Jump to content

Unknown Infection

Recommended Posts

I know that I am infected, though MalwareBytes comes back clean, as well as Microsoft Security Essentials. Both are up to date.


Two new processes have appeared, known as "nvvsvc.exe" and "NvXDSync.exe". WinPatrol notified me that a process attempted to add itself to startup, which I promptly denied. I cannot open the file location of either of the two aforementioned processes, or end them. The original file can be identified by many different infections on VirusTotal. DDS logs below.




DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16611  BrowserJavaVersion: 10.21.2
Run by Nathaniel at 11:47:44 on 2013-07-02
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6092.2714 [GMT -7:00]
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
============== Running Processes ===============
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Google\Update\\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\\GoogleCrashHandler64.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrolEx.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
============== Pseudo HJT Report ===============
uURLSearchHooks: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - <orphaned>
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun
uRun: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [AlienwareOn-ScreenDisplay] C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: Interfaces\{1FA5C7DF-0C3A-415E-842F-0D571338B267} : NameServer =
TCP: Interfaces\{345A2A6B-1B7F-4C46-8419-2B08C86A29FC} : NameServer =,
TCP: Interfaces\{345A2A6B-1B7F-4C46-8419-2B08C86A29FC}\C4740265359313030243740214531334 : NameServer =,
TCP: Interfaces\{345A2A6B-1B7F-4C46-8419-2B08C86A29FC}\C4740265359313030243740214531334 : DHCPNameServer =
TCP: Interfaces\{345A2A6B-1B7F-4C46-8419-2B08C86A29FC}\C697E6E656 : NameServer =,
TCP: Interfaces\{345A2A6B-1B7F-4C46-8419-2B08C86A29FC}\C697E6E656 : DHCPNameServer =
TCP: Interfaces\{345A2A6B-1B7F-4C46-8419-2B08C86A29FC}\D6162797 : NameServer =,
TCP: Interfaces\{345A2A6B-1B7F-4C46-8419-2B08C86A29FC}\D6162797 : DHCPNameServer =
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - <orphaned>
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - <orphaned>
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= C:\Windows\SysWOW64\nvinit.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - <orphaned>
x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [intelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX3 
x64-Run: [NVHotkey] rundll32.exe C:\Windows\System32\nvHotkey.dll,Start
x64-Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe"
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - <orphaned>
x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
================= FIREFOX ===================
FF - ProfilePath - C:\Users\Nathaniel\AppData\Roaming\Mozilla\Firefox\Profiles\49y5ybgy.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Nathaniel\AppData\Local\Roblox\Versions\version-695ea9f5bdba4fec\NPRobloxProxy.dll
FF - plugin: C:\Users\Nathaniel\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
============= SERVICES / DRIVERS ===============
R0 EMSC;COMPAL Embedded System Control;C:\Windows\System32\drivers\EMSC.sys [2009-6-26 16752]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320]
R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2012-1-31 25960]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2013-2-25 56208]
R0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\Windows\System32\drivers\stdcfltn.sys [2012-1-31 21616]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2012-11-1 283200]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2012-1-31 98208]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-1-31 13336]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-1-20 130008]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-2-18 378472]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-1-31 2656280]
R3 Acceler;Accelerometer Service;C:\Windows\System32\drivers\Accelern.sys [2012-1-31 27760]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-6-19 342528]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2012-1-31 76912]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2011-2-15 80384]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2011-2-15 180736]
S0 johci;JMicron 1394 Filter Driver;C:\Windows\System32\drivers\johci.sys [2012-1-31 25688]
S2 0122631371349656mcinstcleanup;McAfee Application Installer Cleanup (0122631371349656);C:\Users\NATHAN~1\AppData\Local\Temp\012263~1.EXE -cleanup -nolog --> C:\Users\NATHAN~1\AppData\Local\Temp\012263~1.EXE -cleanup -nolog [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-8 123856]
S3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2012-1-31 173656]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\System32\drivers\MijXfilt.sys [2012-11-22 121416]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-12-17 340240]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-1-31 1255736]
S3 WinRing0_1_2_0;WinRing0_1_2_0;C:\Users\Nathaniel\Desktop\games\RealTemp\WinRing0x64.sys [2008-7-26 14544]
=============== Created Last 30 ================
2013-07-02 14:45:18 9552976 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D20C1D71-B240-4BAE-9784-BE099020CED2}\mpengine.dll
2013-07-01 00:18:56 9552976 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-06-29 00:55:26 -------- d-----w- C:\Program Files (x86)\osu!
2013-06-29 00:54:22 -------- d-----w- C:\Users\Nathaniel\AppData\Roaming\Downloaded Installations
2013-06-21 01:39:16 964552 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{38D964C8-3533-4E2B-A961-1EA8180B7EC7}\gapaengine.dll
2013-06-16 20:45:14 -------- d-----w- C:\Users\Nathaniel\AppData\Roaming\WinPatrol
2013-06-16 20:45:05 -------- d-----w- C:\ProgramData\InstallMate
2013-06-16 20:45:05 -------- d-----w- C:\Program Files (x86)\BillP Studios
2013-06-16 20:34:00 -------- d-sh--w- C:\$RECYCLE.BIN
2013-06-16 03:36:42 -------- d-----w- C:\Program Files\CCleaner
2013-06-16 03:33:00 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-16 03:15:55 -------- d-----w- C:\Program Files (x86)\VS Revo Group
2013-06-16 02:37:33 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1F984244-B87D-4DD1-BBDB-A92D8D6F3002}\offreg.dll
2013-06-15 20:22:55 -------- d-----w- C:\Windows\ERUNT
2013-06-15 20:21:48 -------- d-----w- C:\JRT
2013-06-15 15:13:24 964552 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-06-14 22:45:31 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-06-14 22:45:30 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-06-13 23:45:41 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2013-06-13 23:45:38 -------- d-----w- C:\Program Files\Microsoft Security Client
2013-06-12 23:56:30 9460464 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1F984244-B87D-4DD1-BBDB-A92D8D6F3002}\mpengine.dll
2013-06-12 11:10:38 1887232 ----a-w- C:\Windows\System32\d3d11.dll
2013-06-12 11:10:37 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll
2013-06-07 20:37:59 1075424 ----a-w- C:\ProgramData\Microsoft\WDExpress\11.0\1033\ResourceCache.dll
2013-06-07 20:36:51 -------- d-----w- C:\Program Files (x86)\NuGet
2013-06-07 20:32:33 -------- d-----w- C:\Program Files (x86)\Common Files\Microsoft
2013-06-07 20:32:29 -------- d-----w- C:\Program Files (x86)\Windows Kits
2013-06-07 20:31:15 -------- d-----w- C:\Program Files (x86)\Microsoft Help Viewer
2013-06-07 20:30:39 -------- d-----w- C:\Windows\SysWow64\1033
2013-06-07 20:30:39 -------- d-----w- C:\Windows\System32\1033
2013-06-07 20:30:30 -------- d-----w- C:\Program Files\Microsoft SQL Server
2013-06-07 20:30:30 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server
2013-06-07 20:29:39 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 11.0
2013-06-07 20:16:57 -------- d-----w- C:\ProgramData\regid.1991-06.com.microsoft
2013-06-07 20:16:56 -------- d-----w- C:\ProgramData\Package Cache
==================== Find3M  ====================
2013-06-16 03:32:49 866720 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-06-16 03:32:49 788896 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-06-12 00:34:10 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-12 00:34:10 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-06-08 12:28:46 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-06-08 11:13:19 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-05-31 10:13:03 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-17 01:25:57 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-05-17 01:25:27 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-05-17 01:25:26 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-05-17 01:25:26 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-05-17 00:59:03 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-05-17 00:58:10 3958784 ----a-w- C:\Windows\System32\jscript9.dll
2013-05-17 00:58:08 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-05-17 00:58:08 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-05-14 12:23:25 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-05-14 08:40:13 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-05-13 05:51:01 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-05-13 05:51:00 1464320 ----a-w- C:\Windows\System32\crypt32.dll
2013-05-13 05:51:00 139776 ----a-w- C:\Windows\System32\cryptnet.dll
2013-05-13 05:50:40 52224 ----a-w- C:\Windows\System32\certenc.dll
2013-05-13 04:45:55 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-05-13 04:45:55 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-05-13 04:45:55 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-05-13 03:43:55 1192448 ----a-w- C:\Windows\System32\certutil.exe
2013-05-13 03:08:10 903168 ----a-w- C:\Windows\SysWow64\certutil.exe
2013-05-13 03:08:06 43008 ----a-w- C:\Windows\SysWow64\certenc.dll
2013-05-10 05:49:27 30720 ----a-w- C:\Windows\System32\cryptdlg.dll
2013-05-10 03:20:54 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll
2013-05-08 06:39:01 1910632 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-05-02 15:29:56 278800 ------w- C:\Windows\System32\MpSigStub.exe
2013-04-26 05:51:36 751104 ----a-w- C:\Windows\System32\win32spl.dll
2013-04-26 04:55:21 492544 ----a-w- C:\Windows\SysWow64\win32spl.dll
2013-04-17 07:02:06 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2013-04-17 06:24:46 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
2013-04-12 14:45:08 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2013-04-10 06:01:54 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2013-04-10 06:01:53 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2013-04-10 03:30:50 3153920 ----a-w- C:\Windows\System32\win32k.sys
============= FINISH: 11:49:40.35 ===============
DDS (Ver_2012-11-20.01)
Microsoft Windows 7 Home Premium 
Boot Device: \Device\HarddiskVolume2
Install Date: 1/30/2012 5:40:36 PM
System Uptime: 6/30/2013 12:15:43 PM (47 hours ago)
Motherboard: Alienware |  | M11xR3
Processor: Intel® Core i5-2467M CPU @ 1.60GHz | CPU1 | 1601/1333mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 447 GiB total, 199.942 GiB free.
F: is CDROM ()
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP100: 6/16/2013 1:31:07 PM - ComboFix created restore point
RP101: 6/19/2013 3:24:48 AM - Windows Update
RP102: 6/22/2013 6:10:37 AM - Windows Update
RP103: 6/26/2013 3:57:08 AM - Windows Update
RP104: 6/28/2013 5:54:30 PM - Installed osu!
RP105: 6/29/2013 7:16:41 AM - Windows Update
RP106: 7/2/2013 7:44:39 AM - Windows Update
==== Installed Programs ======================
Adobe AIR
Adobe Download Assistant
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Help Manager
Adobe Premiere Pro CS6
Adobe Reader XI
Alienware On-Screen Display
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
Audacity 2.0
Borderlands 2
Call of Duty: Modern Warfare 3 - Multiplayer
CamStudio OSS Desktop Recorder
Cheat Engine 6.2
DAEMON Tools Pro
Don't Starve
Entity Framework Designer for Visual Studio 2012 - enu
Explorer Suite IV
Garry's Mod
Garry's Mod 13
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Half-Life Dedicated Server Update Tool
Hotfix for Microsoft Visual C++ 2010 Express - ENU (KB2542054)
Intel PROSet Wireless
Intel® Control Center
Intel® Management Engine Components
Intel® Processor Graphics
Intel® PROSet/Wireless WiFi Software
Intel® Rapid Storage Technology
Intel® SDK for OpenCL - CPU Only Runtime Package
Java 7 Update 21
Java 7 Update 7 (64-bit)
Java Auto Updater
JMicron 1394 Filter Driver
JMicron Flash Media Controller Driver
Left 4 Dead 2
Malwarebytes Anti-Malware version
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft .NET Framework 4.5
Microsoft .NET Framework 4.5 Multi-Targeting Pack
Microsoft .NET Framework 4.5 SDK
Microsoft Application Error Reporting
Microsoft Help Viewer 1.0
Microsoft Help Viewer 2.0
Microsoft IntelliType Pro 8.2
Microsoft NuGet - Visual Studio Express 2012 for Windows Desktop
Microsoft Security Client
Microsoft Security Essentials
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2012 Command Line Utilities 
Microsoft SQL Server 2012 Data-Tier App Framework 
Microsoft SQL Server 2012 Express LocalDB 
Microsoft SQL Server 2012 Management Objects 
Microsoft SQL Server 2012 Management Objects  (x64)
Microsoft SQL Server 2012 Native Client 
Microsoft SQL Server 2012 T-SQL Language Service 
Microsoft SQL Server 2012 Transact-SQL Compiler Service 
Microsoft SQL Server 2012 Transact-SQL ScriptDom 
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server Compact 3.5 SP2 x64 ENU
Microsoft SQL Server Compact 4.0 SP1 x64 ENU
Microsoft SQL Server Data Tools - enu (11.1.20828.01)
Microsoft SQL Server Data Tools Build Utilities - enu (11.1.20828.01)
Microsoft System CLR Types for SQL Server 2012
Microsoft System CLR Types for SQL Server 2012 (x64)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 Express - ENU
Microsoft Visual C++ 2012 32bit Compilers - ENU Resources
Microsoft Visual C++ 2012 Core Libraries
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727
Microsoft Visual C++ 2012 x64 Debug Runtime - 11.0.50727
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727
Microsoft Visual C++ 2012 x86-x64 Compilers
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727
Microsoft Visual C++ 2012 x86 Debug Runtime - 11.0.50727
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727
Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU
Microsoft Visual Studio 2012 Express Prerequisites x64 - ENU
Microsoft Visual Studio 2012 Preparation
Microsoft Visual Studio 2012 Shell (Minimum)
Microsoft Visual Studio 2012 Shell (Minimum) Interop Assemblies
Microsoft Visual Studio 2012 Shell (Minimum) Resources
Microsoft Visual Studio 2012 Tools for SQL Server Compact 4.0 SP1 ENU
Microsoft Visual Studio Express 2012 for Windows Desktop
Microsoft Visual Studio Express 2012 for Windows Desktop - ENU
Microsoft Visual Studio Team Foundation Server 2012 Object Model
Microsoft Visual Studio Team Foundation Server 2012 Object Model Language Pack - ENU
Microsoft Visual Studio Team Foundation Server 2012 Team Explorer
Microsoft Visual Studio Team Foundation Server 2012 Team Explorer Language Pack - ENU
Microsoft Visual Studio Ultimate 2012 XAML UI Designer Core
Microsoft Visual Studio Ultimate 2012 XAML UI Designer enu Resources
Microsoft XNA Framework Redistributable 4.0
MotioninJoy Gamepad tool 0.7.1001
Mouse Recorder
Mozilla Firefox 18.0.2 (x86 en-US)
Mozilla Maintenance Service
Nexus Mod Manager
NVIDIA 3D Vision Driver 267.21
NVIDIA Control Panel 267.21
NVIDIA Graphics Driver 267.21
NVIDIA HD Audio Driver
NVIDIA Install Application
NVIDIA Optimus 1.0.21
NVIDIA PhysX System Software 9.10.0514
NVIDIA Stereoscopic 3D Driver
NVIDIA Update Components
Paint.NET v3.5.10
PCSX2 - Playstation 2 Emulator
PlanetSide 2 Beta
Portal 2
Portforward Static IP Address 1.0.47
Prerequisites for SSDT 
Project64 1.6
Quake II
Realm of the Mad God
Realtek High Definition Audio Driver
Revo Uninstaller 1.94
ROBLOX Player for Nathaniel
ROBLOX Studio 2013 for Nathaniel
RPG Maker 2000 -  Super Columbine Massacre RPG!
Scribblenauts Unlimited
Security Update for Microsoft .NET Framework 4.5 (KB2737083)
Security Update for Microsoft .NET Framework 4.5 (KB2742613)
Security Update for Microsoft .NET Framework 4.5 (KB2789648)
Security Update for Microsoft .NET Framework 4.5 (KB2804582)
Security Update for Microsoft Visual C++ 2010 Express - ENU (KB2251489)
Shared C Run-time for x64
Skyrim Dawnguard DLC+Update v1.7706-=AviaRa=- 1.7706
Skyrim Online version 1.0
Source Filmmaker
Spiral Knights
Spiral Knights Preview
System Requirements Lab for Intel
Team Fortress 2
Unity Web Player
Update for Microsoft .NET Framework 4.5 (KB2750147)
Update for Microsoft .NET Framework 4.5 (KB2805221)
Update for Microsoft .NET Framework 4.5 (KB2805226)
Update for Microsoft Visual Studio 2012 (KB2781514)
WebM Media Foundation Components
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Software Development Kit
Windows Software Development Kit DirectX x64 Remote
Windows Software Development Kit DirectX x86 Remote
Windows Software Development Kit for Windows Store Apps
Windows Software Development Kit for Windows Store Apps DirectX x64 Remote
Windows Software Development Kit for Windows Store Apps DirectX x86 Remote
WinRAR 4.10 (64-bit)
XChat-WDK (x64)
==== Event Viewer Messages From Past Week ========
6/25/2013 8:17:27 AM, Error: Service Control Manager [7000]  - The Google Update Service (gupdate) service failed to start due to the following error:  The pipe has been ended.
6/25/2013 8:17:27 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "109" attempting to start the service gupdate with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}
==== End Of File ===========================


Link to post
Share on other sites

Hello TheOneAndOnlyBatman and welcome to Malwarebytes!

I am D-FRED-BROWN and I will be helping you. :)

Please print or save this topic. It will make it easier for you to follow the instructions and complete all of the necessary steps.

----------Step 1----------------
Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!

  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller. will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

----------Step 2----------------
Please download Malwarebytes Anti-Rootkit from HERE

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt

----------Step 3----------------
Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:


***IMPORTANT: save ComboFix to your Desktop***

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please go here to see a list of programs that should be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**

Please include the C:\ComboFix.txt in your next reply for further review.

NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.

----------Step 4----------------
Please download Security Check by screen317 from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

----------Step 5----------------
In your next reply, please include the following:

  • TDSSKiller's logfile
  • MBAR mbar-log.txt and system-log.txt
  • ComboFix's report (C:\ComboFix.txt)
  • Security Check checkup.txt

After that, please let me know: How is your computer running now? Do you have any questions or concerns you'd like me to address? Don't hesitate to ask. :)



Please make sure you are subscribed to this topic: Click on the "Follow This Topic" Button (at the top right of this page), make sure that the "Receive notification" box is checked and that it is set to "Instantly"

-------> Your topic will be closed if you haven't replied within 3 days! <--------
(If I don't respond within 24 hours, please send me a PM)


Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.