Jump to content

PUM.UserWLoad and Trojan.Ransom


Recommended Posts

My laptop suddenly had shortcuts in usb flash disks before being able to access the files inside the drives. I used ESET smart security to scan and it found Win32/Bundpil.A worm in svchost.exe, and I also ran a scan on MBAM and found PUM.UserWLoad and Trojan.Ransom. Are these related to each other and also to the problem I have with removable disks in my laptop? Will I lose any files when during the cleaning process? 

Thanks.

Link to post
Share on other sites

Hi there,
my name is Marius and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 
 
 
 
Download DDS and save it to your desktop from here or here or
here.

Disable any script blocker, and then double click dds.scr to run the tool.

When done, DDS will open two (2) logs
DDS.txt
Attach.txt
Save both reports to your desktop.
 
 
 
 
Please download Gmer from here by clicking on the "Download EXE" Button.
  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Show All ( should be unchecked by default )

    [*]Leave everything else as it is. [*]Close all other running programs as well as your Browser. [*]Click the Scan button & wait for it to finish. [*]Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post. [*]Save it where you can easily find it, such as your desktop. [*]Please post the content of the ark.txt here.


**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Link to post
Share on other sites

DDS (Ver_2012-11-20.01) - NTFS_AMD64 

Internet Explorer:   BrowserJavaVersion: 10.25.2

Run by Tong at 21:53:43 on 2013-07-10

Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.5815.3986 [GMT 8:00]

.

AV: ESET Smart Security 5.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}

SP: ESET Smart Security 5.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k HsfXAudioService

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\SysWOW64\rundll32.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Windows\PLFSetI.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe

C:\Program Files\ESET\ESET Smart Security\egui.exe

C:\Windows\syswow64\svchost.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Users\Tong\Local Settings\Apps\F.lux\flux.exe

C:\Windows\System32\StikyNot.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe

C:\Program Files (x86)\Internet Download Manager\IDMan.exe

C:\Windows\system32\sppsvc.exe

C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Users\Tong\Desktop\vq1edvgr.exe

C:\Windows\system32\vssvc.exe

C:\Windows\System32\svchost.exe -k swprv

C:\Windows\SysWOW64\NOTEPAD.EXE

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\igfxsrvc.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uProxyServer = proxy7.upd.edu.ph:8080

uWindows: Load = C:\Users\Tong\LOCALS~1\Temp\ccizyoce.com

mWinlogon: Userinit = userinit.exe,

BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

uRun: [iDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot

uRun: [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun

uRun: [F.lux] "C:\Users\Tong\Local Settings\Apps\F.lux\flux.exe" /noshow

uRun: [GarenaPlus] "C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe" -autolaunch

uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm

IE: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

TCP: NameServer = 192.168.1.2

TCP: Interfaces\{97A08229-278A-4097-A545-7CB261F2F2EE}\4505D2C494E4B4F5645314432303 : DHCPNameServer = 192.168.1.2

TCP: Interfaces\{97A08229-278A-4097-A545-7CB261F2F2EE}\D4F62696C65675966496D213733323 : DHCPNameServer = 192.168.1.1 192.168.1.1

TCP: Interfaces\{FEAFFCE3-C169-4C1A-89B3-83FE659EE8CF} : DHCPNameServer = 192.168.1.2

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

SSODL: WebCheck - <orphaned>

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll

x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL

x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL

x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe

x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe

x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe

x64-Run: [PLFSetI] C:\Windows\PLFSetI.exe

x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

x64-Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice

x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

x64-Notify: igfxcui - igfxdev.dll

x64-SSODL: WebCheck - <orphaned>

x64-STS: FencesShlExt Class - {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Program Files\Stardock\Fences Pro\FencesMenu64.dll

x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL

.

============= SERVICES / DRIVERS ===============

.

R0 epfwwfp;epfwwfp;C:\Windows\System32\drivers\epfwwfp.sys [2011-8-4 62496]

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2013-6-26 283200]

R1 EpfwLWF;Epfw NDIS LightWeight Filter;C:\Windows\System32\drivers\EpfwLWF.sys [2011-8-4 38288]

R2 eamonm;eamonm;C:\Windows\System32\drivers\eamonm.sys [2011-8-9 202576]

R2 ekrn;ESET Service;C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2011-9-22 974944]

R2 HsfXAudioService;HsfXAudioService;C:\Windows\System32\svchost.exe -k HsfXAudioService [2009-7-14 27136]

R2 IDMWFP;IDMWFP;C:\Windows\System32\drivers\idmwfp.sys [2013-4-5 166576]

R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-6-25 418376]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-6-25 701512]

R3 CAXHWAZL;CAXHWAZL;C:\Windows\System32\drivers\CAXHWAZL.sys [2013-6-24 292864]

R3 DKRtWrt;DKRtWrt;C:\Windows\System32\drivers\DKRtWrt.sys [2013-6-26 44624]

R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2009-9-17 56344]

R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-2-26 158976]

R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-8-23 317440]

R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2013-6-26 435512]

R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-6-25 25928]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-14 292864]

S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-14 1485312]

S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-14 740864]

S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-6-25 59392]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-6-24 1255736]

S3 WinRing0_1_2_0;WinRing0_1_2_0;C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [2013-6-26 14544]

.

=============== Created Last 30 ================

.

2013-07-10 13:43:11 -------- d-----w- C:\Program Files\ESET

2013-07-10 12:30:04 52865 ----a-w- C:\Windows\SysWow64\epfwdata.bin

2013-07-10 00:50:58 -------- d-----w- C:\MSI

2013-07-08 11:19:57 -------- d-----w- C:\Users\Tong\AppData\Roaming\calibre

2013-07-08 11:19:08 -------- d-----w- C:\Program Files (x86)\Calibre2

2013-07-06 11:16:30 -------- d-----w- C:\Users\Tong\AppData\Local\Bizarre Creations

2013-07-06 05:42:08 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-07-06 05:42:08 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-07-06 05:27:43 -------- d-----w- C:\Program Files (x86)\Yahoo!

2013-07-04 16:15:35 -------- d-----w- C:\Program Files (x86)\Amnesia - The Dark Descent

2013-07-03 10:36:00 74072 ----a-w- C:\Windows\SysWow64\XAPOFX1_4.dll

2013-07-03 10:36:00 528216 ----a-w- C:\Windows\SysWow64\XAudio2_6.dll

2013-07-03 10:36:00 238936 ----a-w- C:\Windows\SysWow64\xactengine3_6.dll

2013-07-03 10:36:00 22360 ----a-w- C:\Windows\SysWow64\X3DAudio1_7.dll

2013-07-03 10:35:59 4178264 ----a-w- C:\Windows\SysWow64\D3DX9_41.dll

2013-07-02 13:38:08 -------- d-----w- C:\GOG Games

2013-07-02 13:29:54 -------- d-----w- C:\ProgramData\2DBoy

2013-07-02 13:29:38 -------- d-----w- C:\Program Files (x86)\WorldOfGoo

2013-07-02 11:51:13 -------- d-----w- C:\Users\Tong\AppData\Local\SKIDROW

2013-06-29 11:33:52 -------- d-----w- C:\Users\Tong\AppData\Roaming\LolClient

2013-06-29 11:16:28 -------- d-----w- C:\Program Files (x86)\GarenaLoLPH

2013-06-28 18:28:14 -------- d-----w- C:\Program Files (x86)\WizTree

2013-06-28 14:10:31 -------- d-----w- C:\Users\Tong\AppData\Local\Diagnostics

2013-06-28 13:38:17 -------- d-----w- C:\Users\Tong\AppData\Local\ElevatedDiagnostics

2013-06-28 13:28:13 -------- d-----w- C:\Users\Tong\AppData\Roaming\GarenaPlus

2013-06-28 13:27:42 -------- d-----w- C:\Program Files (x86)\Garena Plus

2013-06-28 13:27:38 -------- d-----w- C:\ProgramData\GarenaMessenger

2013-06-28 13:08:26 -------- d-----w- C:\Users\Tong\AppData\Local\Garena

2013-06-28 10:20:03 -------- d-sh--w- C:\Diskeeper

2013-06-27 15:27:03 -------- d-----w- C:\Program Files (x86)\Frontline Systems

2013-06-27 15:24:54 -------- d-----w- C:\ProgramData\Reprise

2013-06-27 15:24:52 -------- d-----w- C:\ProgramData\Frontline Systems

2013-06-27 13:57:31 -------- dc-h--w- C:\ProgramData\{3FEE7452-4825-40BC-8A99-94EF27F43EE8}

2013-06-27 13:55:42 -------- d-----w- C:\Program Files\Stardock

2013-06-27 13:55:36 -------- d-----w- C:\ProgramData\Stardock

2013-06-27 13:47:12 -------- d-----w- C:\Users\Tong\AppData\Roaming\Stardock

2013-06-27 12:27:17 -------- d-----w- C:\Users\Tong\AppData\Roaming\foobar2000

2013-06-27 12:26:45 -------- d-----w- C:\Program Files (x86)\foobar2000

2013-06-27 11:43:27 -------- d-----w- C:\Program Files (x86)\ReClock

2013-06-27 09:45:31 -------- d-----w- C:\Program Files (x86)\LAV Filters

2013-06-27 09:31:01 -------- d-----w- C:\Program Files (x86)\MPC-HC

2013-06-26 14:44:37 -------- d-----w- C:\Users\Tong\AppData\Local\Microsoft Games

2013-06-26 14:43:45 -------- d-----w- C:\Program Files\Microsoft Games

2013-06-26 14:22:31 7360512 ----a-w- C:\Windows\System32\RTSUSTORicon.dll

2013-06-26 14:21:56 225280 ----a-w- C:\Windows\SysWow64\drivers\RtsUStor.sys

2013-06-26 14:21:55 -------- d-----w- C:\Program Files (x86)\Realtek

2013-06-26 12:48:15 -------- d-----w- C:\Windows\AutoKMS

2013-06-26 12:44:04 435512 ----a-w- C:\Windows\System32\drivers\k57nd60a.sys

2013-06-26 12:37:11 -------- d-----w- C:\ProgramData\IObit

2013-06-26 12:37:11 -------- d-----w- C:\Program Files (x86)\IObit

2013-06-26 12:20:12 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services

2013-06-26 12:19:26 -------- d-----w- C:\Windows\PCHEALTH

2013-06-26 12:19:26 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition

2013-06-26 12:17:00 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8

2013-06-26 12:16:07 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services

2013-06-26 12:15:20 -------- d-----w- C:\Users\Tong\AppData\Local\Microsoft Help

2013-06-26 12:02:12 283200 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys

2013-06-26 12:02:08 -------- d-----w- C:\Users\Tong\AppData\Roaming\DAEMON Tools Pro

2013-06-26 12:02:05 -------- d-----w- C:\Program Files (x86)\DAEMON Tools Pro

2013-06-26 12:01:16 -------- d-----w- C:\Users\Tong\AppData\Local\Razer

2013-06-26 12:01:08 470880 ----a-w- C:\Windows\SysWow64\d3dx10_43.dll

2013-06-26 12:01:08 248672 ----a-w- C:\Windows\SysWow64\d3dx11_43.dll

2013-06-26 12:01:08 2106216 ----a-w- C:\Windows\SysWow64\D3DCompiler_43.dll

2013-06-26 12:01:08 1998168 ----a-w- C:\Windows\SysWow64\D3DX9_43.dll

2013-06-26 12:00:24 -------- d-----w- C:\ProgramData\DAEMON Tools Pro

2013-06-25 16:24:48 44624 ----a-w- C:\Windows\System32\drivers\DKRtWrt.sys

2013-06-25 16:24:40 -------- d-----w- C:\Program Files\Common Files\Diskeeper Corporation

2013-06-25 16:24:39 -------- d-----w- C:\ProgramData\Diskeeper Corporation

2013-06-25 16:24:34 -------- d-----w- C:\Program Files\Diskeeper Corporation

2013-06-25 15:54:59 -------- d-----w- C:\Users\Tong\AppData\Roaming\ESET

2013-06-25 15:54:59 -------- d-----w- C:\Users\Tong\AppData\Local\ESET

2013-06-25 15:43:13 9552976 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll

2013-06-25 15:43:07 9552976 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A01A6461-5FFB-48DE-9019-1BA9C4D16C58}\mpengine.dll

2013-06-25 15:21:59 599040 ----a-w- C:\Windows\System32\vbscript.dll

2013-06-25 15:21:58 887808 ----a-w- C:\Program Files\Internet Explorer\iedvtool.dll

2013-06-25 15:21:58 678912 ----a-w- C:\Program Files (x86)\Internet Explorer\iedvtool.dll

2013-06-25 15:21:58 499200 ----a-w- C:\Program Files\Internet Explorer\jsdbgui.dll

2013-06-25 15:21:58 387584 ----a-w- C:\Program Files (x86)\Internet Explorer\jsdbgui.dll

2013-06-25 14:35:28 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2013-06-25 14:35:28 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-06-25 14:02:45 -------- d-----w- C:\Windows\System32\SPReview

2013-06-25 14:02:16 -------- d-----w- C:\Windows\System32\EventProviders

2013-06-25 13:57:59 428032 ----a-w- C:\Windows\SysWow64\secproc.dll

2013-06-25 13:56:59 406016 ----a-w- C:\Windows\System32\scesrv.dll

2013-06-25 13:55:59 71168 ----a-w- C:\Windows\bfsvc.exe

2013-06-25 13:53:32 529408 ----a-w- C:\Windows\System32\wbemcomn.dll

2013-06-25 13:53:32 244736 ----a-w- C:\Program Files\Windows Portable Devices\sqmapi.dll

2013-06-25 13:53:24 244736 ----a-w- C:\Windows\System32\sqmapi.dll

2013-06-25 13:29:51 -------- d-----w- C:\Users\Tong\AppData\Local\Adobe

2013-06-25 13:24:13 -------- d-----w- C:\Users\Tong\AppData\Roaming\IDM

2013-06-25 13:24:13 -------- d-----w- C:\Users\Tong\AppData\Roaming\DMCache

2013-06-25 13:24:13 -------- d-----w- C:\ProgramData\IDM

2013-06-25 13:23:57 -------- d-----w- C:\Program Files (x86)\Internet Download Manager

2013-06-25 04:44:15 -------- d-----w- C:\Windows\Panther

2013-06-24 17:44:43 2565632 ----a-w- C:\Windows\System32\esent.dll

2013-06-24 16:56:49 -------- d-----w- C:\Program Files\CCleaner

2013-06-24 16:27:02 -------- d-----w- C:\Users\Tong\AppData\Roaming\Malwarebytes

2013-06-24 16:26:32 -------- d-----w- C:\ProgramData\Malwarebytes

2013-06-24 16:26:18 -------- d-----w- C:\Users\Tong\AppData\Local\Programs

2013-06-24 15:20:34 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll

2013-06-24 15:20:34 46080 ----a-w- C:\Windows\System32\atmlib.dll

2013-06-24 15:20:34 367616 ----a-w- C:\Windows\System32\atmfd.dll

2013-06-24 15:20:34 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll

2013-06-24 15:20:34 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll

2013-06-24 15:20:34 100864 ----a-w- C:\Windows\System32\fontsub.dll

2013-06-24 15:16:25 81408 ----a-w- C:\Windows\System32\imagehlp.dll

2013-06-24 15:16:25 5120 ----a-w- C:\Windows\SysWow64\wmi.dll

2013-06-24 15:16:25 5120 ----a-w- C:\Windows\System32\wmi.dll

2013-06-24 15:16:25 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys

2013-06-24 15:16:25 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll

2013-06-24 15:06:49 -------- d-----w- C:\Windows\SysWow64\Wat

2013-06-24 15:06:49 -------- d-----w- C:\Windows\System32\Wat

2013-06-24 14:55:12 9728 ----a-w- C:\Windows\System32\Wdfres.dll

2013-06-24 14:55:12 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys

2013-06-24 14:55:12 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys

2013-06-24 14:55:12 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui

2013-06-24 14:53:46 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll

2013-06-24 14:53:46 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll

2013-06-24 14:53:01 3717632 ----a-w- C:\Windows\System32\mstscax.dll

2013-06-24 14:53:01 3217408 ----a-w- C:\Windows\SysWow64\mstscax.dll

2013-06-24 14:52:58 44032 ----a-w- C:\Windows\System32\tsgqec.dll

2013-06-24 14:52:58 36864 ----a-w- C:\Windows\SysWow64\tsgqec.dll

2013-06-24 14:52:58 158720 ----a-w- C:\Windows\System32\aaclient.dll

2013-06-24 14:52:58 131584 ----a-w- C:\Windows\SysWow64\aaclient.dll

2013-06-24 14:52:33 961024 ----a-w- C:\Windows\System32\CPFilters.dll

2013-06-24 14:52:32 850944 ----a-w- C:\Windows\SysWow64\sbe.dll

2013-06-24 14:52:32 642048 ----a-w- C:\Windows\SysWow64\CPFilters.dll

2013-06-24 14:52:32 259072 ----a-w- C:\Windows\System32\mpg2splt.ax

2013-06-24 14:52:32 199680 ----a-w- C:\Windows\SysWow64\mpg2splt.ax

2013-06-24 14:52:32 1118720 ----a-w- C:\Windows\System32\sbe.dll

2013-06-24 14:50:22 3153408 ----a-w- C:\Windows\System32\win32k.sys

2013-06-24 14:50:16 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll

2013-06-24 14:50:16 366592 ----a-w- C:\Windows\System32\qdvd.dll

2013-06-24 14:50:16 1572864 ----a-w- C:\Windows\System32\quartz.dll

2013-06-24 14:50:16 1328128 ----a-w- C:\Windows\SysWow64\quartz.dll

2013-06-24 14:50:10 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys

2013-06-24 14:50:10 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll

2013-06-24 14:50:10 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys

2013-06-24 14:50:10 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll

2013-06-24 14:50:09 744448 ----a-w- C:\Windows\System32\WUDFx.dll

2013-06-24 14:50:09 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll

2013-06-24 14:50:09 229888 ----a-w- C:\Windows\System32\WUDFHost.exe

2013-06-24 14:49:36 288768 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys

2013-06-24 14:49:36 158208 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys

2013-06-24 14:49:36 128000 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys

2013-06-24 14:49:29 395776 ----a-w- C:\Windows\System32\webio.dll

2013-06-24 14:49:29 314880 ----a-w- C:\Windows\SysWow64\webio.dll

2013-06-24 14:47:43 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys

2013-06-24 14:47:15 200704 ----a-w- C:\Windows\PLFSetI.exe

2013-06-24 14:47:14 106496 ----a-w- C:\Windows\FixUVC.exe

2013-06-24 14:47:14 -------- d-----w- C:\Program Files (x86)\Acer

2013-06-24 14:46:53 -------- d-----w- C:\Users\Tong\AppData\Roaming\uTorrent

2013-06-24 14:46:20 1395712 ----a-w- C:\Windows\System32\mfc42.dll

2013-06-24 14:46:20 1359872 ----a-w- C:\Windows\System32\mfc42u.dll

2013-06-24 14:46:19 1164288 ----a-w- C:\Windows\SysWow64\mfc42u.dll

2013-06-24 14:46:19 1137664 ----a-w- C:\Windows\SysWow64\mfc42.dll

2013-06-24 14:44:38 902656 ----a-w- C:\Windows\System32\d2d1.dll

2013-06-24 14:43:56 476160 ----a-w- C:\Windows\System32\XpsGdiConverter.dll

2013-06-24 14:42:59 478208 ----a-w- C:\Windows\System32\dpnet.dll

2013-06-24 14:41:57 467456 ----a-w- C:\Windows\System32\drivers\srv.sys

2013-06-24 14:35:53 -------- d-----w- C:\Program Files\Common Files\Intel

2013-06-24 14:35:53 -------- d-----w- C:\Program Files (x86)\Common Files\Intel

2013-06-24 14:35:39 1542656 ----a-w- C:\Windows\System32\drivers\athrx.sys

2013-06-24 14:35:39 1542656 ----a-w- C:\Windows\System32\athrx.sys

2013-06-24 14:35:39 -------- d-----w- C:\Windows\Options

2013-06-24 14:35:39 -------- d-----w- C:\Program Files (x86)\Atheros

2013-06-24 14:35:08 -------- d-----w- C:\ProgramData\Atheros

2013-06-24 14:31:44 -------- d-----w- C:\Program Files\Broadcom

2013-06-24 14:31:14 -------- d-----w- C:\Program Files\CONEXANT

2013-06-24 14:31:13 740864 ----a-w- C:\Windows\System32\drivers\CAX_CNXT.sys

2013-06-24 14:31:13 292864 ----a-w- C:\Windows\System32\drivers\CAXHWAZL.sys

2013-06-24 14:31:12 1485824 ----a-w- C:\Windows\System32\drivers\CAX_DPV.sys

2013-06-24 14:29:44 94208 ----a-w- C:\Windows\SysWow64\mdmxsdk.dll

2013-06-24 14:29:44 436736 ----a-w- C:\Windows\SysWow64\XAudio64.dll

2013-06-24 14:29:44 394752 ----a-w- C:\Windows\System32\UCI64M41.dll

2013-06-24 14:29:44 17024 ----a-w- C:\Windows\System32\drivers\mdmxsdk.sys

2013-06-24 14:29:44 10240 ----a-w- C:\Windows\System32\drivers\XAudio64.sys

2013-06-24 14:23:26 53248 ----a-w- C:\Windows\SysWow64\CSVer.dll

2013-06-24 14:23:24 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys

2013-06-24 14:22:40 498688 ----a-w- C:\Windows\System32\drivers\afd.sys

2013-06-24 14:20:39 67072 ----a-w- C:\Windows\splwow64.exe

2013-06-24 14:20:39 559104 ----a-w- C:\Windows\System32\spoolsv.exe

2013-06-24 14:19:57 1464320 ----a-w- C:\Windows\System32\crypt32.dll

2013-06-24 14:19:56 184320 ----a-w- C:\Windows\System32\cryptsvc.dll

2013-06-24 14:19:56 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll

2013-06-24 14:19:56 140288 ----a-w- C:\Windows\System32\cryptnet.dll

2013-06-24 14:19:56 1159680 ----a-w- C:\Windows\SysWow64\crypt32.dll

2013-06-24 14:19:55 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll

2013-06-24 14:19:22 77312 ----a-w- C:\Windows\System32\packager.dll

2013-06-24 14:19:22 67072 ----a-w- C:\Windows\SysWow64\packager.dll

2013-06-24 14:13:33 -------- d-----w- C:\Intel

2013-06-24 14:10:59 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

2013-06-24 14:07:54 95744 ----a-w- C:\Windows\System32\synceng.dll

2013-06-24 14:07:54 78336 ----a-w- C:\Windows\SysWow64\synceng.dll

2013-06-24 14:07:53 642944 ----a-w- C:\Windows\System32\winload.efi

2013-06-24 14:07:53 605552 ----a-w- C:\Windows\System32\winload.exe

2013-06-24 14:07:53 566208 ----a-w- C:\Windows\System32\winresume.efi

2013-06-24 14:07:53 518672 ----a-w- C:\Windows\System32\winresume.exe

2013-06-24 14:07:52 63488 ----a-w- C:\Windows\System32\setbcdlocale.dll

2013-06-24 14:07:52 20352 ----a-w- C:\Windows\System32\kdusb.dll

2013-06-24 14:07:52 19328 ----a-w- C:\Windows\System32\kd1394.dll

2013-06-24 14:07:52 17792 ----a-w- C:\Windows\System32\kdcom.dll

2013-06-24 14:02:15 59392 ----a-w- C:\Windows\System32\browcli.dll

2013-06-24 14:02:15 136704 ----a-w- C:\Windows\System32\browser.dll

2013-06-24 14:02:14 41984 ----a-w- C:\Windows\SysWow64\browcli.dll

2013-06-24 14:01:39 31232 ----a-w- C:\Windows\SysWow64\prevhost.exe

2013-06-24 14:01:39 31232 ----a-w- C:\Windows\System32\prevhost.exe

2013-06-24 14:01:37 223752 ----a-w- C:\Windows\System32\drivers\fvevol.sys

2013-06-24 14:01:33 503808 ----a-w- C:\Windows\System32\srcore.dll

2013-06-24 14:01:33 43008 ----a-w- C:\Windows\SysWow64\srclient.dll

2013-06-24 14:01:33 296960 ----a-w- C:\Windows\System32\rstrui.exe

2013-06-24 14:01:26 974336 ----a-w- C:\Windows\System32\WFS.exe

2013-06-24 14:01:26 267776 ----a-w- C:\Windows\System32\FXSCOVER.exe

2013-06-24 14:01:23 976896 ----a-w- C:\Windows\System32\inetcomm.dll

2013-06-24 14:01:23 741376 ----a-w- C:\Windows\SysWow64\inetcomm.dll

2013-06-24 14:01:17 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll

2013-06-24 14:01:17 634880 ----a-w- C:\Windows\System32\msvcrt.dll

2013-06-24 13:59:25 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll

2013-06-24 13:59:25 61440 ----a-w- C:\Program Files\Common Files\System\ado\msador15.dll

2013-06-24 13:59:25 57344 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msador15.dll

2013-06-24 13:59:25 495616 ----a-w- C:\Program Files\Common Files\System\ado\msadox.dll

2013-06-24 13:59:25 466944 ----a-w- C:\Program Files\Common Files\System\ado\msadomd.dll

2013-06-24 13:59:25 372736 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadox.dll

2013-06-24 13:59:25 352256 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadomd.dll

2013-06-24 13:59:25 258048 ----a-w- C:\Program Files\Common Files\System\msadc\msadco.dll

2013-06-24 13:59:25 212992 ----a-w- C:\Program Files (x86)\Common Files\System\msadc\msadco.dll

2013-06-24 13:59:25 1499136 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll

2013-06-24 13:59:25 143360 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msjro.dll

2013-06-24 13:59:25 1133568 ----a-w- C:\Windows\System32\cdosys.dll

2013-06-24 13:59:25 1019904 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msado15.dll

2013-06-24 13:58:45 1731920 ----a-w- C:\Windows\System32\ntdll.dll

2013-06-24 13:58:44 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll

2013-06-24 13:55:37 -------- d-----w- C:\Program Files (x86)\SystemRequirementsLab

2013-06-24 13:50:53 867240 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll

2013-06-24 13:50:53 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2013-06-24 13:50:50 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2013-06-24 13:26:00 -------- d-sh--w- C:\Windows\Installer

2013-06-24 13:23:22 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll

2013-06-24 13:23:22 1031680 ----a-w- C:\Windows\System32\rdpcore.dll

2013-06-24 13:23:21 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys

2013-06-24 13:21:04 -------- d-----w- C:\Users\Tong\AppData\Local\Google

2013-06-24 13:19:34 278800 ------w- C:\Windows\System32\MpSigStub.exe

2013-06-24 13:18:18 -------- d-----w- C:\Users\Tong\AppData\Local\Apps

2013-06-24 13:18:17 -------- d-----w- C:\Users\Tong\AppData\Local\Deployment

2013-06-24 13:13:42 2622464 ----a-w- C:\Windows\System32\wucltux.dll

2013-06-24 13:13:35 99840 ----a-w- C:\Windows\System32\wudriver.dll

2013-06-24 13:13:27 36864 ----a-w- C:\Windows\System32\wuapp.exe

2013-06-24 13:13:27 186752 ----a-w- C:\Windows\System32\wuwebv.dll

.

==================== Find3M  ====================

.

2013-07-02 13:39:11 466456 ----a-w- C:\Windows\System32\wrap_oal.dll

2013-07-02 13:39:11 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll

2013-07-02 13:39:11 122904 ----a-w- C:\Windows\System32\OpenAL32.dll

2013-07-02 13:39:11 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll

2013-06-25 14:08:47 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll

2013-06-25 14:08:46 175616 ----a-w- C:\Windows\System32\msclmd.dll

.

============= FINISH: 21:54:04.47 ===============
Link to post
Share on other sites

attach.txt
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional 
Boot Device: \Device\HarddiskVolume1
Install Date: 6/24/2013 9:12:25 PM
System Uptime: 7/10/2013 9:46:06 PM (0 hours ago)
.
Motherboard: Acer |  | Aspire 4740     
Processor: Intel® Core i5 CPU       M 430  @ 2.27GHz | CPU | 1178/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 298 GiB total, 132.031 GiB free.
D: is CDROM ()
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Acer Crystal Eye webcam Ver:1.1.92.624
Adobe Flash Player 11 ActiveX
Adobe Reader XI (11.0.03)
Amnesia - The Dark Descent 
Atheros Driver Installation Program
Broadcom Gigabit NetLink Controller
calibre
CCleaner
DAEMON Tools Pro
Diskeeper 2011
ESET Smart Security
F.lux
Fences Pro
foobar2000 v1.2.8
Frontline Excel Solvers V12.5
Game Booster 3
Garena - League of Legends
Google Chrome
Google Update Helper
HDAUDIO Soft Data Fax Modem with SmartCP
Intel® Processor Graphics
Internet Download Manager
Java 7 Update 25
Java Auto Updater
LAV Filters 0.58.0
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft XNA Framework Redistributable 3.1
Microsoft XNA Framework Redistributable 4.0 Refresh
MPC-HC 1.6.8
OpenAL
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
ReClock
Reus
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
System Requirements Lab for Intel
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
WinRAR 5.00 beta 6 (64-bit)
WizTree v1.05
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
7/8/2013 1:37:27 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.
7/7/2013 12:00:44 PM, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk1\DR33.
7/10/2013 9:13:52 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
7/10/2013 9:13:52 PM, Error: Service Control Manager [7000]  - The Windows Search service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
7/10/2013 9:13:44 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
7/10/2013 9:13:39 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
7/10/2013 9:13:36 PM, Error: Service Control Manager [7031]  - The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
7/10/2013 9:13:36 PM, Error: Service Control Manager [7024]  - The Windows Search service terminated with service-specific error %%-1073473535.
7/10/2013 9:03:11 PM, Error: Service Control Manager [7030]  - The ESET Service service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
7/10/2013 8:54:44 AM, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk1\DR1.
7/10/2013 8:46:04 PM, Error: Service Control Manager [7000]  - The ESET Service service failed to start due to the following error:  The system cannot find the file specified.
7/10/2013 8:42:40 PM, Error: Service Control Manager [7030]  - The Eset install launcher (28610) service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
7/10/2013 8:11:06 PM, Error: Service Control Manager [7030]  - The Eset install launcher (5421) service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
7/10/2013 6:03:40 PM, Error: Service Control Manager [7001]  - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:  The dependency service or group failed to start.
7/10/2013 6:03:40 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
7/10/2013 6:03:38 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
7/10/2013 6:03:27 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
7/10/2013 6:03:27 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
7/10/2013 6:03:26 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
7/10/2013 6:03:18 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
7/10/2013 6:03:07 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD CSC DfsC discache ehdrv EpfwLWF NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf
7/10/2013 6:03:07 PM, Error: Service Control Manager [7001]  - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
7/10/2013 6:03:07 PM, Error: Service Control Manager [7001]  - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error:  A device attached to the system is not functioning.
7/10/2013 6:03:07 PM, Error: Service Control Manager [7001]  - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
7/10/2013 6:03:07 PM, Error: Service Control Manager [7001]  - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
7/10/2013 6:03:07 PM, Error: Service Control Manager [7001]  - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
7/10/2013 6:03:07 PM, Error: Service Control Manager [7001]  - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
7/10/2013 6:03:07 PM, Error: Service Control Manager [7001]  - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:  The dependency service or group failed to start.
7/10/2013 6:03:06 PM, Error: Service Control Manager [7001]  - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
7/10/2013 6:03:06 PM, Error: Service Control Manager [7001]  - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error:  A device attached to the system is not functioning.
7/10/2013 6:03:06 PM, Error: Service Control Manager [7001]  - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
7/10/2013 6:03:06 PM, Error: Service Control Manager [7001]  - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
7/10/2013 4:31:14 PM, Error: Schannel [36888]  - The following fatal alert was generated: 10. The internal error state is 10.
.
==== End Of File ===========================


ark.txt

GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-07-10 22:03:18
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD3200BEVT-22ZCT0 rev.11.01A11 298.09GB
Running: vq1edvgr.exe; Driver: C:\Users\Tong\AppData\Local\Temp\pgloipod.sys
 
 
---- Threads - GMER 2.1 ----
 
Thread   C:\Windows\syswow64\svchost.exe [896:3168]                                                                                               00000000001910e0
---- Processes - GMER 2.1 ----
 
Library  C:\Users\Tong\AppData\Local\Temp\nsg568A.tmp\System.dll (*** suspicious ***) @ C:\Users\Tong\Desktop\dds.com [3248]                      0000000010000000
Library  C:\Users\Tong\AppData\Local\Temp\nsg568A.tmp\nsExec.dll (*** suspicious ***) @ C:\Users\Tong\Desktop\dds.com [3248]                      0000000002d10000
Library  C:\Users\Tong\AppData\Local\Temp\nsg568A.tmp\PEV.DAT (*** suspicious ***) @ C:\Users\Tong\AppData\Local\Temp\nsg568A.tmp\PEV.DAT [1076]  0000000001380000
 
---- Registry - GMER 2.1 ----
 
Reg      HKLM\SYSTEM\CurrentControlSet\services\rdyboost\Parameters@LastBootPlanUserTime                                                          ?Wed?, ?Jul ?10 ?13, 09:47:43 PM???????????????????????????????
 
---- EOF - GMER 2.1 ----
Link to post
Share on other sites

Combofix

Combofix should only be run when adviced by a team member!

Link


Important - Save the file to your desktop!


  • Deactivate any and all of your antivirus programs /spyware scanners - they can prevent CF from doing its work.
  • Run Combofix.exe



When finished, Combofix creates a log file named C:\Combofix.txt. Please post its content in your next reply.

Note: When receiving an error message containing ""Illegal operation attempted on a registry key that has been marked for deletion" simply restart your computer to fix this.

Link to post
Share on other sites

ComboFix 13-07-09.01 - Tong 07/10/2013  22:28:41.1.4 - x64

Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.5815.3603 [GMT 8:00]

Running from: c:\users\Tong\Desktop\ComboFix.exe

AV: ESET Smart Security 5.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}

FW: ESET Personal firewall *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}

SP: ESET Smart Security 5.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 * Created a new restore point

.

.

(((((((((((((((((((((((((   Files Created from 2013-06-10 to 2013-07-10  )))))))))))))))))))))))))))))))

.

.

2013-07-10 14:34 . 2013-07-10 14:34 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-07-10 14:25 . 2013-07-10 14:25 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A01A6461-5FFB-48DE-9019-1BA9C4D16C58}\offreg.dll

2013-07-10 13:43 . 2013-07-10 13:43 -------- d-----w- c:\program files\ESET

2013-07-10 12:30 . 2013-07-10 12:30 52865 ----a-w- c:\windows\SysWow64\epfwdata.bin

2013-07-10 00:50 . 2013-07-10 00:50 -------- d-----w- C:\MSI

2013-07-08 11:19 . 2013-07-08 11:19 -------- d-----w- c:\program files (x86)\Calibre2

2013-07-06 05:42 . 2013-07-06 05:42 -------- d-----w- c:\programdata\Yahoo! Companion

2013-07-06 05:42 . 2013-07-06 05:42 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-07-06 05:42 . 2013-07-06 05:42 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-07-06 05:42 . 2013-07-06 05:42 -------- d-----w- c:\windows\SysWow64\Macromed

2013-07-06 05:41 . 2013-07-06 05:42 -------- d-----w- c:\programdata\Yahoo!

2013-07-06 05:27 . 2013-07-06 05:42 -------- d-----w- c:\program files (x86)\Yahoo!

2013-07-04 16:15 . 2013-07-04 16:22 -------- d-----w- c:\program files (x86)\Amnesia - The Dark Descent

2013-07-03 10:36 . 2010-02-04 02:01 74072 ----a-w- c:\windows\SysWow64\XAPOFX1_4.dll

2013-07-03 10:36 . 2010-02-04 02:01 528216 ----a-w- c:\windows\SysWow64\XAudio2_6.dll

2013-07-03 10:36 . 2010-02-04 02:01 238936 ----a-w- c:\windows\SysWow64\xactengine3_6.dll

2013-07-03 10:36 . 2010-02-04 02:01 22360 ----a-w- c:\windows\SysWow64\X3DAudio1_7.dll

2013-07-03 10:35 . 2009-03-09 07:27 4178264 ----a-w- c:\windows\SysWow64\D3DX9_41.dll

2013-07-02 13:38 . 2013-07-03 10:34 -------- d-----w- C:\GOG Games

2013-07-02 13:29 . 2013-07-02 13:29 -------- d-----w- c:\programdata\2DBoy

2013-07-02 13:29 . 2013-07-02 13:29 -------- d-----w- c:\program files (x86)\WorldOfGoo

2013-06-29 11:16 . 2013-06-29 17:27 -------- d-----w- c:\program files (x86)\GarenaLoLPH

2013-06-28 18:28 . 2013-06-28 18:31 -------- d-----w- c:\program files (x86)\WizTree

2013-06-28 13:27 . 2013-06-30 05:01 -------- d-----w- c:\program files (x86)\Garena Plus

2013-06-28 13:27 . 2013-07-10 12:25 -------- d-----w- c:\programdata\GarenaMessenger

2013-06-28 10:20 . 2013-06-28 13:03 -------- d-----w- C:\Diskeeper

2013-06-27 15:27 . 2013-06-27 15:27 -------- d-----w- c:\program files (x86)\Frontline Systems

2013-06-27 15:24 . 2013-06-27 15:24 -------- d-----w- c:\programdata\Reprise

2013-06-27 15:24 . 2013-06-27 15:25 -------- d-----w- c:\programdata\Frontline Systems

2013-06-27 13:57 . 2013-06-27 13:57 -------- dc-h--w- c:\programdata\{3FEE7452-4825-40BC-8A99-94EF27F43EE8}

2013-06-27 13:55 . 2013-06-27 13:55 -------- d-----w- c:\program files\Stardock

2013-06-27 13:55 . 2013-06-27 13:55 -------- d-----w- c:\programdata\Stardock

2013-06-27 12:26 . 2013-06-27 12:29 -------- d-----w- c:\program files (x86)\foobar2000

2013-06-27 11:43 . 2013-06-27 11:43 -------- d-----w- c:\program files (x86)\ReClock

2013-06-27 09:45 . 2013-06-27 09:45 -------- d-----w- c:\program files (x86)\LAV Filters

2013-06-27 09:31 . 2013-06-27 09:31 -------- d-----w- c:\program files (x86)\MPC-HC

2013-06-26 14:43 . 2013-06-26 14:43 -------- d-----w- c:\program files\Microsoft Games

2013-06-26 14:22 . 2009-02-02 10:27 7360512 ----a-w- c:\windows\system32\RTSUSTORicon.dll

2013-06-26 14:21 . 2009-09-02 01:58 225280 ----a-w- c:\windows\SysWow64\drivers\RtsUStor.sys

2013-06-26 14:21 . 2013-06-26 14:26 -------- d-----w- c:\program files (x86)\Realtek

2013-06-26 12:48 . 2013-06-26 12:48 -------- d-----w- c:\windows\AutoKMS

2013-06-26 12:44 . 2013-05-23 04:26 435512 ----a-w- c:\windows\system32\drivers\k57nd60a.sys

2013-06-26 12:37 . 2013-06-26 12:37 -------- d-----w- c:\programdata\IObit

2013-06-26 12:37 . 2013-06-26 12:37 -------- d-----w- c:\program files (x86)\IObit

2013-06-26 12:20 . 2013-06-26 12:20 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services

2013-06-26 12:19 . 2013-06-26 12:19 -------- d-----w- c:\windows\PCHEALTH

2013-06-26 12:19 . 2013-06-26 12:19 -------- d-----w- c:\program files (x86)\Microsoft Sync Framework

2013-06-26 12:19 . 2013-06-26 12:19 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition

2013-06-26 12:17 . 2013-06-26 12:17 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8

2013-06-26 12:16 . 2013-06-26 12:16 -------- d-----w- c:\program files\Microsoft Office

2013-06-26 12:16 . 2013-06-26 12:16 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services

2013-06-26 12:15 . 2013-06-26 12:25 -------- d-----w- c:\programdata\Microsoft Help

2013-06-26 12:14 . 2013-06-26 12:14 -------- d-----r- C:\MSOCache

2013-06-26 12:02 . 2013-06-26 12:02 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys

2013-06-26 12:02 . 2013-06-26 12:05 -------- d-----w- c:\program files (x86)\DAEMON Tools Pro

2013-06-26 12:01 . 2013-01-30 09:47 470880 ----a-w- c:\windows\SysWow64\d3dx10_43.dll

2013-06-26 12:01 . 2013-01-30 09:47 248672 ----a-w- c:\windows\SysWow64\d3dx11_43.dll

2013-06-26 12:01 . 2013-01-30 09:47 2106216 ----a-w- c:\windows\SysWow64\D3DCompiler_43.dll

2013-06-26 12:01 . 2013-01-30 09:47 1998168 ----a-w- c:\windows\SysWow64\D3DX9_43.dll

2013-06-26 12:00 . 2013-06-26 12:12 -------- d-----w- c:\programdata\DAEMON Tools Pro

2013-06-25 16:24 . 2013-06-25 16:24 -------- dc----w- c:\windows\system32\DRVSTORE

2013-06-25 16:24 . 2011-02-13 18:04 44624 ----a-w- c:\windows\system32\drivers\DKRtWrt.sys

2013-06-25 16:24 . 2013-06-25 16:24 -------- d-----w- c:\program files\Common Files\Diskeeper Corporation

2013-06-25 16:24 . 2013-06-25 16:24 -------- d-----w- c:\programdata\Diskeeper Corporation

2013-06-25 16:24 . 2013-06-25 16:24 -------- d-----w- c:\program files\Diskeeper Corporation

2013-06-25 15:48 . 2013-06-25 15:48 -------- d-----w- c:\program files (x86)\Microsoft Silverlight

2013-06-25 15:43 . 2013-06-16 18:10 9552976 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A01A6461-5FFB-48DE-9019-1BA9C4D16C58}\mpengine.dll

2013-06-25 15:21 . 2013-02-22 06:15 599040 ----a-w- c:\windows\system32\vbscript.dll

2013-06-25 15:21 . 2013-02-22 06:15 816640 ----a-w- c:\windows\system32\jscript.dll

2013-06-25 15:21 . 2013-02-22 06:13 2147840 ----a-w- c:\windows\system32\iertutil.dll

2013-06-25 15:21 . 2013-02-22 06:22 887808 ----a-w- c:\program files\Internet Explorer\iedvtool.dll

2013-06-25 15:21 . 2013-02-22 06:21 499200 ----a-w- c:\program files\Internet Explorer\jsdbgui.dll

2013-06-25 15:21 . 2013-02-22 03:39 678912 ----a-w- c:\program files (x86)\Internet Explorer\iedvtool.dll

2013-06-25 15:21 . 2013-02-22 03:38 387584 ----a-w- c:\program files (x86)\Internet Explorer\jsdbgui.dll

2013-06-25 15:21 . 2013-02-22 06:57 17817088 ----a-w- c:\windows\system32\mshtml.dll

2013-06-25 15:21 . 2013-02-22 06:29 10925568 ----a-w- c:\windows\system32\ieframe.dll

2013-06-25 14:35 . 2013-06-25 14:35 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2013-06-25 14:35 . 2013-04-04 06:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-06-25 14:02 . 2013-06-25 14:02 -------- d-----w- c:\windows\system32\SPReview

2013-06-25 14:02 . 2013-06-25 14:02 -------- d-----w- c:\windows\system32\EventProviders

2013-06-25 13:59 . 2013-06-02 09:11 75825640 ----a-w- c:\windows\system32\MRT.exe

2013-06-25 13:57 . 2010-11-20 13:27 1219584 ----a-w- c:\windows\system32\rpcrt4.dll

2013-06-25 13:56 . 2010-11-20 13:27 1363968 ----a-w- c:\windows\system32\wdc.dll

2013-06-25 13:55 . 2010-11-20 13:26 623104 ----a-w- c:\windows\system32\FXSAPI.dll

2013-06-25 13:53 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll

2013-06-25 13:53 . 2010-11-20 13:27 244736 ----a-w- c:\program files\Windows Portable Devices\sqmapi.dll

2013-06-25 13:53 . 2010-11-20 13:27 244736 ----a-w- c:\windows\system32\sqmapi.dll

2013-06-25 13:40 . 2013-06-25 13:40 -------- d-----w- c:\program files (x86)\Common Files\Adobe

2013-06-25 13:24 . 2013-06-25 13:24 -------- d-----w- c:\programdata\IDM

2013-06-25 13:23 . 2013-06-25 13:24 -------- d-----w- c:\program files (x86)\Internet Download Manager

2013-06-25 13:17 . 2013-06-26 12:19 -------- d-----w- c:\program files (x86)\Microsoft.NET

2013-06-25 04:44 . 2013-06-26 12:03 -------- d-----w- c:\windows\Panther

2013-06-24 17:44 . 2011-03-11 06:33 2565632 ----a-w- c:\windows\system32\esent.dll

2013-06-24 16:56 . 2013-06-25 16:37 -------- d-----w- c:\program files\CCleaner

2013-06-24 16:26 . 2013-06-24 16:26 -------- d-----w- c:\programdata\Malwarebytes

2013-06-24 15:20 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll

2013-06-24 15:20 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll

2013-06-24 15:20 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll

2013-06-24 15:20 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll

2013-06-24 15:20 . 2010-09-30 10:41 100864 ----a-w- c:\windows\system32\fontsub.dll

2013-06-24 15:20 . 2010-09-30 06:47 70656 ----a-w- c:\windows\SysWow64\fontsub.dll

2013-06-24 15:16 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2013-06-24 15:16 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll

2013-06-24 15:16 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll

2013-06-24 15:16 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll

2013-06-24 15:16 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll

2013-06-24 15:06 . 2013-06-24 15:06 -------- d-----w- c:\windows\SysWow64\Wat

2013-06-24 15:06 . 2013-06-24 15:06 -------- d-----w- c:\windows\system32\Wat

2013-06-24 14:55 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys

2013-06-24 14:55 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys

2013-06-24 14:55 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui

2013-06-24 14:55 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll

2013-06-24 14:53 . 2011-10-01 05:45 886784 ----a-w- c:\program files\Common Files\System\wab32.dll

2013-06-24 14:53 . 2011-10-01 04:37 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll

2013-06-24 14:53 . 2013-02-15 06:06 3717632 ----a-w- c:\windows\system32\mstscax.dll

2013-06-24 14:53 . 2013-02-15 04:37 3217408 ----a-w- c:\windows\SysWow64\mstscax.dll

2013-06-24 14:52 . 2013-02-15 06:08 44032 ----a-w- c:\windows\system32\tsgqec.dll

2013-06-24 14:52 . 2013-02-15 06:02 158720 ----a-w- c:\windows\system32\aaclient.dll

2013-06-24 14:52 . 2013-02-15 04:34 131584 ----a-w- c:\windows\SysWow64\aaclient.dll

2013-06-24 14:52 . 2013-02-15 03:25 36864 ----a-w- c:\windows\SysWow64\tsgqec.dll

2013-06-24 14:52 . 2010-12-23 10:42 961024 ----a-w- c:\windows\system32\CPFilters.dll

2013-06-24 14:52 . 2010-12-23 10:42 1118720 ----a-w- c:\windows\system32\sbe.dll

2013-06-24 14:52 . 2010-12-23 10:36 259072 ----a-w- c:\windows\system32\mpg2splt.ax

2013-06-24 14:52 . 2010-12-23 05:54 850944 ----a-w- c:\windows\SysWow64\sbe.dll

2013-06-24 14:52 . 2010-12-23 05:54 642048 ----a-w- c:\windows\SysWow64\CPFilters.dll

.

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-06-25 14:08 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll

2013-06-25 14:08 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll

.

.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2013-06-25 3573624]

"DAEMON Tools Pro Agent"="c:\program files (x86)\DAEMON Tools Pro\DTAgent.exe" [2012-10-23 3108480]

"F.lux"="c:\users\Tong\Local Settings\Apps\F.lux\flux.exe" [2009-08-29 966656]

"GarenaPlus"="c:\program files (x86)\Garena Plus\GarenaMessenger.exe" [2013-06-19 9873200]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-11 253816]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576]

"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

3;3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]

R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]

R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena Plus\Room\safedrv.sys;c:\program files (x86)\Garena Plus\Room\safedrv.sys [x]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [x]

S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfp.sys [x]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]

S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]

S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys;c:\windows\SYSNATIVE\DRIVERS\EpfwLWF.sys [x]

S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]

S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [x]

S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]

S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys;c:\windows\SYSNATIVE\DRIVERS\idmwfp.sys [x]

S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys;c:\windows\SYSNATIVE\DRIVERS\CAXHWAZL.sys [x]

S3 DKRtWrt;DKRtWrt;c:\windows\system32\DRIVERS\DKRtWrt.sys;c:\windows\SYSNATIVE\DRIVERS\DKRtWrt.sys [x]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]

S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]

S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - PGLOIPOD

*Deregistered* - pgloipod

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-06-24 13:37 1165776 ----a-w- c:\program files (x86)\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe

.

Contents of the 'Scheduled Tasks' folder

.

2013-07-10 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-06 05:42]

.

2013-07-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-24 13:21]

.

2013-07-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-24 13:21]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]

@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"

[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]

2012-11-15 23:07 23496 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-08-09 167744]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-08-09 392512]

"Persistence"="c:\windows\system32\igfxpers.exe" [2012-08-09 417088]

"PLFSetI"="c:\windows\PLFSetI.exe" [2013-06-24 200704]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-13 8224800]

"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-09-22 4035152]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]

"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Fences Pro\FencesMenu64.dll" [2010-07-22 464744]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uInternet Settings,ProxyServer = proxy7.upd.edu.ph:8080

IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm

IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 192.168.1.2

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2013-07-10  22:36:38

ComboFix-quarantined-files.txt  2013-07-10 14:36

.

Pre-Run: 141,588,664,320 bytes free

Post-Run: 141,535,150,080 bytes free

.

- - End Of File - - 50E9E4A8A5687DC4CF42D80D3FF148F3

A36C5E4F47E84449FF07ED3517B43A31
Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.