.js: extensions.delta.prdct - deltaFF - user.js: extensions.delta.aflt - babsstFF - user.js: extensions.delta.smplGrp - noneFF - user.js: extensions.delta.tlbrId - baseFF - user.js: extensions.delta.instlRef - sstFF - user.js: extensions.delta.dfltLng - enFF - user.js: extensions.delta.excTlbr - falseFF - user.js: extensions.delta.admin - falseFF - user.js: extensions.delta.autoRvrt - falseFF - user.js: extensions.delta.rvrt - falseFF - user.js: extensions.delta.newTab - false...============= SERVICES / DRIVERS ===============.R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-1-20 195296]R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\logmein hamachi\hamachi-2.exe [2013-5-15 1435984]R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IPROSetMonitor.exe [2011-6-1 109728]R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-9-20 418376]R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-9-20 701512]R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-8-30 100328]R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-11-26 1153368]R2 Skype C2C Service;Skype C2C Service;c:\programdata\skype\toolbars\skype c2c service\c2c_service.exe [2013-5-14 3289208]R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2013-1-18 383264]R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files\intel\intel® management engine components\uns\UNS.exe [2011-6-1 2656536]R3 IntcDAud;Intel® Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2010-10-15 269824]R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-8-24 22856]R3 MEI;Intel® Management Engine Interface;c:\windows\system32\drivers\HECI.sys [2011-6-1 41088]R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2013-1-27 295232]R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [2011-4-13 67456]R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [2011-4-13 161024]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\sitead~1\mcsacore.exe --> c:\progra~1\mcafee\sitead~1\mcsacore.exe [?]S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]S3 CASprint;Sprint Con App Svc;c:\program files\sprint\sprint smartview\ConAppsSvc.exe [2008-10-15 124160]S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\dragon age\bin_ship\daupdatersvc.service.exe [2013-1-27 25832]S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2011-6-1 62464]S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-1 52224]S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2011-6-1 27264]S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-6-1 1343400].=============== File Associations ===============.ShellExec: LightningViewer.exe: View="c:\program files\corel\wordperfect lightning\programs\LightningNavigator.exe" "-ViewDocument" "%1".=============== Created Last 30 ================.2013-07-01 23:40:43 7068072 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{0d743444-4c01-4b6a-9ef3-c7dcb46442aa}\mpengine.dll2013-06-30 23:39:58 7068072 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{97315e72-ab10-438d-9d4e-e0fc0784bc05}\mpengine.dll2013-06-30 23:39:58 7068072 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll2013-06-29 03:52:05 -------- d-----w- c:\users\alex\appdata\roaming\DefendersQuest2013-06-21 23:41:44 724464 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{2ad79a6d-581d-4280-8d83-d49a086d03f8}\gapaengine.dll2013-06-18 08:16:55 2706432 ----a-w- c:\windows\system32\mshtml.tlb2013-06-18 08:16:54 218112 ----a-w- c:\program files\internet explorer\sqmapi.dll2013-06-18 05:24:05 724464 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{46197308-93d7-4013-8d47-3da0c25671e6}\gapaengine.dll2013-06-18 05:20:01 1505280 ----a-w- c:\windows\system32\d3d11.dll2013-06-18 05:19:58 24576 ----a-w- c:\windows\system32\cryptdlg.dll2013-06-18 05:19:34 492544 ----a-w- c:\windows\system32\win32spl.dll2013-06-18 05:19:28 903168 ----a-w- c:\windows\system32\certutil.exe2013-06-18 05:19:27 43008 ----a-w- c:\windows\system32\certenc.dll2013-06-18 05:19:27 140288 ----a-w- c:\windows\system32\cryptsvc.dll2013-06-18 05:19:27 1160192 ----a-w- c:\windows\system32\crypt32.dll2013-06-18 05:19:27 103936 ----a-w- c:\windows\system32\cryptnet.dll2013-06-18 05:19:17 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll2013-06-18 05:17:53 3968872 ----a-w- c:\windows\system32\ntkrnlpa.exe2013-06-18 05:17:53 3913576 ----a-w- c:\windows\system32\ntoskrnl.exe2013-06-18 05:17:50 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys2013-06-13 06:18:52 -------- d-----w- c:\program files\Coupons.com CouponBar.==================== Find3M ====================.2013-05-17 01:25:57 1767936 ----a-w- c:\windows\system32\wininet.dll2013-05-17 01:25:27 2877440 ----a-w- c:\windows\system32\jscript9.dll2013-05-17 01:25:26 61440 ----a-w- c:\windows\system32\iesetup.dll2013-05-17 01:25:26 109056 ----a-w- c:\windows\system32\iesysprep.dll2013-05-17 00:59:51 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll2013-05-17 00:59:45 866720 ----a-w- c:\windows\system32\npDeployJava1.dll2013-05-17 00:59:45 788896 ----a-w- c:\windows\system32\deployJava1.dll2013-05-14 08:40:13 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe2013-05-02 15:28:50 238872 ------w- c:\windows\system32\MpSigStub.exe2013-04-13 04:45:16 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll2013-04-13 04:45:15 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll2013-04-12 13:45:29 1211752 ----a-w- c:\windows\system32\drivers\ntfs.sys2013-04-10 05:18:40 728424 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys2013-04-10 05:18:40 218984 ----a-w- c:\windows\system32\drivers\dxgmms1.sys2013-04-10 03:14:06 2347520 ----a-w- c:\windows\system32\win32k.sys2013-04-04 19:50:32 22856 ----a-w- c:\windows\system32\drivers\mbam.sys.============= FINISH: 21:54:34.71 =============== ATTACH - UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows 7 Professional Boot Device: \Device\HarddiskVolume1Install Date: 8/16/2011 2:27:04 PMSystem Uptime: 6/20/2013 6:29:07 PM (267 hours ago).Motherboard: Intel Corporation | | DQ67SWProcessor: Intel® Core i5-2400 CPU @ 3.10GHz | SKTH | 3101/100mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 457 GiB total, 128.533 GiB free.D: is CDROM ()E: is RemovableF: is RemovableG: is RemovableH: is RemovableI: is RemovableJ: is Removable.==== Disabled Device Manager Items =============.==== System Restore Points ===================.RP246: 6/18/2013 12:04:00 AM - Restore OperationRP247: 6/18/2013 12:21:57 AM - Windows UpdateRP248: 6/18/2013 3:01:14 AM - Windows UpdateRP249: 6/21/2013 6:40:25 PM - Windows UpdateRP250: 6/25/2013 6:40:31 PM - Windows UpdateRP251: 6/28/2013 3:00:30 AM - Windows UpdateRP252: 7/1/2013 6:39:57 PM - Windows Update.==== Installed Programs ======================.Adobe AIRAdobe Flash Player 10 ActiveXAdobe Flash Player 11 PluginAdobe Reader X (10.1.2)Adventure ToolsAdvertising CenterApple Application SupportApple Mobile Device SupportApple Software UpdateBonjourCBLoaderCharacter BuilderCharacter Builder BetaCorel WordPerfect Office - iFilterCoupon Printer for WindowsDefender's Quest: Valley of the ForgottenDiablo III BetaDolbyFilesDragon Age: OriginsDragonsphereDungeon Defenders DemoEA InstallerEA Shared Game Component: Activationgamelauncher-ps2-liveGoogle ChromeGoogle EarthGoogle Update HelperGratuitous Space BattlesGratuitous Space Battles DemoGuardians Of Graxia DemoGuild Wars 2ImagXpressIntel® Management Engine ComponentsIntel® Network Connections 16.2.49.0Intel® Processor GraphicsiTunesJava 7 Update 21Java Auto UpdaterJava 6 Update 31League of LegendsLeft 4 Dead 2LogMeIn HamachiMagic: The Gathering – TacticsMagickaMalwarebytes Anti-Malware version 1.75.0.1300Master of Orion 1 and 2MechWarrior OnlineMenu Templates - Starter KitMicrosoft .NET Framework 4 Client ProfileMicrosoft Office 2007 Service Pack 3 (SP3)Microsoft Office 2010Microsoft Office Access MUI (English) 2007Microsoft Office Access Setup Metadata MUI (English) 2007Microsoft Office Enterprise 2007Microsoft Office Excel MUI (English) 2007Microsoft Office Groove MUI (English) 2007Microsoft Office Groove Setup Metadata MUI (English) 2007Microsoft Office InfoPath MUI (English) 2007Microsoft Office OneNote MUI (English) 2007Microsoft Office Outlook MUI (English) 2007Microsoft Office PowerPoint MUI (English) 2007Microsoft Office Proof (English) 2007Microsoft Office Proof (French) 2007Microsoft Office Proof (Spanish) 2007Microsoft Office Proofing (English) 2007Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)Microsoft Office Publisher MUI (English) 2007Microsoft Office Shared MUI (English) 2007Microsoft Office Shared Setup Metadata MUI (English) 2007Microsoft Office Word MUI (English) 2007Microsoft Security ClientMicrosoft Security EssentialsMicrosoft SilverlightMicrosoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2008 Redistributable - x86 9.0.21022Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219Microsoft XNA Framework Redistributable 3.1Movie Templates - Starter KitMozilla Firefox 21.0 (x86 en-US)Mozilla Maintenance ServiceMSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)Nero 9 EssentialsNero BurnRightsNero BurnRights HelpNero ControlCenterNero CoverDesignerNero CoverDesigner HelpNero DiscSpeedNero DiscSpeed HelpNero DriveSpeedNero DriveSpeed HelpNero Express HelpNero InfoToolNero InfoTool HelpNero InstallerNero Online UpgradeNero ShowTimeNero StartSmartNero StartSmart HelpNero VisionNero Vision HelpNeroExpressneroxmlNTREGOPT 1.1jNVIDIA 3D Vision Driver 311.06NVIDIA Control Panel 311.06NVIDIA Graphics Driver 311.06NVIDIA HD Audio Driver 1.1.13.1NVIDIA Install ApplicationNVIDIA PhysXNVIDIA PhysX System Software 9.10.0514NVIDIA Stereoscopic 3D DriverNVIDIA Update 1.11.3NVIDIA Update ComponentsPath of ExilePDF Reader PackagesPlanetSide 2Realtek High Definition Audio DriverRenesas Electronics USB 3.0 Host Controller DriverSanctumSecurity Update for Microsoft .NET Framework 4 Client Profile (KB2446708)Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596792) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596871) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2597969) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit EditionSecurity Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit EditionSecurity Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition Shared C Run-time for x86Sid Meier's Civilization VSins of a Solar Empire: TrinitySkype Click to CallSkype™ 5.10Sprint SmartViewSpybot - Search & DestroyStar ConflictStarCraft IISteamSystem Requirements Lab for IntelTransformers: Fall of CybertronUltimate Reference SuiteUpdate for 2007 Microsoft Office System (KB967642)Update for Microsoft .NET Framework 4 Client Profile (KB2468871)Update for Microsoft .NET Framework 4 Client Profile (KB2533523)Update for Microsoft .NET Framework 4 Client Profile (KB2600217)Update for Microsoft .NET Framework 4 Client Profile (KB2836939)Update for Microsoft Office 2007 Help for Common Features (KB963673)Update for Microsoft Office 2007 suites (KB2596620) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2596660) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2596802) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2596848) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2687493) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2767916) 32-Bit EditionUpdate for Microsoft Office Access 2007 Help (KB963663)Update for Microsoft Office Excel 2007 Help (KB963678)Update for Microsoft Office Infopath 2007 Help (KB963662)Update for Microsoft Office OneNote 2007 Help (KB963670)Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit EditionUpdate for Microsoft Office Outlook 2007 Help (KB963677)Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817327) 32-Bit EditionUpdate for Microsoft Office Powerpoint 2007 Help (KB963669)Update for Microsoft Office Publisher 2007 Help (KB963667)Update for Microsoft Office Script Editor Help (KB963671)Update for Microsoft Office Word 2007 Help (KB963665)Update for PDF ReaderVentrilo ClientWarcraft IIIWarhammer® 40,000®: Dawn of War® II – Retribution™WordPerfect LightningWordPerfect Lightning - IPMWordPerfect Lightning - MessagesWordPerfect Lightning - MSOMWordPerfect Office X5WordPerfect Office X5 - CommonWordperfect Office X5 - ENWordPerfect Office X5 - FiltersWordPerfect Office X5 - GraphicsWordPerfect Office X5 - IPMWordPerfect Office X5 - LegalToolsWordPerfect Office X5 - Migration ManagerWordPerfect Office X5 - OxfordWordPerfect Office X5 - PerfectExperts ENWordPerfect Office X5 - PRWordPerfect Office X5 - QPWordPerfect Office X5 - Setup FilesWordPerfect Office X5 - SharepointWordPerfect Office X5 - SkinsWordPerfect Office X5 - System ENWordPerfect Office X5 - TemplatesWordPerfect Office X5 - WPWordPerfect Office X5 - WTWorld of WarcraftXCOM: Enemy Unknown.==== End Of File =========================== Link to post Share on other sites More sharing options...
Psychotic Posted July 2, 2013 ID:697769 Share Posted July 2, 2013 Hi there,my name is Marius and I will be assisting you with your Malware related problems.Before we move on, please read the following points carefully. First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding. Perform everything in the correct order. Sometimes one step requires the previous one. If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem. Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me. Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts. If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed. Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean. My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding. Please download Malwarebytes Anti-Rootkit from here Malwarebytes : Malwarebytes Anti-Rootkit and save it to your desktop.Be sure to print out and follow the instructions provided on that same page.Caution: This is a beta version so please be sure to read the disclaimer and back up any important data before using.Double click the mbar.zip file to open it, then 'Extract all files'. Double click the mbar folder to open it, then double click mbar.exe to start the tool.Check for Updates, then Scan your system for malwareIf malware is found, do NOT press the Cleanup button yet. Click EXIT.I'd like to see the log first so I can see what it sees. You'll find the log in that mbar folder as MBAR-log-***.txt . Please attach that to your next reply. Link to post Share on other sites More sharing options...
Sauur Posted July 3, 2013 Author ID:698095 Share Posted July 3, 2013 Yay - I appreciate you willing to help me. Here is the log. It showed 18 items detected, I have not cleaned them yet. ---------------------------------------Malwarebytes Anti-Rootkit BETA 1.06.0.1004 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x86 Account is Administrative Internet Explorer version: 10.0.9200.16618 Java version: 1.6.0_31 File system is: NTFSDisk drives: C:\ DRIVE_FIXEDCPU speed: 3.100000 GHzMemory total: 3206029312, free: 1458749440 Downloaded database version: v2013.07.03.02Initializing...------------ Kernel report ------------ 07/02/2013 21:26:11------------ Loaded modules -----------\SystemRoot\system32\ntkrnlpa.exe\SystemRoot\system32\halmacpi.dll\SystemRoot\system32\kdcom.dll\SystemRoot\system32\mcupdate_GenuineIntel.dll\SystemRoot\system32\PSHED.dll\SystemRoot\system32\BOOTVID.dll\SystemRoot\system32\CLFS.SYS\SystemRoot\system32\CI.dll\SystemRoot\system32\drivers\Wdf01000.sys\SystemRoot\system32\drivers\WDFLDR.SYS\SystemRoot\system32\drivers\ACPI.sys\SystemRoot\system32\drivers\WMILIB.SYS\SystemRoot\system32\drivers\msisadrv.sys\SystemRoot\system32\drivers\pci.sys\SystemRoot\system32\drivers\vdrvroot.sys\SystemRoot\System32\drivers\partmgr.sys\SystemRoot\system32\drivers\volmgr.sys\SystemRoot\System32\drivers\volmgrx.sys\SystemRoot\system32\drivers\pciide.sys\SystemRoot\system32\drivers\PCIIDEX.SYS\SystemRoot\System32\drivers\mountmgr.sys\SystemRoot\system32\drivers\atapi.sys\SystemRoot\system32\drivers\ataport.SYS\SystemRoot\system32\drivers\msahci.sys\SystemRoot\system32\drivers\amdxata.sys\SystemRoot\system32\drivers\fltmgr.sys\SystemRoot\system32\drivers\fileinfo.sys\SystemRoot\system32\DRIVERS\MpFilter.sys\SystemRoot\System32\Drivers\Ntfs.sys\SystemRoot\System32\Drivers\msrpc.sys\SystemRoot\System32\Drivers\ksecdd.sys\SystemRoot\System32\Drivers\cng.sys\SystemRoot\System32\drivers\pcw.sys\SystemRoot\System32\Drivers\Fs_Rec.sys\SystemRoot\system32\drivers\ndis.sys\SystemRoot\system32\drivers\NETIO.SYS\SystemRoot\System32\Drivers\ksecpkg.sys\SystemRoot\System32\drivers\tcpip.sys\SystemRoot\System32\drivers\fwpkclnt.sys\SystemRoot\system32\drivers\vmstorfl.sys\SystemRoot\system32\drivers\volsnap.sys\SystemRoot\System32\Drivers\spldr.sys\SystemRoot\System32\drivers\rdyboost.sys\SystemRoot\System32\Drivers\mup.sys\SystemRoot\System32\drivers\hwpolicy.sys\SystemRoot\System32\DRIVERS\fvevol.sys\SystemRoot\system32\drivers\disk.sys\SystemRoot\system32\drivers\CLASSPNP.SYS\SystemRoot\system32\DRIVERS\cdrom.sys\SystemRoot\System32\Drivers\Null.SYS\SystemRoot\System32\Drivers\Beep.SYS\SystemRoot\System32\drivers\vga.sys\SystemRoot\System32\drivers\VIDEOPRT.SYS\SystemRoot\System32\drivers\watchdog.sys\SystemRoot\System32\DRIVERS\RDPCDD.sys\SystemRoot\system32\drivers\rdpencdd.sys\SystemRoot\system32\drivers\rdprefmp.sys\SystemRoot\System32\Drivers\Msfs.SYS\SystemRoot\System32\Drivers\Npfs.SYS\SystemRoot\system32\DRIVERS\tdx.sys\SystemRoot\system32\DRIVERS\TDI.SYS\SystemRoot\System32\DRIVERS\netbt.sys\SystemRoot\system32\drivers\afd.sys\SystemRoot\system32\DRIVERS\wfplwf.sys\SystemRoot\system32\DRIVERS\pacer.sys\SystemRoot\system32\DRIVERS\netbios.sys\SystemRoot\system32\drivers\serial.sys\SystemRoot\system32\DRIVERS\wanarp.sys\SystemRoot\system32\drivers\termdd.sys\SystemRoot\system32\DRIVERS\rdbss.sys\SystemRoot\system32\drivers\nsiproxy.sys\SystemRoot\system32\drivers\mssmbios.sys\SystemRoot\System32\drivers\discache.sys\SystemRoot\system32\drivers\csc.sys\SystemRoot\System32\Drivers\dfsc.sys\SystemRoot\system32\drivers\blbdrive.sys\SystemRoot\system32\DRIVERS\tunnel.sys\SystemRoot\system32\DRIVERS\nvlddmkm.sys\SystemRoot\System32\Drivers\nvBridge.kmd\SystemRoot\System32\drivers\dxgkrnl.sys\SystemRoot\System32\drivers\dxgmms1.sys\SystemRoot\system32\DRIVERS\HDAudBus.sys\SystemRoot\system32\drivers\HECI.sys\SystemRoot\system32\drivers\serenum.sys\SystemRoot\system32\DRIVERS\e1c6232.sys\SystemRoot\system32\drivers\usbehci.sys\SystemRoot\system32\drivers\USBPORT.SYS\SystemRoot\system32\drivers\nusb3xhc.sys\SystemRoot\system32\drivers\USBD.SYS\SystemRoot\system32\drivers\1394ohci.sys\SystemRoot\system32\drivers\tpm.sys\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys\SystemRoot\system32\drivers\intelppm.sys\SystemRoot\system32\drivers\CompositeBus.sys\SystemRoot\System32\Drivers\RootMdm.sys\SystemRoot\system32\drivers\modem.sys\SystemRoot\system32\DRIVERS\AgileVpn.sys\SystemRoot\system32\DRIVERS\rasl2tp.sys\SystemRoot\system32\DRIVERS\ndistapi.sys\SystemRoot\system32\DRIVERS\ndiswan.sys\SystemRoot\system32\DRIVERS\raspppoe.sys\SystemRoot\system32\DRIVERS\raspptp.sys\SystemRoot\system32\DRIVERS\rassstp.sys\SystemRoot\system32\DRIVERS\hamachi.sys\SystemRoot\system32\DRIVERS\pctnullport.sys\SystemRoot\system32\DRIVERS\RimSerial.sys\SystemRoot\system32\drivers\rdpbus.sys\SystemRoot\system32\DRIVERS\kbdclass.sys\SystemRoot\system32\DRIVERS\mouclass.sys\SystemRoot\system32\drivers\swenum.sys\SystemRoot\system32\drivers\ks.sys\SystemRoot\system32\DRIVERS\NWADIenum.sys\SystemRoot\system32\DRIVERS\umbus.sys\SystemRoot\system32\DRIVERS\usbhub.sys\SystemRoot\System32\Drivers\NDProxy.SYS\SystemRoot\system32\drivers\nvhda32v.sys\SystemRoot\system32\drivers\portcls.sys\SystemRoot\system32\drivers\drmk.sys\SystemRoot\system32\drivers\RTKVHDA.sys\SystemRoot\system32\DRIVERS\IntcDAud.sys\SystemRoot\system32\drivers\nusb3hub.sys\SystemRoot\System32\win32k.sys\SystemRoot\System32\drivers\Dxapi.sys\SystemRoot\System32\Drivers\crashdmp.sys\SystemRoot\System32\Drivers\dump_dumpata.sys\SystemRoot\System32\Drivers\dump_msahci.sys\SystemRoot\System32\Drivers\dump_dumpfve.sys\SystemRoot\system32\DRIVERS\monitor.sys\SystemRoot\system32\DRIVERS\usbccgp.sys\SystemRoot\system32\DRIVERS\usbscan.sys\SystemRoot\system32\DRIVERS\usbprint.sys\SystemRoot\system32\DRIVERS\USBSTOR.SYS\SystemRoot\System32\TSDDD.dll\SystemRoot\System32\cdd.dll\SystemRoot\system32\DRIVERS\hidusb.sys\SystemRoot\system32\DRIVERS\HIDCLASS.SYS\SystemRoot\system32\DRIVERS\HIDPARSE.SYS\SystemRoot\system32\DRIVERS\kbdhid.sys\SystemRoot\system32\drivers\luafv.sys\??\C:\windows\system32\drivers\mbam.sys\SystemRoot\system32\DRIVERS\lltdio.sys\SystemRoot\system32\DRIVERS\rspndr.sys\SystemRoot\system32\drivers\HTTP.sys\SystemRoot\system32\DRIVERS\bowser.sys\SystemRoot\System32\drivers\mpsdrv.sys\SystemRoot\system32\DRIVERS\mrxsmb.sys\SystemRoot\system32\DRIVERS\mrxsmb10.sys\SystemRoot\system32\DRIVERS\mrxsmb20.sys\SystemRoot\system32\DRIVERS\NisDrvWFP.sys\SystemRoot\system32\drivers\peauth.sys\SystemRoot\System32\Drivers\secdrv.SYS\SystemRoot\System32\DRIVERS\srvnet.sys\SystemRoot\System32\drivers\tcpipreg.sys\SystemRoot\System32\DRIVERS\srv2.sys\SystemRoot\System32\DRIVERS\srv.sys\SystemRoot\System32\drivers\ipnat.sys\SystemRoot\system32\drivers\WudfPf.sys\SystemRoot\system32\DRIVERS\WUDFRd.sys\SystemRoot\system32\DRIVERS\asyncmac.sys\SystemRoot\System32\ATMFD.DLL\SystemRoot\system32\DRIVERS\mouhid.sys\??\C:\Users\Alex\AppData\Local\Temp\mbr.sys\??\C:\windows\system32\drivers\mbamchameleon.sys\??\C:\windows\system32\drivers\mbamswissarmy.sys\Windows\System32\ntdll.dll\Windows\System32\smss.exe\Windows\System32\apisetschema.dll\Windows\System32\autochk.exe\Windows\System32\msvcrt.dll\Windows\System32\oleaut32.dll\Windows\System32\user32.dll\Windows\System32\ole32.dll\Windows\System32\rpcrt4.dll\Windows\System32\wininet.dll\Windows\System32\advapi32.dll\Windows\System32\iertutil.dll\Windows\System32\shell32.dll\Windows\System32\kernel32.dll\Windows\System32\nsi.dll\Windows\System32\difxapi.dll\Windows\System32\psapi.dll\Windows\System32\Wldap32.dll\Windows\System32\imagehlp.dll\Windows\System32\sechost.dll\Windows\System32\setupapi.dll\Windows\System32\clbcatq.dll\Windows\System32\usp10.dll\Windows\System32\lpk.dll\Windows\System32\msctf.dll\Windows\System32\imm32.dll\Windows\System32\gdi32.dll\Windows\System32\comdlg32.dll\Windows\System32\normaliz.dll\Windows\System32\urlmon.dll\Windows\System32\ws2_32.dll\Windows\System32\shlwapi.dll\Windows\System32\devobj.dll\Windows\System32\wintrust.dll\Windows\System32\comctl32.dll\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll\Windows\System32\crypt32.dll\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll\Windows\System32\KernelBase.dll\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll\Windows\System32\cfgmgr32.dll\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll\Windows\System32\msasn1.dll----------- End -----------Done!<<<1>>>Upper Device Name: \Device\Harddisk6\DR6Upper Device Object: 0xffffffff8808eac8Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\00000088\Lower Device Object: 0xffffffff88039ca8Lower Device Driver Name: \Driver\USBSTOR\<<<1>>>Upper Device Name: \Device\Harddisk5\DR5Upper Device Object: 0xffffffff8808f7b8Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\00000087\Lower Device Object: 0xffffffff86e89998Lower Device Driver Name: \Driver\USBSTOR\<<<1>>>Upper Device Name: \Device\Harddisk4\DR4Upper Device Object: 0xffffffff8808f030Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\00000086\Lower Device Object: 0xffffffff8808aca8Lower Device Driver Name: \Driver\USBSTOR\<<<1>>>Upper Device Name: \Device\Harddisk3\DR3Upper Device Object: 0xffffffff88039740Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\00000085\Lower Device Object: 0xffffffff88085430Lower Device Driver Name: \Driver\USBSTOR\<<<1>>>Upper Device Name: \Device\Harddisk2\DR2Upper Device Object: 0xffffffff88039030Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\00000084\Lower Device Object: 0xffffffff86e8f658Lower Device Driver Name: \Driver\USBSTOR\<<<1>>>Upper Device Name: \Device\Harddisk1\DR1Upper Device Object: 0xffffffff87ff33e0Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\00000081\Lower Device Object: 0xffffffff87feba48Lower Device Driver Name: \Driver\USBSTOR\<<<1>>>Upper Device Name: \Device\Harddisk0\DR0Upper Device Object: 0xffffffff86e48948Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\Ide\IdeDeviceP3T0L0-5\Lower Device Object: 0xffffffff868d7908Lower Device Driver Name: \Driver\atapi\<<<2>>>Device number: 0, partition: 3Physical Sector Size: 512Drive: 0, DevicePointer: 0xffffffff86e48948, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xffffffff86e48580, DeviceName: Unknown, DriverName: \Driver\partmgr\DevicePointer: 0xffffffff86e48948, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\DevicePointer: 0xffffffff868d7908, DeviceName: \Device\Ide\IdeDeviceP3T0L0-5\, DriverName: \Driver\atapi\------------ End ----------Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\Upper DeviceData: 0x0, 0x0, 0x0Lower DeviceData: 0x0, 0x0, 0x0<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes<<<2>>>Device number: 0, partition: 3<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesScanning drivers directory: C:\windows\system32\drivers...<<<2>>>Device number: 0, partition: 3<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesDone!Drive 0Scanning MBR on drive 0...Inspecting partition table:MBR Signature: 55AADisk Signature: E76C86CA Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 2048 Numsec = 1024000 Partition file system is NTFS Partition is bootable Partition 1 type is Other (0x27) Partition is NOT ACTIVE. Partition starts at LBA: 1026048 Numsec = 16384000 Partition 2 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 17410048 Numsec = 959361024 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 500107862016 bytesSector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...Done!Physical Sector Size: 0Drive: 1, DevicePointer: 0xffffffff87ff33e0, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xffffffff87faca20, DeviceName: Unknown, DriverName: \Driver\partmgr\DevicePointer: 0xffffffff87ff33e0, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\DevicePointer: 0xffffffff87feba48, DeviceName: \Device\00000081\, DriverName: \Driver\USBSTOR\------------ End ----------Physical Sector Size: 0Drive: 2, DevicePointer: 0xffffffff88039030, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xffffffff86e8f338, DeviceName: Unknown, DriverName: \Driver\partmgr\DevicePointer: 0xffffffff88039030, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\DevicePointer: 0xffffffff86e8f658, DeviceName: \Device\00000084\, DriverName: \Driver\USBSTOR\------------ End ----------Physical Sector Size: 0Drive: 3, DevicePointer: 0xffffffff88039740, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xffffffff86e89678, DeviceName: Unknown, DriverName: \Driver\partmgr\DevicePointer: 0xffffffff88039740, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\DevicePointer: 0xffffffff88085430, DeviceName: \Device\00000085\, DriverName: \Driver\USBSTOR\------------ End ----------Physical Sector Size: 0Drive: 4, DevicePointer: 0xffffffff8808f030, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xffffffff8808fd10, DeviceName: Unknown, DriverName: \Driver\partmgr\DevicePointer: 0xffffffff8808f030, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\DevicePointer: 0xffffffff8808aca8, DeviceName: \Device\00000086\, DriverName: \Driver\USBSTOR\------------ End ----------Physical Sector Size: 0Drive: 5, DevicePointer: 0xffffffff8808f7b8, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xffffffff8808e020, DeviceName: Unknown, DriverName: \Driver\partmgr\DevicePointer: 0xffffffff8808f7b8, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\DevicePointer: 0xffffffff86e89998, DeviceName: \Device\00000087\, DriverName: \Driver\USBSTOR\------------ End ----------Physical Sector Size: 0Drive: 6, DevicePointer: 0xffffffff8808eac8, DeviceName: \Device\Harddisk6\DR6\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xffffffff8808e7a8, DeviceName: Unknown, DriverName: \Driver\partmgr\DevicePointer: 0xffffffff8808eac8, DeviceName: \Device\Harddisk6\DR6\, DriverName: \Driver\Disk\DevicePointer: 0xffffffff88039ca8, DeviceName: \Device\00000088\, DriverName: \Driver\USBSTOR\------------ End ----------Read File: File "c:\windows\$ntuninstallkb1907$\4266654012\@" is compressed (flags = 1)Read File: File "c:\windows\$ntuninstallkb1907$\4266654012\bckfg.tmp" is compressed (flags = 1)Read File: File "c:\windows\$ntuninstallkb1907$\4266654012\cfg.ini" is compressed (flags = 1)Read File: File "c:\windows\$ntuninstallkb1907$\4266654012\desktop.ini" is compressed (flags = 1)Read File: File "c:\windows\$ntuninstallkb1907$\4266654012\keywords" is compressed (flags = 1)Read File: File "c:\windows\$ntuninstallkb1907$\4266654012\kwrd.dll" is compressed (flags = 1)Read File: File "c:\windows\$ntuninstallkb1907$\4266654012\lsflt7.ver" is compressed (flags = 1)Read File: File "c:\windows\$ntuninstallkb1907$\4266654012\l\xadqgnnk" is compressed (flags = 1)Infected: c:\windows\$ntuninstallkb1907$\4266654012\l\xadqgnnk --> [backdoor.0Access]Read File: File "c:\windows\$ntuninstallkb1907$\4266654012\u\00000001.@" is compressed (flags = 1)Infected: c:\windows\$ntuninstallkb1907$\4266654012\u\00000001.@ --> [backdoor.0Access]Read File: File "c:\windows\$ntuninstallkb1907$\4266654012\u\00000002.@" is compressed (flags = 1)Infected: c:\windows\$ntuninstallkb1907$\4266654012\u\00000002.@ --> [backdoor.0Access]Read File: File "c:\windows\$ntuninstallkb1907$\4266654012\u\00000004.@" is compressed (flags = 1)Infected: c:\windows\$ntuninstallkb1907$\4266654012\u\00000004.@ --> [backdoor.0Access]Read File: File "c:\windows\$ntuninstallkb1907$\4266654012\u\80000000.@" is compressed (flags = 1)Infected: c:\windows\$ntuninstallkb1907$\4266654012\u\80000000.@ --> [backdoor.0Access]Read File: File "c:\windows\$ntuninstallkb1907$\4266654012\u\80000004.@" is compressed (flags = 1)Infected: c:\windows\$ntuninstallkb1907$\4266654012\u\80000004.@ --> [backdoor.0Access]Read File: File "c:\windows\$ntuninstallkb1907$\4266654012\u\80000032.@" is compressed (flags = 1)Infected: c:\windows\$ntuninstallkb1907$\4266654012\u\80000032.@ --> [backdoor.0Access]Infected: c:\windows\$ntuninstallkb1907$\4266654012 --> [backdoor.0Access]Infected: c:\windows\$ntuninstallkb1907$\4266654012\@ --> [backdoor.0Access]Infected: c:\windows\$ntuninstallkb1907$\4266654012\bckfg.tmp --> [backdoor.0Access]Infected: c:\windows\$ntuninstallkb1907$\4266654012\cfg.ini --> [backdoor.0Access]Infected: c:\windows\$ntuninstallkb1907$\4266654012\desktop.ini --> [backdoor.0Access]Infected: c:\windows\$ntuninstallkb1907$\4266654012\keywords --> [backdoor.0Access]Infected: c:\windows\$ntuninstallkb1907$\4266654012\kwrd.dll --> [backdoor.0Access]Infected: c:\windows\$ntuninstallkb1907$\4266654012\lsflt7.ver --> [backdoor.0Access]Infected: c:\windows\$ntuninstallkb1907$\4266654012\l --> [backdoor.0Access]Infected: c:\windows\$ntuninstallkb1907$\4266654012\u --> [backdoor.0Access]Infected: c:\windows\$ntuninstallkb1907$\558419937 --> [backdoor.0Access]Scan finished Link to post Share on other sites More sharing options...
Psychotic Posted July 3, 2013 ID:698161 Share Posted July 3, 2013 Run another scan with mbar.exe and click the CleanUp button. It will require a reboot.When it has rebooted, run another scan with mbar.exe and click CleanUp again if necessary.Send the mbar-log.txt along with an update on machine behavior. Link to post Share on other sites More sharing options...
Sauur Posted July 3, 2013 Author ID:698169 Share Posted July 3, 2013 Awesome - doesn't look it found anything after the cleanup. PC performance is difficult to judge - its not like it always went into slow mo but I'll mess around with it more tomorrow and see if it does anything bad again. ---------------------------------------Malwarebytes Anti-Rootkit BETA 1.06.0.1004 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x86 Account is Administrative Internet Explorer version: 10.0.9200.16618 Java version: 1.6.0_31 File system is: NTFSDisk drives: C:\ DRIVE_FIXEDCPU speed: 3.100000 GHzMemory total: 3206029312, free: 1458749440 Downloaded database version: v2013.07.03.02Initializing...------------ Kernel report ------------ 07/02/2013 21:26:11------------ Loaded modules -----------\SystemRoot\system32\ntkrnlpa.exe\SystemRoot\system32\halmacpi.dll\SystemRoot\system32\kdcom.dll\SystemRoot\system32\mcupdate_GenuineIntel.dll\SystemRoot\system32\PSHED.dll\SystemRoot\system32\BOOTVID.dll\SystemRoot\system32\CLFS.SYS\SystemRoot\system32\CI.dll\SystemRoot\system32\drivers\Wdf01000.sys\SystemRoot\system32\drivers\WDFLDR.SYS\SystemRoot\system32\drivers\ACPI.sys\SystemRoot\system32\drivers\WMILIB.SYS\SystemRoot\system32\drivers\msisadrv.sys\SystemRoot\system32\drivers\pci.sys\SystemRoot\system32\drivers\vdrvroot.sys\SystemRoot\System32\drivers\partmgr.sys\SystemRoot\system32\drivers\volmgr.sys\SystemRoot\System32\drivers\volmgrx.sys\SystemRoot\system32\drivers\pciide.sys\SystemRoot\system32\drivers\PCIIDEX.SYS\SystemRoot\System32\drivers\mountmgr.sys\SystemRoot\system32\drivers\atapi.sys\SystemRoot\system32\drivers\ataport.SYS\SystemRoot\system32\drivers\msahci.sys\SystemRoot\system32\drivers\amdxata.sys\SystemRoot\system32\drivers\fltmgr.sys\SystemRoot\system32\drivers\fileinfo.sys\SystemRoot\system32\DRIVERS\MpFilter.sys\SystemRoot\System32\Drivers\Ntfs.sys\SystemRoot\System32\Drivers\msrpc.sys\SystemRoot\System32\Drivers\ksecdd.sys\SystemRoot\System32\Drivers\cng.sys\SystemRoot\System32\drivers\pcw.sys\SystemRoot\System32\Drivers\Fs_Rec.sys\SystemRoot\system32\drivers\ndis.sys\SystemRoot\system32\drivers\NETIO.SYS\SystemRoot\System32\Drivers\ksecpkg.sys\SystemRoot\System32\drivers\tcpip.sys\SystemRoot\System32\drivers\fwpkclnt.sys\SystemRoot\system32\drivers\vmstorfl.sys\SystemRoot\system32\drivers\volsnap.sys\SystemRoot\System32\Drivers\spldr.sys\SystemRoot\System32\drivers\rdyboost.sys\SystemRoot\System32\Drivers\mup.sys\SystemRoot\System32\drivers\hwpolicy.sys\SystemRoot\System32\DRIVERS\fvevol.sys\SystemRoot\system32\drivers\disk.sys\SystemRoot\system32\drivers\CLASSPNP.SYS\SystemRoot\system32\DRIVERS\cdrom.sys\SystemRoot\System32\Drivers\Null.SYS\SystemRoot\System32\Drivers\Beep.SYS\SystemRoot\System32\drivers\vga.sys\SystemRoot\System32\drivers\VIDEOPRT.SYS\SystemRoot\System32\drivers\watchdog.sys\SystemRoot\System32\DRIVERS\RDPCDD.sys\SystemRoot\system32\drivers\rdpencdd.sys\SystemRoot\system32\drivers\rdprefmp.sys\SystemRoot\System32\Drivers\Msfs.SYS\SystemRoot\System32\Drivers\Npfs.SYS\SystemRoot\system32\DRIVERS\tdx.sys\SystemRoot\system32\DRIVERS\TDI.SYS\SystemRoot\System32\DRIVERS\netbt.sys\SystemRoot\system32\drivers\afd.sys\SystemRoot\system32\DRIVERS\wfplwf.sys\SystemRoot\system32\DRIVERS\pacer.sys\SystemRoot\system32\DRIVERS\netbios.sys\SystemRoot\system32\drivers\serial.sys\SystemRoot\system32\DRIVERS\wanarp.sys\SystemRoot\system32\drivers\termdd.sys\SystemRoot\system32\DRIVERS\rdbss.sys\SystemRoot\system32\drivers\nsiproxy.sys\SystemRoot\system32\drivers\mssmbios.sys\SystemRoot\System32\drivers\discache.sys\SystemRoot\system32\drivers\csc.sys\SystemRoot\System32\Drivers\dfsc.sys\SystemRoot\system32\drivers\blbdrive.sys\SystemRoot\system32\DRIVERS\tunnel.sys\SystemRoot\system32\DRIVERS\nvlddmkm.sys\SystemRoot\System32\Drivers\nvBridge.kmd\SystemRoot\System32\drivers\dxgkrnl.sys\SystemRoot\System32\drivers\dxgmms1.sys\SystemRoot\system32\DRIVERS\HDAudBus.sys\SystemRoot\system32\drivers\HECI.sys\SystemRoot\system32\drivers\serenum.sys\SystemRoot\system32\DRIVERS\e1c6232.sys\SystemRoot\system32\drivers\usbehci.sys\SystemRoot\system32\drivers\USBPORT.SYS\SystemRoot\system32\drivers\nusb3xhc.sys\SystemRoot\system32\drivers\USBD.SYS\SystemRoot\system32\drivers\1394ohci.sys\SystemRoot\system32\drivers\tpm.sys\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys\SystemRoot\system32\drivers\intelppm.sys\SystemRoot\system32\drivers\CompositeBus.sys\SystemRoot\System32\Drivers\RootMdm.sys\SystemRoot\system32\drivers\modem.sys\SystemRoot\system32\DRIVERS\AgileVpn.sys\SystemRoot\system32\DRIVERS\rasl2tp.sys\SystemRoot\system32\DRIVERS\ndistapi.sys\SystemRoot\system32\DRIVERS\ndiswan.sys\SystemRoot\system32\DRIVERS\raspppoe.sys\SystemRoot\system32\DRIVERS\raspptp.sys\SystemRoot\system32\DRIVERS\rassstp.sys\SystemRoot\system32\DRIVERS\hamachi.sys\SystemRoot\system32\DRIVERS\pctnullport.sys\SystemRoot\system32\DRIVERS\RimSerial.sys\SystemRoot\system32\drivers\rdpbus.sys\SystemRoot\system32\DRIVERS\kbdclass.sys\SystemRoot\system32\DRIVERS\mouclass.sys\SystemRoot\system32\drivers\swenum.sys\SystemRoot\system32\drivers\ks.sys\SystemRoot\system32\DRIVERS\NWADIenum.sys\SystemRoot\system32\DRIVERS\umbus.sys\SystemRoot\system32\DRIVERS\usbhub.sys\SystemRoot\System32\Drivers\NDProxy.SYS\SystemRoot\system32\drivers\nvhda32v.sys\SystemRoot\system32\drivers\portcls.sys\SystemRoot\system32\drivers\drmk.sys\SystemRoot\system32\drivers\RTKVHDA.sys\SystemRoot\system32\DRIVERS\IntcDAud.sys\SystemRoot\system32\drivers\nusb3hub.sys\SystemRoot\System32\win32k.sys\SystemRoot\System32\drivers\Dxapi.sys\SystemRoot\System32\Drivers\crashdmp.sys\SystemRoot\System32\Drivers\dump_dumpata.sys\SystemRoot\System32\Drivers\dump_msahci.sys\SystemRoot\System32\Drivers\dump_dumpfve.sys\SystemRoot\system32\DRIVERS\monitor.sys\SystemRoot\system32\DRIVERS\usbccgp.sys\SystemRoot\system32\DRIVERS\usbscan.sys\SystemRoot\system32\DRIVERS\usbprint.sys\SystemRoot\system32\DRIVERS\USBSTOR.SYS\SystemRoot\System32\TSDDD.dll\SystemRoot\System32\cdd.dll\SystemRoot\system32\DRIVERS\hidusb.sys\SystemRoot\system32\DRIVERS\HIDCLASS.SYS\SystemRoot\system32\DRIVERS\HIDPARSE.SYS\SystemRoot\system32\DRIVERS\kbdhid.sys\SystemRoot\system32\drivers\luafv.sys\??\C:\windows\system32\drivers\mbam.sys\SystemRoot\system32\DRIVERS\lltdio.sys\SystemRoot\system32\DRIVERS\rspndr.sys\SystemRoot\system32\drivers\HTTP.sys\SystemRoot\system32\DRIVERS\bowser.sys\SystemRoot\System32\drivers\mpsdrv.sys\SystemRoot\system32\DRIVERS\mrxsmb.sys\SystemRoot\system32\DRIVERS\mrxsmb10.sys\SystemRoot\system32\DRIVERS\mrxsmb20.sys\SystemRoot\system32\DRIVERS\NisDrvWFP.sys\SystemRoot\system32\drivers\peauth.sys\SystemRoot\System32\Drivers\secdrv.SYS\SystemRoot\System32\DRIVERS\srvnet.sys\SystemRoot\System32\drivers\tcpipreg.sys\SystemRoot\System32\DRIVERS\srv2.sys\SystemRoot\System32\DRIVERS\srv.sys\SystemRoot\System32\drivers\ipnat.sys\SystemRoot\system32\drivers\WudfPf.sys\SystemRoot\system32\DRIVERS\WUDFRd.sys\SystemRoot\system32\DRIVERS\asyncmac.sys\SystemRoot\System32\ATMFD.DLL\SystemRoot\system32\DRIVERS\mouhid.sys\??\C:\Users\Alex\AppData\Local\Temp\mbr.sys\??\C:\windows\system32\drivers\mbamchameleon.sys\??\C:\windows\system32\drivers\mbamswissarmy.sys\Windows\System32\ntdll.dll\Windows\System32\smss.exe\Windows\System32\apisetschema.dll\Windows\System32\autochk.exe\Windows\System32\msvcrt.dll\Windows\System32\oleaut32.dll\Windows\System32\user32.dll\Windows\System32\ole32.dll\Windows\System32\rpcrt4.dll\Windows\System32\wininet.dll\Windows\System32\advapi32.dll\Windows\System32\iertutil.dll\Windows\System32\shell32.dll\Windows\System32\kernel32.dll\Windows\System32\nsi.dll\Windows\System32\difxapi.dll\Windows\System32\psapi.dll\Windows\System32\Wldap32.dll\Windows\System32\imagehlp.dll\Windows\System32\sechost.dll\Windows\System32\setupapi.dll\Windows\System32\clbcatq.dll\Windows\System32\usp10.dll\Windows\System32\lpk.dll\Windows\System32\msctf.dll\Windows\System32\imm32.dll\Windows\System32\gdi32.dll\Windows\System32\comdlg32.dll\Windows\System32\normaliz.dll\Windows\System32\urlmon.dll\Windows\System32\ws2_32.dll\Windows\System32\shlwapi.dll\Windows\System32\devobj.dll\Windows\System32\wintrust.dll\Windows\System32\comctl32.dll\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll\Windows\System32\crypt32.dll\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll\Windows\System32\KernelBase.dll\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll\Windows\System32\cfgmgr32.dll\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll\Windows\System32\msasn1.dll----------- End -----------Done!<<<1>>>Upper Device Name: \Device\Harddisk6\DR6Upper Device Object: 0xffffffff8808eac8Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\00000088\Lower Device Object: 0xffffffff88039ca8Lower Device Driver Name: \Driver\USBSTOR\<<<1>>>Upper Device Name: \Device\Harddisk5\DR5Upper Device Object: 0xffffffff8808f7b8Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\00000087\Lower Device Object: 0xffffffff86e89998Lower Device Driver Name: \Driver\USBSTOR\<<<1>>>Upper Device Name: \Device\Harddisk4\DR4Upper Device Object: 0xffffffff8808f030Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\00000086\Lower Device Object: 0xffffffff8808aca8Lower Device Driver Name: \Driver\USBSTOR\<<<1>>>Upper Device Name: \Device\Harddisk3\DR3Upper Device Object: 0xffffffff88039740Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\00000085\Lower Device Object: 0xffffffff88085430Lower Device Driver Name: \Driver\USBSTOR\<<<1>>>Upper Device Name: \Device\Harddisk2\DR2Upper Device Object: 0xffffffff88039030Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\00000084\Lower Device Object: 0xffffffff86e8f658Lower Device Driver Name: \Driver\USBSTOR\<<<1>>>Upper Device Name: \Device\Harddisk1\DR1Upper Device Object: 0xffffffff87ff33e0Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\00000081\Lower Device Object: 0xffffffff87feba48Lower Device Driver Name: \Driver\USBSTOR\<<<1>>>Upper Device Name: \Device\Harddisk0\DR0Upper Device Object: 0xffffffff86e48948Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\Ide\IdeDeviceP3T0L0-5\Lower Device Object: 0xffffffff868d7908Lower Device Driver Name: \Driver\atapi\<<<2>>>Device number: 0, partition: 3Physical Sector Size: 512Drive: 0, DevicePointer: 0xffffffff86e48948, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xffffffff86e48580, DeviceName: Unknown, DriverName: \Driver\partmgr\DevicePointer: 0xffffffff86e48948, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\DevicePointer: 0xffffffff868d7908, DeviceName: \Device\Ide\IdeDeviceP3T0L0-5\, DriverName: \Driver\atapi\------------ End ----------Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\Upper DeviceData: 0x0, 0x0, 0x0Lower DeviceData: 0x0, 0x0, 0x0<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes<<<2>>>Device number: 0, partition: 3<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesScanning drivers directory: C:\windows\system32\drivers...<<<2>>>Device number: 0, partition: 3<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesDone!Drive 0Scanning MBR on drive 0...Inspecting partition table:MBR Signature: 55AADisk Signature: E76C86CA Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 2048 Numsec = 1024000 Partition file system is NTFS Partition is bootable Partition 1 type is Other (0x27) Partition is NOT ACTIVE. Partition starts at LBA: 1026048 Numsec = 16384000 Partition 2 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 17410048 Numsec = 959361024 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 500107862016 bytesSector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...Done!Physical Sector Size: 0Drive: 1, DevicePointer: 0xffffffff87ff33e0, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xffffffff87faca20, DeviceName: Unknown, DriverName: \Driver\partmgr\DevicePointer: 0xffffffff87ff33e0, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\DevicePointer: 0xffffffff87feba48, DeviceName: \Device\00000081\, DriverName: \Driver\USBSTOR\------------ End ----------Physical Sector Size: 0Drive: 2, DevicePointer: 0xffffffff88039030, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xffffffff86e8f338, DeviceName: Unknown, DriverName: \Driver\partmgr\DevicePointer: 0xffffffff88039030, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\DevicePointer: 0xffffffff86e8f658, DeviceName: \Device\00000084\, DriverName: \Driver\USBSTOR\------------ End ----------Physical Sector Size: 0Drive: 3, DevicePointer: 0xffffffff88039740, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xffffffff86e89678, DeviceName: Unknown, DriverName: \Driver\partmgr\DevicePointer: 0xffffffff88039740, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\DevicePointer: 0xffffffff88085430, DeviceName: \Device\00000085\, DriverName: \Driver\USBSTOR\------------ End ----------Physical Sector Size: 0Drive: 4, DevicePointer: 0xffffffff8808f030, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xffffffff8808fd10, DeviceName: Unknown, DriverName: \Driver\partmgr\DevicePointer: 0xffffffff8808f030, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\DevicePointer: 0xffffffff8808aca8, DeviceName: \Device\00000086\, DriverName: \Driver\USBSTOR\------------ End ----------Physical Sector Size: 0Drive: 5, DevicePointer: 0xffffffff8808f7b8, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xffffffff8808e020, DeviceName: Unknown, DriverName: \Driver\partmgr\DevicePointer: 0xffffffff8808f7b8, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\DevicePointer: 0xffffffff86e89998, DeviceName: \Device\00000087\, DriverName: \Driver\USBSTOR\------------ End ----------Physical Sector Size: 0Drive: 6, DevicePointer: 0xffffffff8808eac8, DeviceName: \Device\Harddisk6\DR6\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xffffffff8808e7a8, DeviceName: Unknown, DriverName: \Driver\partmgr\DevicePointer: 0xffffffff8808eac8, DeviceName: \Device\Harddisk6\DR6\, DriverName: \Driver\Disk\DevicePointer: 0xffffffff88039ca8, DeviceName: \Device\00000088\, DriverName: \Driver\USBSTOR\------------ End ----------Read File: File "c:\windows\$ntuninstallkb1907$\4266654012\@" is compressed (flags = 1)Read File: File "c:\windows\$ntuninstallkb1907$\4266654012\bckfg.tmp" is compressed (flags = 1)Read File: File "c:\windows\$ntuninstallkb1907$\4266654012\cfg.ini" is compressed (flags = 1)Read File: File "c:\windows\$ntuninstallkb1907$\4266654012\desktop.ini" is compressed (flags = 1)Read File: File "c:\windows\$ntuninstallkb1907$\4266654012\keywords" is compressed (flags = 1)Read File: File "c:\windows\$ntuninstallkb1907$\4266654012\kwrd.dll" is compressed (flags = 1)Read File: File "c:\windows\$ntuninstallkb1907$\4266654012\lsflt7.ver" is compressed (flags = 1)Read File: File "c:\windows\$ntuninstallkb1907$\4266654012\l\xadqgnnk" is compressed (flags = 1)Infected: c:\windows\$ntuninstallkb1907$\4266654012\l\xadqgnnk --> [backdoor.0Access]Read File: File "c:\windows\$ntuninstallkb1907$\4266654012\u\00000001.@" is compressed (flags = 1)Infected: c:\windows\$ntuninstallkb1907$\4266654012\u\00000001.@ --> [backdoor.0Access]Read File: File "c:\windows\$ntuninstallkb1907$\4266654012\u\00000002.@" is compressed (flags = 1)Infected: c:\windows\$ntuninstallkb1907$\4266654012\u\00000002.@ --> [backdoor.0Access]Read File: File "c:\windows\$ntuninstallkb1907$\4266654012\u\00000004.@" is compressed (flags = 1)Infected: c:\windows\$ntuninstallkb1907$\4266654012\u\00000004.@ --> [backdoor.0Access]Read File: File "c:\windows\$ntuninstallkb1907$\4266654012\u\80000000.@" is compressed (flags = 1)Infected: c:\windows\$ntuninstallkb1907$\4266654012\u\80000000.@ --> [backdoor.0Access]Read File: File "c:\windows\$ntuninstallkb1907$\4266654012\u\80000004.@" is compressed (flags = 1)Infected: c:\windows\$ntuninstallkb1907$\4266654012\u\80000004.@ --> [backdoor.0Access]Read File: File "c:\windows\$ntuninstallkb1907$\4266654012\u\80000032.@" is compressed (flags = 1)Infected: c:\windows\$ntuninstallkb1907$\4266654012\u\80000032.@ --> [backdoor.0Access]Infected: c:\windows\$ntuninstallkb1907$\4266654012 --> [backdoor.0Access]Infected: c:\windows\$ntuninstallkb1907$\4266654012\@ --> [backdoor.0Access]Infected: c:\windows\$ntuninstallkb1907$\4266654012\bckfg.tmp --> [backdoor.0Access]Infected: c:\windows\$ntuninstallkb1907$\4266654012\cfg.ini --> [backdoor.0Access]Infected: c:\windows\$ntuninstallkb1907$\4266654012\desktop.ini --> [backdoor.0Access]Infected: c:\windows\$ntuninstallkb1907$\4266654012\keywords --> [backdoor.0Access]Infected: c:\windows\$ntuninstallkb1907$\4266654012\kwrd.dll --> [backdoor.0Access]Infected: c:\windows\$ntuninstallkb1907$\4266654012\lsflt7.ver --> [backdoor.0Access]Infected: c:\windows\$ntuninstallkb1907$\4266654012\l --> [backdoor.0Access]Infected: c:\windows\$ntuninstallkb1907$\4266654012\u --> [backdoor.0Access]Infected: c:\windows\$ntuninstallkb1907$\558419937 --> [backdoor.0Access]Scan finishedCreating System Restore point...Cleaning up...Executing an action fixdamage.exe...Success!Queuing an action fixdamage.exeRemoval scheduling successful. System shutdown needed.System shutdown occurred======================================= Removal queue found; removal startedRemoving c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_0_2048_i.mbam...Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...Removal finished---------------------------------------Malwarebytes Anti-Rootkit BETA 1.06.0.1004 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x86 Account is Administrative Internet Explorer version: 10.0.9200.16618 Java version: 1.6.0_31 File system is: NTFSDisk drives: C:\ DRIVE_FIXEDCPU speed: 3.100000 GHzMemory total: 3206029312, free: 1594179584 Downloaded database version: v2013.07.03.03Initializing...------------ Kernel report ------------ 07/03/2013 01:37:06------------ Loaded modules -----------\SystemRoot\system32\ntkrnlpa.exe\SystemRoot\system32\halmacpi.dll\SystemRoot\system32\kdcom.dll\SystemRoot\system32\mcupdate_GenuineIntel.dll\SystemRoot\system32\PSHED.dll\SystemRoot\system32\BOOTVID.dll\SystemRoot\system32\CLFS.SYS\SystemRoot\system32\CI.dll\SystemRoot\System32\drivers\imofugc.sys\SystemRoot\system32\drivers\Wdf01000.sys\SystemRoot\system32\drivers\WDFLDR.SYS\SystemRoot\system32\drivers\ACPI.sys\SystemRoot\system32\drivers\WMILIB.SYS\SystemRoot\system32\drivers\msisadrv.sys\SystemRoot\system32\drivers\pci.sys\SystemRoot\system32\drivers\vdrvroot.sys\SystemRoot\System32\drivers\partmgr.sys\SystemRoot\system32\drivers\volmgr.sys\SystemRoot\System32\drivers\volmgrx.sys\SystemRoot\system32\drivers\pciide.sys\SystemRoot\system32\drivers\PCIIDEX.SYS\SystemRoot\System32\drivers\mountmgr.sys\SystemRoot\system32\drivers\atapi.sys\SystemRoot\system32\drivers\ataport.SYS\SystemRoot\system32\drivers\msahci.sys\SystemRoot\system32\drivers\amdxata.sys\SystemRoot\system32\drivers\fltmgr.sys\SystemRoot\system32\drivers\fileinfo.sys\SystemRoot\system32\DRIVERS\MpFilter.sys\SystemRoot\System32\Drivers\Ntfs.sys\SystemRoot\System32\Drivers\msrpc.sys\SystemRoot\System32\Drivers\ksecdd.sys\SystemRoot\System32\Drivers\cng.sys\SystemRoot\System32\drivers\pcw.sys\SystemRoot\System32\Drivers\Fs_Rec.sys\SystemRoot\system32\drivers\ndis.sys\SystemRoot\system32\drivers\NETIO.SYS\SystemRoot\System32\Drivers\ksecpkg.sys\SystemRoot\System32\drivers\tcpip.sys\SystemRoot\System32\drivers\fwpkclnt.sys\SystemRoot\system32\drivers\vmstorfl.sys\SystemRoot\system32\drivers\volsnap.sys\SystemRoot\System32\Drivers\spldr.sys\SystemRoot\System32\drivers\rdyboost.sys\SystemRoot\System32\Drivers\mup.sys\SystemRoot\System32\drivers\hwpolicy.sys\SystemRoot\System32\DRIVERS\fvevol.sys\SystemRoot\system32\drivers\disk.sys\SystemRoot\system32\drivers\CLASSPNP.SYS\SystemRoot\system32\DRIVERS\cdrom.sys\SystemRoot\System32\Drivers\Null.SYS\SystemRoot\System32\Drivers\Beep.SYS\SystemRoot\System32\drivers\vga.sys\SystemRoot\System32\drivers\VIDEOPRT.SYS\SystemRoot\System32\drivers\watchdog.sys\SystemRoot\System32\DRIVERS\RDPCDD.sys\SystemRoot\system32\drivers\rdpencdd.sys\SystemRoot\system32\drivers\rdprefmp.sys\SystemRoot\System32\Drivers\Msfs.SYS\SystemRoot\System32\Drivers\Npfs.SYS\SystemRoot\system32\DRIVERS\tdx.sys\SystemRoot\system32\DRIVERS\TDI.SYS\SystemRoot\System32\DRIVERS\netbt.sys\SystemRoot\system32\drivers\afd.sys\SystemRoot\system32\DRIVERS\wfplwf.sys\SystemRoot\system32\DRIVERS\pacer.sys\SystemRoot\system32\DRIVERS\netbios.sys\SystemRoot\system32\drivers\serial.sys\SystemRoot\system32\DRIVERS\wanarp.sys\SystemRoot\system32\drivers\termdd.sys\SystemRoot\system32\DRIVERS\rdbss.sys\SystemRoot\system32\drivers\nsiproxy.sys\SystemRoot\system32\drivers\mssmbios.sys\SystemRoot\System32\drivers\discache.sys\SystemRoot\system32\drivers\csc.sys\SystemRoot\System32\Drivers\dfsc.sys\SystemRoot\system32\drivers\blbdrive.sys\SystemRoot\system32\DRIVERS\tunnel.sys\SystemRoot\system32\DRIVERS\nvlddmkm.sys\SystemRoot\System32\Drivers\nvBridge.kmd\SystemRoot\System32\drivers\dxgkrnl.sys\SystemRoot\System32\drivers\dxgmms1.sys\SystemRoot\system32\DRIVERS\HDAudBus.sys\SystemRoot\system32\drivers\HECI.sys\SystemRoot\system32\drivers\serenum.sys\SystemRoot\system32\DRIVERS\e1c6232.sys\SystemRoot\system32\drivers\usbehci.sys\SystemRoot\system32\drivers\USBPORT.SYS\SystemRoot\system32\drivers\nusb3xhc.sys\SystemRoot\system32\drivers\USBD.SYS\SystemRoot\system32\drivers\1394ohci.sys\SystemRoot\system32\drivers\tpm.sys\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys\SystemRoot\system32\drivers\intelppm.sys\SystemRoot\system32\drivers\CompositeBus.sys\SystemRoot\System32\Drivers\RootMdm.sys\SystemRoot\system32\drivers\modem.sys\SystemRoot\system32\DRIVERS\AgileVpn.sys\SystemRoot\system32\DRIVERS\rasl2tp.sys\SystemRoot\system32\DRIVERS\ndistapi.sys\SystemRoot\system32\DRIVERS\ndiswan.sys\SystemRoot\system32\DRIVERS\raspppoe.sys\SystemRoot\system32\DRIVERS\raspptp.sys\SystemRoot\system32\DRIVERS\rassstp.sys\SystemRoot\system32\DRIVERS\pctnullport.sys\SystemRoot\system32\DRIVERS\RimSerial.sys\SystemRoot\system32\drivers\rdpbus.sys\SystemRoot\system32\DRIVERS\kbdclass.sys\SystemRoot\system32\DRIVERS\mouclass.sys\SystemRoot\system32\drivers\swenum.sys\SystemRoot\system32\drivers\ks.sys\SystemRoot\system32\DRIVERS\NWADIenum.sys\SystemRoot\system32\DRIVERS\umbus.sys\SystemRoot\system32\DRIVERS\usbhub.sys\SystemRoot\System32\Drivers\NDProxy.SYS\SystemRoot\system32\drivers\nvhda32v.sys\SystemRoot\system32\drivers\portcls.sys\SystemRoot\system32\drivers\drmk.sys\SystemRoot\system32\drivers\RTKVHDA.sys\SystemRoot\system32\DRIVERS\IntcDAud.sys\SystemRoot\system32\drivers\nusb3hub.sys\SystemRoot\System32\Drivers\crashdmp.sys\SystemRoot\System32\Drivers\dump_dumpata.sys\SystemRoot\System32\Drivers\dump_msahci.sys\SystemRoot\System32\Drivers\dump_dumpfve.sys\SystemRoot\System32\win32k.sys\SystemRoot\System32\drivers\Dxapi.sys\SystemRoot\system32\DRIVERS\monitor.sys\SystemRoot\system32\DRIVERS\usbccgp.sys\SystemRoot\system32\DRIVERS\usbscan.sys\SystemRoot\system32\DRIVERS\usbprint.sys\SystemRoot\system32\DRIVERS\USBSTOR.SYS\SystemRoot\system32\DRIVERS\hidusb.sys\SystemRoot\system32\DRIVERS\HIDCLASS.SYS\SystemRoot\system32\DRIVERS\HIDPARSE.SYS\SystemRoot\system32\DRIVERS\mouhid.sys\SystemRoot\System32\TSDDD.dll\SystemRoot\System32\cdd.dll\SystemRoot\system32\DRIVERS\kbdhid.sys\SystemRoot\system32\drivers\luafv.sys\??\C:\windows\system32\drivers\mbam.sys\SystemRoot\system32\DRIVERS\lltdio.sys\SystemRoot\system32\DRIVERS\rspndr.sys\SystemRoot\system32\drivers\HTTP.sys\SystemRoot\system32\DRIVERS\bowser.sys\SystemRoot\System32\drivers\mpsdrv.sys\SystemRoot\system32\DRIVERS\mrxsmb.sys\SystemRoot\system32\DRIVERS\mrxsmb10.sys\SystemRoot\system32\DRIVERS\mrxsmb20.sys\SystemRoot\system32\DRIVERS\NisDrvWFP.sys\SystemRoot\system32\drivers\peauth.sys\SystemRoot\System32\Drivers\secdrv.SYS\SystemRoot\System32\DRIVERS\srvnet.sys\SystemRoot\System32\drivers\tcpipreg.sys\SystemRoot\System32\DRIVERS\srv2.sys\SystemRoot\System32\DRIVERS\srv.sys\SystemRoot\system32\drivers\WudfPf.sys\SystemRoot\system32\DRIVERS\WUDFRd.sys\SystemRoot\System32\drivers\ipnat.sys\SystemRoot\system32\DRIVERS\hamachi.sys\SystemRoot\system32\drivers\spsys.sys\??\C:\windows\system32\drivers\mbamchameleon.sys\SystemRoot\system32\DRIVERS\asyncmac.sys\??\C:\windows\system32\drivers\mbamswissarmy.sys\Windows\System32\ntdll.dll\Windows\System32\smss.exe\Windows\System32\apisetschema.dll\Windows\System32\autochk.exe\Windows\System32\oleaut32.dll\Windows\System32\urlmon.dll\Windows\System32\usp10.dll\Windows\System32\ws2_32.dll\Windows\System32\kernel32.dll\Windows\System32\gdi32.dll\Windows\System32\imm32.dll\Windows\System32\clbcatq.dll\Windows\System32\user32.dll\Windows\System32\normaliz.dll\Windows\System32\shlwapi.dll\Windows\System32\ole32.dll\Windows\System32\nsi.dll\Windows\System32\sechost.dll\Windows\System32\iertutil.dll\Windows\System32\msctf.dll\Windows\System32\msvcrt.dll\Windows\System32\advapi32.dll\Windows\System32\difxapi.dll\Windows\System32\shell32.dll\Windows\System32\comdlg32.dll\Windows\System32\Wldap32.dll\Windows\System32\rpcrt4.dll\Windows\System32\setupapi.dll\Windows\System32\psapi.dll\Windows\System32\imagehlp.dll\Windows\System32\wininet.dll\Windows\System32\lpk.dll\Windows\System32\comctl32.dll\Windows\System32\wintrust.dll\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll\Windows\System32\KernelBase.dll\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll\Windows\System32\devobj.dll\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll\Windows\System32\crypt32.dll\Windows\System32\cfgmgr32.dll\Windows\System32\msasn1.dll----------- End -----------Done!<<<1>>>Upper Device Name: \Device\Harddisk6\DR6Upper Device Object: 0xffffffff881ae030Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\00000088\Lower Device Object: 0xffffffff87de2610Lower Device Driver Name: \Driver\USBSTOR\<<<1>>>Upper Device Name: \Device\Harddisk5\DR5Upper Device Object: 0xffffffff881b0ac8Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\00000087\Lower Device Object: 0xffffffff87de2ca8Lower Device Driver Name: \Driver\USBSTOR\<<<1>>>Upper Device Name: \Device\Harddisk4\DR4Upper Device Object: 0xffffffff881757b8Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\00000086\Lower Device Object: 0xffffffff88170030Lower Device Driver Name: \Driver\USBSTOR\<<<1>>>Upper Device Name: \Device\Harddisk3\DR3Upper Device Object: 0xffffffff88175030Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\00000085\Lower Device Object: 0xffffffff881b7118Lower Device Driver Name: \Driver\USBSTOR\<<<1>>>Upper Device Name: \Device\Harddisk2\DR2Upper Device Object: 0xffffffff881724f8Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\00000084\Lower Device Object: 0xffffffff881a2030Lower Device Driver Name: \Driver\USBSTOR\<<<1>>>Upper Device Name: \Device\Harddisk1\DR1Upper Device Object: 0xffffffff8812e938Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\00000081\Lower Device Object: 0xffffffff880ffc28Lower Device Driver Name: \Driver\USBSTOR\<<<1>>>Upper Device Name: \Device\Harddisk0\DR0Upper Device Object: 0xffffffff87046298Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\Ide\IdeDeviceP3T0L0-5\Lower Device Object: 0xffffffff86ad7030Lower Device Driver Name: \Driver\atapi\<<<2>>>Device number: 0, partition: 3Physical Sector Size: 512Drive: 0, DevicePointer: 0xffffffff87046298, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xffffffff87047020, DeviceName: Unknown, DriverName: \Driver\partmgr\DevicePointer: 0xffffffff87046298, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\DevicePointer: 0xffffffff86ad7030, DeviceName: \Device\Ide\IdeDeviceP3T0L0-5\, DriverName: \Driver\atapi\------------ End ----------Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\Upper DeviceData: 0x0, 0x0, 0x0Lower DeviceData: 0x0, 0x0, 0x0<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes<<<2>>>Device number: 0, partition: 3<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesScanning drivers directory: C:\windows\system32\drivers...<<<2>>>Device number: 0, partition: 3<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesDone!Drive 0Scanning MBR on drive 0...Inspecting partition table:MBR Signature: 55AADisk Signature: E76C86CA Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 2048 Numsec = 1024000 Partition file system is NTFS Partition is bootable Partition 1 type is Other (0x27) Partition is NOT ACTIVE. Partition starts at LBA: 1026048 Numsec = 16384000 Partition 2 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 17410048 Numsec = 959361024 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 500107862016 bytesSector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...Done!Physical Sector Size: 0Drive: 1, DevicePointer: 0xffffffff8812e938, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xffffffff880ded10, DeviceName: Unknown, DriverName: \Driver\partmgr\DevicePointer: 0xffffffff8812e938, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\DevicePointer: 0xffffffff880ffc28, DeviceName: \Device\00000081\, DriverName: \Driver\USBSTOR\------------ End ----------Physical Sector Size: 0Drive: 2, DevicePointer: 0xffffffff881724f8, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xffffffff881721d8, DeviceName: Unknown, DriverName: \Driver\partmgr\DevicePointer: 0xffffffff881724f8, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\DevicePointer: 0xffffffff881a2030, DeviceName: \Device\00000084\, DriverName: \Driver\USBSTOR\------------ End ----------Physical Sector Size: 0Drive: 3, DevicePointer: 0xffffffff88175030, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xffffffff88175d10, DeviceName: Unknown, DriverName: \Driver\partmgr\DevicePointer: 0xffffffff88175030, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\DevicePointer: 0xffffffff881b7118, DeviceName: \Device\00000085\, DriverName: \Driver\USBSTOR\------------ End ----------Physical Sector Size: 0Drive: 4, DevicePointer: 0xffffffff881757b8, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xffffffff881b0020, DeviceName: Unknown, DriverName: \Driver\partmgr\DevicePointer: 0xffffffff881757b8, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\DevicePointer: 0xffffffff88170030, DeviceName: \Device\00000086\, DriverName: \Driver\USBSTOR\------------ End ----------Physical Sector Size: 0Drive: 5, DevicePointer: 0xffffffff881b0ac8, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xffffffff881b07a8, DeviceName: Unknown, DriverName: \Driver\partmgr\DevicePointer: 0xffffffff881b0ac8, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\DevicePointer: 0xffffffff87de2ca8, DeviceName: \Device\00000087\, DriverName: \Driver\USBSTOR\------------ End ----------Physical Sector Size: 0Drive: 6, DevicePointer: 0xffffffff881ae030, DeviceName: \Device\Harddisk6\DR6\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xffffffff881b0498, DeviceName: Unknown, DriverName: \Driver\partmgr\DevicePointer: 0xffffffff881ae030, DeviceName: \Device\Harddisk6\DR6\, DriverName: \Driver\Disk\DevicePointer: 0xffffffff87de2610, DeviceName: \Device\00000088\, DriverName: \Driver\USBSTOR\------------ End ----------Scan finished======================================= Removal queue found; removal startedRemoving c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_0_2048_i.mbam...Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...Removal finished Link to post Share on other sites More sharing options...
Psychotic Posted July 3, 2013 ID:698173 Share Posted July 3, 2013 We´re not finished yet. CombofixCombofix should only be run when adviced by a team member!LinkImportant - Save the file to your desktop! Deactivate any and all of your antivirus programs /spyware scanners - they can prevent CF from doing its work.Run Combofix.exeWhen finished, Combofix creates a log file named C:\Combofix.txt. Please post its content in your next reply. Link to post Share on other sites More sharing options...
Sauur Posted July 3, 2013 Author ID:698292 Share Posted July 3, 2013 Ran combo fix here is the text log. ComboFix 13-07-02.03 - Alex 07/03/2013 8:29.1.4 - x86Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3058.2076 [GMT -5:00]Running from: c:\users\Alex\Downloads\ComboFix.exeAV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..C:\install.exec:\program files\CouponAlert_2pEIc:\windows\system32\drivers\etc\hosts.icsc:\windows\wininit.ini..((((((((((((((((((((((((( Files Created from 2013-06-03 to 2013-07-03 )))))))))))))))))))))))))))))))..2013-07-03 13:37 . 2013-07-03 13:37 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp2013-07-03 13:37 . 2013-07-03 13:37 -------- d-----w- c:\users\Default\AppData\Local\temp2013-07-03 06:37 . 2013-07-03 06:37 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AEB29C31-151E-4410-908A-0E72B47442FD}\MpKsl58191535.sys2013-07-03 06:35 . 2013-07-03 06:35 -------- d-----w- c:\program files\LogMeIn Hamachi2013-07-03 02:26 . 2013-07-03 06:54 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)2013-07-02 23:40 . 2013-06-12 04:18 7068072 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AEB29C31-151E-4410-908A-0E72B47442FD}\mpengine.dll2013-07-01 23:40 . 2013-06-12 04:18 7068072 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll2013-06-29 03:52 . 2013-06-29 03:52 -------- d-----w- c:\users\Alex\AppData\Roaming\DefendersQuest2013-06-21 23:41 . 2013-06-21 23:40 724464 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2AD79A6D-581D-4280-8D83-D49A086D03F8}\gapaengine.dll2013-06-18 08:16 . 2013-06-08 11:13 2706432 ----a-w- c:\windows\system32\mshtml.tlb2013-06-18 08:16 . 2013-06-08 11:41 218112 ----a-w- c:\program files\Internet Explorer\sqmapi.dll2013-06-18 05:20 . 2013-04-25 23:30 1505280 ----a-w- c:\windows\system32\d3d11.dll2013-06-18 05:19 . 2013-05-10 03:20 24576 ----a-w- c:\windows\system32\cryptdlg.dll2013-06-18 05:19 . 2013-04-26 04:55 492544 ----a-w- c:\windows\system32\win32spl.dll2013-06-18 05:19 . 2013-05-13 03:08 903168 ----a-w- c:\windows\system32\certutil.exe2013-06-18 05:19 . 2013-05-13 04:45 140288 ----a-w- c:\windows\system32\cryptsvc.dll2013-06-18 05:19 . 2013-05-13 04:45 1160192 ----a-w- c:\windows\system32\crypt32.dll2013-06-18 05:19 . 2013-05-13 04:45 103936 ----a-w- c:\windows\system32\cryptnet.dll2013-06-18 05:19 . 2013-05-13 03:08 43008 ----a-w- c:\windows\system32\certenc.dll2013-06-18 05:19 . 2013-04-17 07:02 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll2013-06-18 05:17 . 2013-05-06 05:06 3968872 ----a-w- c:\windows\system32\ntkrnlpa.exe2013-06-18 05:17 . 2013-05-06 05:06 3913576 ----a-w- c:\windows\system32\ntoskrnl.exe2013-06-18 05:17 . 2013-05-08 05:38 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys2013-06-13 06:18 . 2013-06-18 05:08 -------- d-----w- c:\program files\Coupons.com CouponBar2013-06-10 16:45 . 2013-06-10 16:48 -------- d-----w- c:\program files\Google...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-05-21 08:35 . 2012-10-13 03:43 724464 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll2013-05-17 00:59 . 2013-05-17 01:00 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll2013-05-17 00:59 . 2013-05-17 01:00 866720 ----a-w- c:\windows\system32\npDeployJava1.dll2013-05-17 00:59 . 2011-08-29 20:29 788896 ----a-w- c:\windows\system32\deployJava1.dll2013-05-07 08:05 . 2013-05-07 08:05 745472 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe2013-05-07 08:05 . 2013-05-07 08:05 185344 ----a-w- c:\windows\system32\elshyph.dll2013-05-07 08:05 . 2013-05-07 08:05 158720 ----a-w- c:\windows\system32\msls31.dll2013-05-07 08:05 . 2013-05-07 08:05 73728 ----a-w- c:\windows\system32\SetIEInstalledDate.exe2013-05-07 08:05 . 2013-05-07 08:05 61952 ----a-w- c:\windows\system32\tdc.ocx2013-05-07 08:05 . 2013-05-07 08:05 523264 ----a-w- c:\windows\system32\vbscript.dll2013-05-07 08:05 . 2013-05-07 08:05 48640 ----a-w- c:\windows\system32\mshtmler.dll2013-05-07 08:05 . 2013-05-07 08:05 38400 ----a-w- c:\windows\system32\imgutil.dll2013-05-07 08:05 . 2013-05-07 08:05 361984 ----a-w- c:\windows\system32\html.iec2013-05-07 08:05 . 2013-05-07 08:05 150528 ----a-w- c:\windows\system32\iexpress.exe2013-05-07 08:05 . 2013-05-07 08:05 138752 ----a-w- c:\windows\system32\wextract.exe2013-05-07 08:05 . 2013-05-07 08:05 137216 ----a-w- c:\windows\system32\ieUnatt.exe2013-05-07 08:05 . 2013-05-07 08:05 12800 ----a-w- c:\windows\system32\mshta.exe2013-05-07 08:05 . 2013-05-07 08:05 110592 ----a-w- c:\windows\system32\IEAdvpack.dll2013-05-07 08:05 . 2013-05-07 08:05 719360 ----a-w- c:\windows\system32\mshtmlmedia.dll2013-05-07 08:05 . 2013-05-07 08:05 23040 ----a-w- c:\windows\system32\licmgr10.dll2013-05-07 08:05 . 2013-05-07 08:05 1441280 ----a-w- c:\windows\system32\inetcpl.cpl2013-05-02 15:28 . 2011-06-01 19:08 238872 ------w- c:\windows\system32\MpSigStub.exe2013-04-13 04:45 . 2013-05-15 06:35 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll2013-04-13 04:45 . 2013-05-15 06:35 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll2013-04-12 13:45 . 2013-04-24 04:24 1211752 ----a-w- c:\windows\system32\drivers\ntfs.sys2013-04-10 05:18 . 2013-05-15 06:35 728424 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys2013-04-10 05:18 . 2013-05-15 06:35 218984 ----a-w- c:\windows\system32\drivers\dxgmms1.sys2013-04-10 03:14 . 2013-05-15 06:35 2347520 ----a-w- c:\windows\system32\win32k.sys2013-04-04 19:50 . 2011-08-24 18:32 22856 ----a-w- c:\windows\system32\drivers\mbam.sys..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Steam"="c:\program files\Steam\Steam.exe" [2013-06-06 1641896]"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17418928].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"IMSS"="c:\program files\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" [2011-05-04 112408]"NUSB3MON"="c:\program files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2011-04-15 113288]"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-05-03 10082920]"QuickFinder Scheduler"="c:\program files\Corel\WordPerfect Office X5\Programs\QFSCHD150.EXE" [2010-10-26 136600]"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]"Sprint SmartView"="c:\program files\Sprint\Sprint SmartView\SprintSV.exe" [2008-10-15 17664]"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-10 142680]"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-10 176472]"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-10 175448]"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 947152]"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-12-12 152544]"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2013-06-28 2255184].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]@="Service".R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\mcsacore.exe [x]R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-05-14 3289208]R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-07-13 160944]R3 CASprint;Sprint Con App Svc;c:\program files\Sprint\Sprint SmartView\ConAppsSvc.exe [2008-10-15 124160]R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-12-15 25832]R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 100328]R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 295232]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-06-01 1343400]S1 MpKsl58191535;MpKsl58191535;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AEB29C31-151E-4410-908A-0E72B47442FD}\MpKsl58191535.sys [2013-07-03 29904]S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2013-06-28 1440080]S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2011-02-28 109728]S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-01-18 383264]S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-05-04 2656536]S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 269824]S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 22856]S3 MEI;Intel® Management Engine Interface;c:\windows\system32\drivers\HECI.sys [2010-10-19 41088]S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [2011-04-14 67456]S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [2011-04-14 161024]..--- Other Services/Drivers In Memory ---.*NewlyCreated* - MPKSL58191535.Contents of the 'Scheduled Tasks' folder.2013-07-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files\Google\Update\GoogleUpdate.exe [2013-06-10 16:45].2013-07-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files\Google\Update\GoogleUpdate.exe [2013-06-10 16:45].2013-07-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-516339814-3238110949-1810747115-1000Core.job- c:\users\Alex\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-01 06:43].2013-07-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-516339814-3238110949-1810747115-1000UA.job- c:\users\Alex\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-01 06:43]..------- Supplementary Scan -------.uStart Page = about:blankuInternet Settings,ProxyOverride = *.localIE: Copy to &Lightning Note - c:\program files\Corel\WordPerfect Lightning\Programs\WPLightningCopyToNote.htaIE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000IE: Open with WordPerfect - c:\program files\Corel\WordPerfect Office X5\Programs\WPLauncher.htaTrusted Zone: clonewarsadventures.comTrusted Zone: freerealms.comTrusted Zone: soe.comTrusted Zone: sony.comTCP: DhcpNameServer = 192.168.0.1FF - ProfilePath - c:\users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\ex57hmos.default\FF - prefs.js: browser.search.defaulturl - FF - prefs.js: network.proxy.http - 127.0.0.1FF - prefs.js: network.proxy.http_port - 55818FF - prefs.js: network.proxy.type - 0FF - user.js: extensions.delta.tlbrSrchUrl - FF - user.js: extensions.delta.id - 7c07e57000000000000000224d501385FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}FF - user.js: extensions.delta.instlDay - 15753FF - user.js: extensions.delta.vrsn - 1.8.10.0FF - user.js: extensions.delta.vrsni - 1.8.10.0FF - user.js: extensions.delta.vrsnTs - 1.8.10.023:42FF - user.js: extensions.delta.prtnrId - deltaFF - user.js: extensions.delta.prdct - deltaFF - user.js: extensions.delta.aflt - babsstFF - user.js: extensions.delta.smplGrp - noneFF - user.js: extensions.delta.tlbrId - baseFF - user.js: extensions.delta.instlRef - sstFF - user.js: extensions.delta.dfltLng - enFF - user.js: extensions.delta.excTlbr - falseFF - user.js: extensions.delta.admin - falseFF - user.js: extensions.delta.autoRvrt - falseFF - user.js: extensions.delta.rvrt - falseFF - user.js: extensions.delta.newTab - false.- - - - ORPHANS REMOVED - - - -.URLSearchHooks-{37153479-1976-43c3-a1ee-557513977b64} - (no file)Toolbar-10 - (no file)HKCU-Run-Advanced SystemCare 5 - c:\program files\IObit\Advanced SystemCare 5\ASCTray.exeSafeBoot-39879880.sys...--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).Completion time: 2013-07-03 08:39:58ComboFix-quarantined-files.txt 2013-07-03 13:39.Pre-Run: 133,894,397,952 bytes freePost-Run: 134,108,311,552 bytes free.- - End Of File - - E49B0833D76C34F295D2A39265CFF7F6A36C5E4F47E84449FF07ED3517B43A31 Link to post Share on other sites More sharing options...
Psychotic Posted July 4, 2013 ID:698674 Share Posted July 4, 2013 1. Close any open browsers.2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.3. Download the attached CFScript.txt and save it to the location where Combofix is.Refering to the picture above, drag CFScript into ComboFix.exeWhen finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply. Please download Malwarebytes' Anti-Malware to your desktop.Double-click mbam-setup.exe and follow the prompts to install the program. At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. If an update is found, it will download and install the latest version. Run Malwarebytes´ Antimalware. Once the program has loaded, select Perform full scan, mark all your hard drives, then click Scan. When the scan is complete, click OK, then Show Results to view the results. Be sure that everything is checked, and click Remove Selected. When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be found here:C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt Post that log back here.CFScript.txt Link to post Share on other sites More sharing options...
Sauur Posted July 4, 2013 Author ID:698848 Share Posted July 4, 2013 Here are the two logs: ComboFix 13-07-02.03 - Alex 07/04/2013 12:06:15.2.4 - x86Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3058.2036 [GMT -5:00]Running from: c:\users\Alex\Downloads\ComboFix.exeCommand switches used :: c:\users\Alex\Desktop\CFScript.txtAV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\program files\Coupons.com CouponBarc:\program files\Coupons.com CouponBar\arrow_refresh.pngc:\program files\Coupons.com CouponBar\basis.xmlc:\program files\Coupons.com CouponBar\chrome\coupons.com.crx\coupons.com.crxc:\program files\Coupons.com CouponBar\cog.pngc:\program files\Coupons.com CouponBar\computer_delete.pngc:\program files\Coupons.com CouponBar\firefox\{1C43BAF1-00C2-40A8-A09E-F84CFD79546D}\coupons.com.xpic:\program files\Coupons.com CouponBar\icons3.bmpc:\program files\Coupons.com CouponBar\info.txtc:\program files\Coupons.com CouponBar\login.pngc:\program files\Coupons.com CouponBar\logo.pngc:\program files\Coupons.com CouponBar\search.pngc:\program files\Coupons.com CouponBar\todays_deals.pngc:\program files\Coupons.com CouponBar\Uninstall\IRIMG1.BMPc:\program files\Coupons.com CouponBar\Uninstall\IRIMG1.JPGc:\program files\Coupons.com CouponBar\Uninstall\IRIMG2.BMPc:\program files\Coupons.com CouponBar\Uninstall\IRIMG2.JPGc:\program files\Coupons.com CouponBar\Uninstall\IRIMG3.BMPc:\program files\Coupons.com CouponBar\Uninstall\IRIMG3.JPGc:\program files\Coupons.com CouponBar\Uninstall\IRIMG4.BMPc:\program files\Coupons.com CouponBar\Uninstall\IRIMG4.JPGc:\program files\Coupons.com CouponBar\Uninstall\IRIMG5.BMPc:\program files\Coupons.com CouponBar\Uninstall\IRIMG5.JPGc:\program files\Coupons.com CouponBar\Uninstall\IRIMG6.BMPc:\program files\Coupons.com CouponBar\Uninstall\IRIMG7.BMPc:\program files\Coupons.com CouponBar\Uninstall\IRIMG8.BMPc:\program files\Coupons.com CouponBar\Uninstall\IRIMG9.BMPc:\program files\Coupons.com CouponBar\Uninstall\uninstall.datc:\program files\Coupons.com CouponBar\Uninstall\uninstall.xmlc:\program files\Coupons.com CouponBar\version.txt..((((((((((((((((((((((((( Files Created from 2013-06-04 to 2013-07-04 )))))))))))))))))))))))))))))))..2013-07-04 17:12 . 2013-07-04 17:12 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp2013-07-04 17:12 . 2013-07-04 17:12 -------- d-----w- c:\users\Default\AppData\Local\temp2013-07-04 06:45 . 2013-06-12 04:18 7068072 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{09BB1389-4344-4ADC-8C80-B35111D4BB72}\mpengine.dll2013-07-03 06:35 . 2013-07-03 06:35 -------- d-----w- c:\program files\LogMeIn Hamachi2013-07-03 02:26 . 2013-07-03 06:54 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)2013-07-02 23:40 . 2013-06-12 04:18 7068072 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll2013-06-29 03:52 . 2013-06-29 03:52 -------- d-----w- c:\users\Alex\AppData\Roaming\DefendersQuest2013-06-21 23:41 . 2013-06-21 23:40 724464 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2AD79A6D-581D-4280-8D83-D49A086D03F8}\gapaengine.dll2013-06-18 08:16 . 2013-06-08 11:13 2706432 ----a-w- c:\windows\system32\mshtml.tlb2013-06-18 08:16 . 2013-06-08 11:41 218112 ----a-w- c:\program files\Internet Explorer\sqmapi.dll2013-06-18 05:20 . 2013-04-25 23:30 1505280 ----a-w- c:\windows\system32\d3d11.dll2013-06-18 05:19 . 2013-05-10 03:20 24576 ----a-w- c:\windows\system32\cryptdlg.dll2013-06-18 05:19 . 2013-04-26 04:55 492544 ----a-w- c:\windows\system32\win32spl.dll2013-06-18 05:19 . 2013-05-13 03:08 903168 ----a-w- c:\windows\system32\certutil.exe2013-06-18 05:19 . 2013-05-13 04:45 140288 ----a-w- c:\windows\system32\cryptsvc.dll2013-06-18 05:19 . 2013-05-13 04:45 1160192 ----a-w- c:\windows\system32\crypt32.dll2013-06-18 05:19 . 2013-05-13 04:45 103936 ----a-w- c:\windows\system32\cryptnet.dll2013-06-18 05:19 . 2013-05-13 03:08 43008 ----a-w- c:\windows\system32\certenc.dll2013-06-18 05:19 . 2013-04-17 07:02 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll2013-06-18 05:17 . 2013-05-06 05:06 3968872 ----a-w- c:\windows\system32\ntkrnlpa.exe2013-06-18 05:17 . 2013-05-06 05:06 3913576 ----a-w- c:\windows\system32\ntoskrnl.exe2013-06-18 05:17 . 2013-05-08 05:38 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys2013-06-10 16:45 . 2013-06-10 16:48 -------- d-----w- c:\program files\Google...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-05-21 08:35 . 2012-10-13 03:43 724464 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll2013-05-17 00:59 . 2013-05-17 01:00 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll2013-05-17 00:59 . 2013-05-17 01:00 866720 ----a-w- c:\windows\system32\npDeployJava1.dll2013-05-17 00:59 . 2011-08-29 20:29 788896 ----a-w- c:\windows\system32\deployJava1.dll2013-05-07 08:05 . 2013-05-07 08:05 745472 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe2013-05-07 08:05 . 2013-05-07 08:05 185344 ----a-w- c:\windows\system32\elshyph.dll2013-05-07 08:05 . 2013-05-07 08:05 158720 ----a-w- c:\windows\system32\msls31.dll2013-05-07 08:05 . 2013-05-07 08:05 73728 ----a-w- c:\windows\system32\SetIEInstalledDate.exe2013-05-07 08:05 . 2013-05-07 08:05 61952 ----a-w- c:\windows\system32\tdc.ocx2013-05-07 08:05 . 2013-05-07 08:05 523264 ----a-w- c:\windows\system32\vbscript.dll2013-05-07 08:05 . 2013-05-07 08:05 48640 ----a-w- c:\windows\system32\mshtmler.dll2013-05-07 08:05 . 2013-05-07 08:05 38400 ----a-w- c:\windows\system32\imgutil.dll2013-05-07 08:05 . 2013-05-07 08:05 361984 ----a-w- c:\windows\system32\html.iec2013-05-07 08:05 . 2013-05-07 08:05 150528 ----a-w- c:\windows\system32\iexpress.exe2013-05-07 08:05 . 2013-05-07 08:05 138752 ----a-w- c:\windows\system32\wextract.exe2013-05-07 08:05 . 2013-05-07 08:05 137216 ----a-w- c:\windows\system32\ieUnatt.exe2013-05-07 08:05 . 2013-05-07 08:05 12800 ----a-w- c:\windows\system32\mshta.exe2013-05-07 08:05 . 2013-05-07 08:05 110592 ----a-w- c:\windows\system32\IEAdvpack.dll2013-05-07 08:05 . 2013-05-07 08:05 719360 ----a-w- c:\windows\system32\mshtmlmedia.dll2013-05-07 08:05 . 2013-05-07 08:05 23040 ----a-w- c:\windows\system32\licmgr10.dll2013-05-07 08:05 . 2013-05-07 08:05 1441280 ----a-w- c:\windows\system32\inetcpl.cpl2013-05-02 15:28 . 2011-06-01 19:08 238872 ------w- c:\windows\system32\MpSigStub.exe2013-04-13 04:45 . 2013-05-15 06:35 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll2013-04-13 04:45 . 2013-05-15 06:35 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll2013-04-12 13:45 . 2013-04-24 04:24 1211752 ----a-w- c:\windows\system32\drivers\ntfs.sys2013-04-10 05:18 . 2013-05-15 06:35 728424 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys2013-04-10 05:18 . 2013-05-15 06:35 218984 ----a-w- c:\windows\system32\drivers\dxgmms1.sys2013-04-10 03:14 . 2013-05-15 06:35 2347520 ----a-w- c:\windows\system32\win32k.sys..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Steam"="c:\program files\Steam\Steam.exe" [2013-06-06 1641896]"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17418928].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"IMSS"="c:\program files\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" [2011-05-04 112408]"NUSB3MON"="c:\program files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2011-04-15 113288]"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-05-03 10082920]"QuickFinder Scheduler"="c:\program files\Corel\WordPerfect Office X5\Programs\QFSCHD150.EXE" [2010-10-26 136600]"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]"Sprint SmartView"="c:\program files\Sprint\Sprint SmartView\SprintSV.exe" [2008-10-15 17664]"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-10 142680]"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-10 176472]"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-10 175448]"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 947152]"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-12-12 152544]"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2013-06-28 2255184].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]@="Service".R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\mcsacore.exe [x]R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-05-14 3289208]R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-07-13 160944]R3 CASprint;Sprint Con App Svc;c:\program files\Sprint\Sprint SmartView\ConAppsSvc.exe [2008-10-15 124160]R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-12-15 25832]R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 100328]R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 295232]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-06-01 1343400]S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2013-06-28 1440080]S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2011-02-28 109728]S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-01-18 383264]S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-05-04 2656536]S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 269824]S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 22856]S3 MEI;Intel® Management Engine Interface;c:\windows\system32\drivers\HECI.sys [2010-10-19 41088]S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [2011-04-14 67456]S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [2011-04-14 161024]..--- Other Services/Drivers In Memory ---.*NewlyCreated* - MPKSL58191535*Deregistered* - MpKsl58191535.Contents of the 'Scheduled Tasks' folder.2013-07-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files\Google\Update\GoogleUpdate.exe [2013-06-10 16:45].2013-07-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files\Google\Update\GoogleUpdate.exe [2013-06-10 16:45].2013-07-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-516339814-3238110949-1810747115-1000Core.job- c:\users\Alex\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-01 06:43].2013-07-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-516339814-3238110949-1810747115-1000UA.job- c:\users\Alex\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-01 06:43]..------- Supplementary Scan -------.uStart Page = about:blankuInternet Settings,ProxyOverride = *.localIE: Copy to &Lightning Note - c:\program files\Corel\WordPerfect Lightning\Programs\WPLightningCopyToNote.htaIE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000IE: Open with WordPerfect - c:\program files\Corel\WordPerfect Office X5\Programs\WPLauncher.htaTrusted Zone: clonewarsadventures.comTrusted Zone: freerealms.comTrusted Zone: soe.comTrusted Zone: sony.comTCP: DhcpNameServer = 192.168.0.1FF - ProfilePath - c:\users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\ex57hmos.default\..--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).Completion time: 2013-07-04 12:13:41ComboFix-quarantined-files.txt 2013-07-04 17:13ComboFix2.txt 2013-07-03 13:39.Pre-Run: 133,464,936,448 bytes freePost-Run: 133,159,202,816 bytes free.- - End Of File - - 440E82A661A7E3B87235F5FC476CAB42A36C5E4F47E84449FF07ED3517B43A31 And mbam one - Windows 7 Service Pack 1 x86 NTFSInternet Explorer 10.0.9200.16618Alex :: ALEX-PC [administrator] 7/4/2013 12:49:49 PMmbam-log-2013-07-04 (12-49-49).txt Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|)Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 526611Time elapsed: 1 hour(s), 21 minute(s), 56 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 0(No malicious items detected) Registry Values Detected: 0(No malicious items detected) Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 0(No malicious items detected) Files Detected: 0(No malicious items detected) (end) Link to post Share on other sites More sharing options...
Psychotic Posted July 5, 2013 ID:698988 Share Posted July 5, 2013 Looks good! Please go to here to run the online scannner from ESET. Turn off the real time scanner of any existing antivirus program while performing the online scanTick the box next to YES, I accept the Terms of Use.Click StartWhen asked, allow the activex control to installClick StartMake sure that the option Remove found threats is unticked Click on Advanced Settings and ensure these options are ticked:Scan for potentially unwanted applicationsScan for potentially unsafe applicationsEnable Anti-Stealth Technology[*]Click Scan[*]Wait for the scan to finish[*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic. Link to post Share on other sites More sharing options...
Sauur Posted July 6, 2013 Author ID:699337 Share Posted July 6, 2013 Ok here it is C:\ProgramData\Spybot - Search & Destroy\Recovery\USTechSupportMyCleanPC.zip Win32/Bagle.gen.zip wormC:\ProgramData\Spybot - Search & Destroy\Recovery\USTechSupportMyCleanPC1.zip Win32/Bagle.gen.zip wormC:\ProgramData\Spybot - Search & Destroy\Recovery\WebCakeBHO1.zip Win32/Bagle.gen.zip wormC:\Users\Alex\AppData\Roaming\DSite\UpdateProc\UpdateTask.exe Win32/InstallCore.BD applicationC:\Users\Alex\AppData\Roaming\PDF Reader Packages\uninstaller.exe a variant of Win32/InstallCore.AZ applicationC:\Users\Alex\Downloads\PDFReaderSetup (1).exe a variant of Win32/InstallCore.BF applicationC:\Users\Alex\Downloads\PDFReaderSetup.exe a variant of Win32/InstallCore.BF applicationC:\Users\Alex\Downloads\setup_vlc.exe a variant of Win32/InstallCore.AF applicationC:\Users\Alex\Downloads\utorrent.exe a variant of Win32/Bunndle applicationC:\Users\All Users\Spybot - Search & Destroy\Recovery\USTechSupportMyCleanPC.zip Win32/Bagle.gen.zip wormC:\Users\All Users\Spybot - Search & Destroy\Recovery\USTechSupportMyCleanPC1.zip Win32/Bagle.gen.zip wormC:\Users\All Users\Spybot - Search & Destroy\Recovery\WebCakeBHO1.zip Win32/Bagle.gen.zip worm Just how infected was my computer. Link to post Share on other sites More sharing options...
Psychotic Posted July 6, 2013 ID:699399 Share Posted July 6, 2013 C:\Users\Alex\AppData\Roaming\DSite\UpdateProc\UpdateTask.exe Win32/InstallCore.BD applicationC:\Users\Alex\AppData\Roaming\PDF Reader Packages\uninstaller.exe a variant of Win32/InstallCore.AZ applicationC:\Users\Alex\Downloads\PDFReaderSetup (1).exe a variant of Win32/InstallCore.BF applicationC:\Users\Alex\Downloads\PDFReaderSetup.exe a variant of Win32/InstallCore.BF applicationC:\Users\Alex\Downloads\setup_vlc.exe a variant of Win32/InstallCore.AF applicationC:\Users\Alex\Downloads\utorrent.exe a variant of Win32/Bunndle application These files aren´t malware but contain security risks. I would delete them immediately. Your choice. Then we can do the cleanup - if you are facing any issues, report that immediately.Scan with adwCleanerPlease download AdwCleaner to your desktop.Run adwcleaner.exe.Hit delete.When the run is finished, it will open up a text file.Please post its contents within your next reply.You´ll find the log file at C:\AdwCleaner[s1].txt also.SecurityCheckPlease download SecurityCheck: LINK1 LINK2 Save it to your desktop, start it and follow the instructions in the window. After the scan finished the (checkup.txt) will open. Copy its content to your thread. Link to post Share on other sites More sharing options...
Sauur Posted July 6, 2013 Author ID:699569 Share Posted July 6, 2013 Here is Adcleaner - # AdwCleaner v2.304 - Logfile created 07/06/2013 at 13:47:05# Updated 03/07/2013 by Xplode# Operating system : Windows 7 Professional Service Pack 1 (32 bits)# User : Alex - ALEX-PC# Boot Mode : Normal# Running from : C:\Users\Alex\Downloads\adwcleaner.exe# Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** Folder Deleted : C:\ProgramData\Tarma InstallerFolder Deleted : C:\Users\Alex\AppData\LocalLow\Toolbar4Folder Deleted : C:\Users\Alex\AppData\Roaming\DSite ***** [Registry] ***** Key Deleted : HKCU\Software\5c55dedee139eb41Key Deleted : HKCU\Software\InstallCoreKey Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.comKey Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.comKey Deleted : HKCU\Software\YahooPartnerToolbarKey Deleted : HKLM\SOFTWARE\5c55dedee139eb41Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FD8F79A0-D2E2-4FA2-AEAF-393EAC8064F7}Key Deleted : HKLM\SOFTWARE\Classes\Prod.capKey Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCSKey Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966 ***** [internet Browsers] ***** -\\ Internet Explorer v10.0.9200.16611 [OK] Registry is clean. -\\ Mozilla Firefox v22.0 (en-US) File : C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\ex57hmos.default\prefs.js C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\ex57hmos.default\user.js ... Deleted ! [OK] File is clean. -\\ Google Chrome v27.0.1453.116 File : C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Preferences ************************* AdwCleaner[R1].txt - [17657 octets] - [22/12/2012 14:26:53]AdwCleaner[R2].txt - [17718 octets] - [22/12/2012 14:58:28]AdwCleaner[R3].txt - [2521 octets] - [06/07/2013 13:31:17]AdwCleaner[s1].txt - [17641 octets] - [22/12/2012 14:58:43]AdwCleaner[s2].txt - [2547 octets] - [06/07/2013 13:47:05] ########## EOF - C:\AdwCleaner[s2].txt - [2607 octets] ########## Security Check - Results of screen317's Security Check version 0.99.68 Windows 7 Service Pack 1 x86 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Microsoft Security Essentials (On Access scanning disabled!) Error obtaining update status for antivirus! `````````Anti-malware/Other Utilities Check:````````` Spybot - Search & Destroy Malwarebytes Anti-Malware version 1.75.0.1300 Java 6 Update 31 Java 7 Update 25 Adobe Flash Player 11.7.700.224 Adobe Reader XI Mozilla Firefox (22.0) Google Chrome 27.0.1453.110 Google Chrome 27.0.1453.116 Google Chrome plugins... ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Spybot Teatimer.exe is disabled! Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` Link to post Share on other sites More sharing options...
Psychotic Posted July 8, 2013 ID:700028 Share Posted July 8, 2013 Then your system is all clean! Uninstall our tools.Please follow these steps in order: In the case we used Defogger to turn off your CD emulation software. You can start it again and use the Enable button. In the case we used Combofix. Deactivate your antivirus software once more, then rename the combofix.exe to uninstall.exe and run it one last time. You shall be noted that Combofix has been removed. In any case please download delfix to your desktop. Close all other programms and start delfix. Please check all the boxes and run the tool. delfix will now delete all found traces of our removal process [*] If there is still something left please delete it manualy. Reading MaterialHow to protect yourself System UpdatesBeeing up to date is very important. Please be sure to activate automatic updates in your control panel. Windows XP | Windows Vista | Windows 7 | windows 8 ProtectionWhat you need is one (not more) good virus scanner with backgroud protection. Additionally I recommend a special malwarescanner that you run from time to time.Personally I am using the avast! Antivirus Free Edition and Malwarebytes Anti-Malware. They offer you good protection for free use. But please remember: You get only the full protection if you use the payed versions of your security software. Up to date SoftwareStay up to date with all the programs you use. Some of those really have to have an eye on are: your browser(s) including add-ons and plug-ins, Java, Flash Player, your virus scanner, and basically every software you use often. These link may help you to check: Secunia Online Software Inspector - Checks if your software has updates available. Filehippo Update Checkere - This tool also scans your computer for outdated software. Mozilla: Check your plugins - The webpage will tell you if you have outdated plugins in your Firefox browser. [*] BackupsThere are chances for an emergency every day. So be prepared. Back up your data on a regular basis. If you burn it to DVDs from time to time, use a cloud-drive or a professional network backup system is your choice. [*] BrainsIt's no joke! You really need one of those things. It is very important not just to click anywhere it is colored or flashing while you surfing on the web. Do not click an OK button on any popping window without reading what it says. While installing software always choose the custom mode, read what those windows says and uncheck adware that will be installed along the software you want. Link to post Share on other sites More sharing options...
Sauur Posted July 9, 2013 Author ID:700479 Share Posted July 9, 2013 SWEET! Thank you for all of your help! Link to post Share on other sites More sharing options...
Psychotic Posted July 9, 2013 ID:700527 Share Posted July 9, 2013 You´re welcome! Link to post Share on other sites More sharing options...
LDTate Posted July 10, 2013 ID:701171 Share Posted July 10, 2013 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts