ThottiePippen Posted July 30, 2013 ID:708925 Share Posted July 30, 2013 During Setup I get error: "CoCreateInstance failed; code 0x80040154. Class not registered" at the end of setup for creating the following shortcuts: Malwarebytes Anti-Malware.InkMalwarebytes Anti-Malware Help.InkMalwarebytes Anti-Malware Chameleon.InkUninstall Malwarebytes Anti-Malware.Ink DDS Logs:DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16635 BrowserJavaVersion: 10.25.2Run by user at 14:21:28 on 2013-07-30.============== Running Processes ===============..============== Pseudo HJT Report ===============.mWinlogon: Userinit = userinit.exeBHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - <orphaned>BHO: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - <orphaned>BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - <orphaned>uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZEDuRun: [Actual Multiple Monitors] "C:\Program Files (x86)\Actual Multiple Monitors\ActualMultipleMonitorsCenter.exe"uRun: [EasyTether] "C:\Program Files\Mobile Stream\EasyTether\easytthr.exe"uRun: [Registry Cleaner Scheduler] "C:\Program Files (x86)\CleanMyPC\Registry Cleaner\RCHelper.exe" /startupmRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe"mRun: [ZoneAlarm] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe"mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silentStartupFolder: C:\Users\user\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exeStartupFolder: C:\Users\user\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MAGICD~1.LNK - C:\Program Files (x86)\MagicDisc\MagicDisc.exemPolicies-Explorer: NoActiveDesktop = dword:1mPolicies-Explorer: NoActiveDesktopChanges = dword:1mPolicies-System: ConsentPromptBehaviorAdmin = dword:5mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableUIADesktopToggle = dword:0IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - <orphaned>IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}TCP: NameServer = 8.8.8.8 8.8.4.4TCP: Interfaces\{0FCE2BE2-45FB-4516-83C6-44D14CC2BEFD} : DHCPNameServer = 8.8.8.8 8.8.4.4TCP: Interfaces\{219A1298-F063-4891-BCA9-768CA5BAF90B} : DHCPNameServer = 192.168.42.129TCP: Interfaces\{A05B63DF-38FB-4E26-BC09-0DB7A5B3C580} : DHCPNameServer = 192.168.42.129SSODL: WebCheck - <orphaned>mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chromeCLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - <is not referencing any dll>x64-BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dllx64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dllx64-BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dllx64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dllx64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dllx64-BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dllx64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkeyx64-IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dllx64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dllx64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dllx64-SSODL: WebCheck - <orphaned>.============= SERVICES / DRIVERS ===============..=============== Created Last 30 ================.2013-07-30 00:39:46 -------- d-----w- C:\Users\user\AppData\Roaming\Malwarebytes2013-07-30 00:39:23 -------- d-----w- C:\ProgramData\Malwarebytes2013-07-30 00:39:21 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys2013-07-30 00:39:21 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware2013-07-29 18:24:35 -------- d-----w- C:\Users\user\AppData\Roaming\CleanMyPC Software2013-07-29 18:21:52 -------- d-----w- C:\Program Files (x86)\CleanMyPC2013-07-29 18:16:33 941720 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6803ED18-AFBA-41AF-9B3D-78A2E4A014D8}\gapaengine.dll2013-07-29 18:16:26 9460976 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D37528BE-B96C-4021-9AA8-98CCF0D67919}\mpengine.dll2013-07-29 18:07:54 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client2013-07-29 18:07:51 -------- d-----w- C:\Program Files\Microsoft Security Client2013-07-29 17:49:59 -------- d-----w- C:\Program Files\Perfect Uninstaller2013-07-28 23:15:53 -------- d-----w- C:\Windows\ehome2013-07-28 22:46:32 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll2013-07-28 20:11:10 -------- d-----w- C:\Users\user\AppData\Roaming\Ashampoo2013-07-28 20:03:21 -------- d-----w- C:\Users\user\AppData\Local\ashampoo2013-07-28 20:03:21 -------- d-----w- C:\ProgramData\ashampoo2013-07-28 20:02:21 -------- d-----w- C:\Program Files (x86)\Ashampoo2013-07-28 01:23:41 458584 ----a-w- C:\Windows\System32\drivers\SET3631.tmp2013-07-28 01:23:33 89944 ----a-w- C:\Windows\System32\drivers\SET1D93.tmp2013-07-28 01:23:33 613720 ----a-w- C:\Windows\System32\drivers\SET19BB.tmp2013-07-27 21:29:40 -------- d-----w- C:\Program Files (x86)\CheckPoint2013-07-27 21:29:12 -------- d-----w- C:\ProgramData\CheckPoint2013-07-27 21:23:06 31800 ----a-w- C:\Windows\System32\drivers\revoflt.sys2013-07-27 21:05:47 1643520 ----a-w- C:\Windows\System32\DWrite.dll2013-07-27 21:05:47 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll2013-07-27 21:03:07 9460976 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6446C2DD-53DD-49E6-9A8B-85DA3F160CA7}\mpengine.dll2013-07-27 21:02:29 3153920 ----a-w- C:\Windows\System32\win32k.sys2013-07-27 21:02:24 936448 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll2013-07-27 21:02:24 1732608 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL2013-07-27 21:02:24 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll2013-07-27 21:02:24 1393152 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll2013-07-27 21:02:24 1367040 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll2013-07-27 20:58:59 21704 ----a-w- C:\Windows\System32\drivers\easytthr.sys2013-07-27 20:58:59 -------- d-----w- C:\Program Files\Mobile Stream2013-07-27 20:58:51 -------- d-----w- C:\ProgramData\Package Cache2013-07-22 20:47:50 571904 ----a-w- C:\Program Files\Windows Defender\MpClient.dll2013-07-22 20:47:50 392704 ----a-w- C:\Program Files (x86)\Windows Defender\MpClient.dll2013-07-22 20:47:50 314880 ----a-w- C:\Program Files\Windows Defender\MpCommu.dll2013-07-22 20:47:50 1011712 ----a-w- C:\Program Files\Windows Defender\MpSvc.dll2013-07-22 20:47:49 9216 ----a-w- C:\Program Files (x86)\Windows Defender\MpAsDesc.dll2013-07-22 20:47:49 54784 ----a-w- C:\Program Files (x86)\Windows Defender\MpOAV.dll2013-07-22 20:47:49 4608 ----a-w- C:\Program Files (x86)\Windows Defender\MsMpLics.dll2013-07-22 20:47:37 624128 ----a-w- C:\Windows\System32\qedit.dll2013-07-22 20:47:37 509440 ----a-w- C:\Windows\SysWow64\qedit.dll2013-07-22 20:47:34 1887744 ----a-w- C:\Windows\System32\WMVDECOD.DLL2013-07-22 20:47:34 1620480 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL2013-07-22 19:34:03 -------- d-----w- C:\Program Files (x86)\PCSX2 1.0.02013-07-20 22:28:26 -------- dc----w- C:\Users\user\AppData\Local\MigWiz2013-07-15 23:26:34 -------- d-----w- C:\Games.==================== Find3M ====================.2013-07-28 22:46:25 867240 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll2013-07-28 22:46:25 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll2013-06-19 01:50:08 247216 ----a-w- C:\Windows\System32\drivers\MpFilter.sys2013-06-19 01:50:08 139616 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys2013-06-13 20:34:16 451096 ----a-w- C:\Windows\System32\drivers\vsdatant.sys2013-06-11 23:43:37 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll2013-06-11 23:43:00 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll2013-06-11 23:42:58 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll2013-06-11 23:42:58 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll2013-06-11 23:26:20 2241024 ----a-w- C:\Windows\System32\wininet.dll2013-06-11 23:25:16 3958784 ----a-w- C:\Windows\System32\jscript9.dll2013-06-11 23:25:13 67072 ----a-w- C:\Windows\System32\iesetup.dll2013-06-11 23:25:13 136704 ----a-w- C:\Windows\System32\iesysprep.dll2013-06-11 22:51:45 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe2013-06-11 22:50:58 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe2013-06-07 03:22:18 2706432 ----a-w- C:\Windows\System32\mshtml.tlb2013-06-07 02:37:52 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb2013-05-13 05:51:01 184320 ----a-w- C:\Windows\System32\cryptsvc.dll2013-05-13 05:51:00 1464320 ----a-w- C:\Windows\System32\crypt32.dll2013-05-13 05:51:00 139776 ----a-w- C:\Windows\System32\cryptnet.dll2013-05-13 05:50:40 52224 ----a-w- C:\Windows\System32\certenc.dll2013-05-13 04:45:55 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll2013-05-13 04:45:55 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll2013-05-13 04:45:55 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll2013-05-13 03:43:55 1192448 ----a-w- C:\Windows\System32\certutil.exe2013-05-13 03:08:10 903168 ----a-w- C:\Windows\SysWow64\certutil.exe2013-05-13 03:08:06 43008 ----a-w- C:\Windows\SysWow64\certenc.dll2013-05-08 06:39:01 1910632 ----a-w- C:\Windows\System32\drivers\tcpip.sys2013-05-02 15:29:56 278800 ------w- C:\Windows\System32\MpSigStub.exe.============= FINISH: 14:21:55.00 =============== Link to post Share on other sites More sharing options...
ThottiePippen Posted July 30, 2013 Author ID:708933 Share Posted July 30, 2013 I have ran Malwarebytes Anti-Rootkit. My pc wont allow me to upload documents so I have to past my Mbar logs here. ---------------------------------------Malwarebytes Anti-Rootkit BETA 1.06.0.1004 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 10.0.9200.16635 File system is: NTFSDisk drives: C:\ DRIVE_FIXEDCPU speed: 2.405000 GHzMemory total: 4293451776, free: 2454806528 Downloaded database version: v2013.07.30.08Downloaded database version: v2013.07.29.01Initializing...------------ Kernel report ------------ 07/30/2013 14:29:26------------ Loaded modules -----------\SystemRoot\system32\ntoskrnl.exe\SystemRoot\system32\hal.dll\SystemRoot\system32\kdcom.dll\SystemRoot\system32\mcupdate_AuthenticAMD.dll\SystemRoot\system32\PSHED.dll\SystemRoot\system32\CLFS.SYS\SystemRoot\system32\CI.dll\SystemRoot\system32\drivers\Wdf01000.sys\SystemRoot\system32\drivers\WDFLDR.SYS\SystemRoot\system32\drivers\ACPI.sys\SystemRoot\system32\drivers\WMILIB.SYS\SystemRoot\system32\drivers\msisadrv.sys\SystemRoot\system32\drivers\pci.sys\SystemRoot\system32\drivers\vdrvroot.sys\SystemRoot\system32\DRIVERS\kl1.sys\SystemRoot\System32\drivers\partmgr.sys\SystemRoot\system32\drivers\volmgr.sys\SystemRoot\System32\drivers\volmgrx.sys\SystemRoot\system32\drivers\pciide.sys\SystemRoot\system32\drivers\PCIIDEX.SYS\SystemRoot\System32\drivers\mountmgr.sys\SystemRoot\system32\drivers\atapi.sys\SystemRoot\system32\drivers\ataport.SYS\SystemRoot\system32\drivers\nvstor.sys\SystemRoot\system32\drivers\storport.sys\SystemRoot\system32\drivers\amdxata.sys\SystemRoot\system32\drivers\fltmgr.sys\SystemRoot\system32\drivers\fileinfo.sys\SystemRoot\system32\DRIVERS\MpFilter.sys\SystemRoot\System32\Drivers\Ntfs.sys\SystemRoot\System32\Drivers\msrpc.sys\SystemRoot\System32\Drivers\ksecdd.sys\SystemRoot\System32\Drivers\cng.sys\SystemRoot\System32\drivers\pcw.sys\SystemRoot\System32\Drivers\Fs_Rec.sys\SystemRoot\system32\drivers\ndis.sys\SystemRoot\system32\drivers\NETIO.SYS\SystemRoot\System32\Drivers\ksecpkg.sys\SystemRoot\System32\drivers\tcpip.sys\SystemRoot\System32\drivers\fwpkclnt.sys\SystemRoot\system32\drivers\volsnap.sys\SystemRoot\System32\Drivers\spldr.sys\SystemRoot\System32\drivers\rdyboost.sys\SystemRoot\System32\Drivers\mup.sys\SystemRoot\System32\drivers\hwpolicy.sys\SystemRoot\System32\DRIVERS\fvevol.sys\SystemRoot\system32\drivers\disk.sys\SystemRoot\system32\drivers\CLASSPNP.SYS\SystemRoot\system32\DRIVERS\cdrom.sys\SystemRoot\system32\DRIVERS\klif.sys\SystemRoot\system32\DRIVERS\klflt.sys\SystemRoot\System32\Drivers\Null.SYS\SystemRoot\System32\Drivers\Beep.SYS\SystemRoot\System32\drivers\vga.sys\SystemRoot\System32\drivers\VIDEOPRT.SYS\SystemRoot\System32\drivers\watchdog.sys\SystemRoot\System32\DRIVERS\RDPCDD.sys\SystemRoot\system32\drivers\rdpencdd.sys\SystemRoot\system32\drivers\rdprefmp.sys\SystemRoot\System32\Drivers\Msfs.SYS\SystemRoot\System32\Drivers\Npfs.SYS\SystemRoot\system32\DRIVERS\tdx.sys\SystemRoot\system32\DRIVERS\TDI.SYS\SystemRoot\system32\DRIVERS\kltdi.sys\SystemRoot\System32\DRIVERS\netbt.sys\SystemRoot\system32\drivers\afd.sys\SystemRoot\system32\DRIVERS\vsdatant.sys\SystemRoot\system32\DRIVERS\wfplwf.sys\SystemRoot\system32\DRIVERS\pacer.sys\SystemRoot\system32\DRIVERS\klim6.sys\SystemRoot\system32\DRIVERS\netbios.sys\SystemRoot\system32\DRIVERS\wanarp.sys\SystemRoot\system32\DRIVERS\termdd.sys\SystemRoot\system32\DRIVERS\rdbss.sys\SystemRoot\system32\drivers\nsiproxy.sys\SystemRoot\system32\DRIVERS\mssmbios.sys\SystemRoot\system32\DRIVERS\kneps.sys\SystemRoot\System32\drivers\discache.sys\SystemRoot\System32\Drivers\dfsc.sys\SystemRoot\system32\DRIVERS\blbdrive.sys\SystemRoot\system32\DRIVERS\easytthr.sys\SystemRoot\system32\DRIVERS\tunnel.sys\SystemRoot\system32\DRIVERS\amdk8.sys\SystemRoot\system32\DRIVERS\nvlddmkm.sys\SystemRoot\System32\drivers\dxgkrnl.sys\SystemRoot\System32\drivers\dxgmms1.sys\SystemRoot\system32\DRIVERS\HDAudBus.sys\SystemRoot\system32\DRIVERS\usbohci.sys\SystemRoot\system32\DRIVERS\USBPORT.SYS\SystemRoot\system32\DRIVERS\usbehci.sys\SystemRoot\system32\DRIVERS\1394ohci.sys\SystemRoot\system32\DRIVERS\VSTBS26.SYS\SystemRoot\system32\DRIVERS\ks.sys\SystemRoot\system32\DRIVERS\VSTDPV6.SYS\SystemRoot\system32\DRIVERS\VSTCNXT6.SYS\SystemRoot\system32\drivers\modem.sys\SystemRoot\system32\DRIVERS\nvm62x64.sys\SystemRoot\system32\DRIVERS\i8042prt.sys\SystemRoot\system32\DRIVERS\klkbdflt.sys\SystemRoot\system32\DRIVERS\kbdclass.sys\SystemRoot\system32\DRIVERS\CompositeBus.sys\SystemRoot\system32\DRIVERS\AgileVpn.sys\SystemRoot\system32\DRIVERS\rasl2tp.sys\SystemRoot\system32\DRIVERS\ndistapi.sys\SystemRoot\system32\DRIVERS\ndiswan.sys\SystemRoot\system32\DRIVERS\raspppoe.sys\SystemRoot\system32\DRIVERS\raspptp.sys\SystemRoot\system32\DRIVERS\rassstp.sys\SystemRoot\system32\DRIVERS\mouclass.sys\SystemRoot\system32\DRIVERS\mcdbus.sys\SystemRoot\system32\DRIVERS\SCSIPORT.SYS\SystemRoot\system32\DRIVERS\swenum.sys\SystemRoot\system32\DRIVERS\umbus.sys\SystemRoot\system32\DRIVERS\usbhub.sys\SystemRoot\System32\Drivers\NDProxy.SYS\SystemRoot\system32\drivers\HdAudio.sys\SystemRoot\system32\drivers\portcls.sys\SystemRoot\system32\drivers\drmk.sys\SystemRoot\system32\drivers\ksthunk.sys\SystemRoot\system32\DRIVERS\cdfs.sys\SystemRoot\System32\win32k.sys\SystemRoot\System32\drivers\Dxapi.sys\SystemRoot\System32\Drivers\crashdmp.sys\SystemRoot\System32\Drivers\dump_diskdump.sys\SystemRoot\System32\Drivers\dump_nvstor.sys\SystemRoot\System32\Drivers\dump_dumpfve.sys\SystemRoot\system32\DRIVERS\monitor.sys\SystemRoot\System32\TSDDD.dll\SystemRoot\system32\DRIVERS\hidusb.sys\SystemRoot\system32\DRIVERS\HIDCLASS.SYS\SystemRoot\system32\DRIVERS\HIDPARSE.SYS\SystemRoot\system32\DRIVERS\USBD.SYS\SystemRoot\System32\cdd.dll\SystemRoot\system32\DRIVERS\mouhid.sys\SystemRoot\system32\DRIVERS\klmouflt.sys\SystemRoot\system32\DRIVERS\USBSTOR.SYS\SystemRoot\system32\DRIVERS\MijXfilt.sys\SystemRoot\system32\DRIVERS\xusb21.sys\SystemRoot\system32\DRIVERS\kbdhid.sys\SystemRoot\system32\drivers\luafv.sys\SystemRoot\system32\drivers\WudfPf.sys\SystemRoot\system32\DRIVERS\lltdio.sys\SystemRoot\system32\DRIVERS\rspndr.sys\SystemRoot\System32\Drivers\fastfat.SYS\SystemRoot\system32\drivers\HTTP.sys\SystemRoot\system32\DRIVERS\bowser.sys\SystemRoot\System32\drivers\mpsdrv.sys\SystemRoot\system32\DRIVERS\mrxsmb.sys\SystemRoot\system32\DRIVERS\mrxsmb10.sys\SystemRoot\system32\DRIVERS\mrxsmb20.sys\SystemRoot\system32\DRIVERS\NisDrvWFP.sys\SystemRoot\system32\drivers\peauth.sys\SystemRoot\System32\Drivers\secdrv.SYS\SystemRoot\System32\DRIVERS\srvnet.sys\SystemRoot\System32\drivers\tcpipreg.sys\SystemRoot\System32\DRIVERS\srv2.sys\SystemRoot\System32\DRIVERS\srv.sys\SystemRoot\system32\DRIVERS\WUDFRd.sys\SystemRoot\system32\DRIVERS\usbccgp.sys\SystemRoot\system32\DRIVERS\WinUsb.sys\??\C:\Windows\system32\drivers\mbamchameleon.sys\??\C:\Windows\system32\drivers\mbamswissarmy.sys\Windows\System32\ntdll.dll\Windows\System32\smss.exe\Windows\System32\apisetschema.dll\Windows\System32\autochk.exe\Windows\System32\lpk.dll\Windows\System32\nsi.dll\Windows\System32\oleaut32.dll\Windows\System32\usp10.dll\Windows\System32\shlwapi.dll\Windows\System32\advapi32.dll\Windows\System32\sechost.dll\Windows\System32\difxapi.dll\Windows\System32\psapi.dll\Windows\System32\wininet.dll\Windows\System32\shell32.dll\Windows\System32\kernel32.dll\Windows\System32\comdlg32.dll\Windows\System32\rpcrt4.dll\Windows\System32\user32.dll\Windows\System32\msctf.dll\Windows\System32\imagehlp.dll\Windows\System32\gdi32.dll\Windows\System32\iertutil.dll\Windows\System32\imm32.dll\Windows\System32\normaliz.dll\Windows\System32\clbcatq.dll\Windows\System32\Wldap32.dll\Windows\System32\urlmon.dll\Windows\System32\setupapi.dll\Windows\System32\ws2_32.dll\Windows\System32\msvcrt.dll\Windows\System32\ole32.dll\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll\Windows\System32\devobj.dll\Windows\System32\crypt32.dll\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll\Windows\System32\cfgmgr32.dll\Windows\System32\wintrust.dll\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll\Windows\System32\comctl32.dll\Windows\System32\KernelBase.dll\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll\Windows\System32\msasn1.dll\Windows\SysWOW64\normaliz.dll----------- End -----------Done!<<<1>>>Upper Device Name: \Device\Harddisk7\DR13Upper Device Object: 0xfffffa8003f3f3c0Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\000000a8\Lower Device Object: 0xfffffa8003f94060Lower Device Driver Name: \Driver\USBSTOR\<<<1>>>Upper Device Name: \Device\Harddisk6\DR12Upper Device Object: 0xfffffa80049c9790Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\000000a7\Lower Device Object: 0xfffffa8004985060Lower Device Driver Name: \Driver\USBSTOR\<<<1>>>Upper Device Name: \Device\Harddisk5\DR5Upper Device Object: 0xfffffa8006086790Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\00000080\Lower Device Object: 0xfffffa8006019b60Lower Device Driver Name: \Driver\USBSTOR\<<<1>>>Upper Device Name: \Device\Harddisk4\DR4Upper Device Object: 0xfffffa8006081060Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\0000007f\Lower Device Object: 0xfffffa800606bb60Lower Device Driver Name: \Driver\USBSTOR\<<<1>>>Upper Device Name: \Device\Harddisk3\DR3Upper Device Object: 0xfffffa8006083790Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\0000007e\Lower Device Object: 0xfffffa8005ff7060Lower Device Driver Name: \Driver\USBSTOR\<<<1>>>Upper Device Name: \Device\Harddisk2\DR2Upper Device Object: 0xfffffa800607e790Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\0000007d\Lower Device Object: 0xfffffa8005fed550Lower Device Driver Name: \Driver\USBSTOR\<<<1>>>Upper Device Name: \Device\Harddisk1\DR1Upper Device Object: 0xfffffa8005e9e060Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\00000075\Lower Device Object: 0xfffffa8005e9ab60Lower Device Driver Name: \Driver\USBSTOR\<<<1>>>Upper Device Name: \Device\Harddisk0\DR0Upper Device Object: 0xfffffa80043e3060Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\00000059\Lower Device Object: 0xfffffa800426e550Lower Device Driver Name: \Driver\nvstor\<<<2>>>Device number: 0, partition: 2Physical Sector Size: 512Drive: 0, DevicePointer: 0xfffffa80043e3060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xfffffa80043e3b90, DeviceName: Unknown, DriverName: \Driver\partmgr\DevicePointer: 0xfffffa80043e3060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\DevicePointer: 0xfffffa80042a1e40, DeviceName: Unknown, DriverName: \Driver\ACPI\DevicePointer: 0xfffffa800426e550, DeviceName: \Device\00000059\, DriverName: \Driver\nvstor\------------ End ----------Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\Upper DeviceData: 0x0, 0x0, 0x0Lower DeviceData: 0x0, 0x0, 0x0<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes<<<2>>>Device number: 0, partition: 2<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesScanning drivers directory: C:\Windows\system32\drivers...<<<2>>>Device number: 0, partition: 2<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesDone!Drive 0Scanning MBR on drive 0...Inspecting partition table:MBR Signature: 55AADisk Signature: 8000000 Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 2048 Numsec = 204800 Partition file system is NTFS Partition is bootable Partition 1 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 206848 Numsec = 488069120 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 249998918144 bytesSector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-2047-488259137-488279137)...Done!Physical Sector Size: 512Drive: 1, DevicePointer: 0xfffffa8005e9e060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xfffffa8005e9eb90, DeviceName: Unknown, DriverName: \Driver\partmgr\DevicePointer: 0xfffffa8005e9e060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\DevicePointer: 0xfffffa8005e9ab60, DeviceName: \Device\00000075\, DriverName: \Driver\USBSTOR\------------ End ----------Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\Upper DeviceData: 0x0, 0x0, 0x0Lower DeviceData: 0x0, 0x0, 0x0Drive 1Scanning MBR on drive 1...Inspecting partition table:MBR Signature: 55AADisk Signature: 1C231B8D Partition information: Partition 0 type is Other (0x6) Partition is NOT ACTIVE. Partition starts at LBA: 1504 Numsec = 3889696 Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 1992294400 bytesSector size: 512 bytes Done!Physical Sector Size: 0Drive: 2, DevicePointer: 0xfffffa800607e790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xfffffa8006080040, DeviceName: Unknown, DriverName: \Driver\partmgr\DevicePointer: 0xfffffa800607e790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\DevicePointer: 0xfffffa8005fed550, DeviceName: \Device\0000007d\, DriverName: \Driver\USBSTOR\------------ End ----------Physical Sector Size: 0Drive: 3, DevicePointer: 0xfffffa8006083790, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xfffffa8006082040, DeviceName: Unknown, DriverName: \Driver\partmgr\DevicePointer: 0xfffffa8006083790, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\DevicePointer: 0xfffffa8005ff7060, DeviceName: \Device\0000007e\, DriverName: \Driver\USBSTOR\------------ End ----------Physical Sector Size: 0Drive: 4, DevicePointer: 0xfffffa8006081060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xfffffa80060832c0, DeviceName: Unknown, DriverName: \Driver\partmgr\DevicePointer: 0xfffffa8006081060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\DevicePointer: 0xfffffa800606bb60, DeviceName: \Device\0000007f\, DriverName: \Driver\USBSTOR\------------ End ----------Physical Sector Size: 0Drive: 5, DevicePointer: 0xfffffa8006086790, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xfffffa8006082690, DeviceName: Unknown, DriverName: \Driver\partmgr\DevicePointer: 0xfffffa8006086790, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\DevicePointer: 0xfffffa8006019b60, DeviceName: \Device\00000080\, DriverName: \Driver\USBSTOR\------------ End ----------Physical Sector Size: 512Drive: 6, DevicePointer: 0xfffffa80049c9790, DeviceName: \Device\Harddisk6\DR12\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xfffffa8004a21700, DeviceName: Unknown, DriverName: \Driver\partmgr\DevicePointer: 0xfffffa80049c9790, DeviceName: \Device\Harddisk6\DR12\, DriverName: \Driver\Disk\DevicePointer: 0xfffffa8004985060, DeviceName: \Device\000000a7\, DriverName: \Driver\USBSTOR\------------ End ----------Alternate DeviceName: \Device\Harddisk6\DR12\, DriverName: \Driver\Disk\Upper DeviceData: 0x0, 0x0, 0x0Lower DeviceData: 0x0, 0x0, 0x0Drive 6Scanning MBR on drive 6...Inspecting partition table:MBR Signature: 55AADisk Signature: 0 Partition information: Partition 0 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 8603435008 bytesSector size: 512 bytes Done!Physical Sector Size: 512Drive: 7, DevicePointer: 0xfffffa8003f3f3c0, DeviceName: \Device\Harddisk7\DR13\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xfffffa800576cac0, DeviceName: Unknown, DriverName: \Driver\partmgr\DevicePointer: 0xfffffa8003f3f3c0, DeviceName: \Device\Harddisk7\DR13\, DriverName: \Driver\Disk\DevicePointer: 0xfffffa8003f94060, DeviceName: \Device\000000a8\, DriverName: \Driver\USBSTOR\------------ End ----------Alternate DeviceName: \Device\Harddisk7\DR13\, DriverName: \Driver\Disk\Upper DeviceData: 0x0, 0x0, 0x0Lower DeviceData: 0x0, 0x0, 0x0Drive 7Scanning MBR on drive 7...Inspecting partition table:MBR Signature: 55AADisk Signature: 0 Partition information: Partition 0 type is Other (0xc) Partition is ACTIVE. Partition starts at LBA: 2048 Numsec = 31114240 Partition file system is FAT32 Partition is not bootable Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 15931539456 bytesSector size: 512 bytes Done!Infected: c:\Users\user\AppData\Local\Temp\aeuwonpn.dll --> [Trojan.MSIL.Inject]Infected: c:\Users\user\AppData\Local\Temp\pmd9vklq.dll --> [Trojan.MSIL.Inject]Infected: c:\Users\user\AppData\Local\Temp\atqq_4yx.dll --> [Trojan.MSIL.Inject]Infected: c:\Users\user\AppData\Roaming\dclogs\2013-04-23-3.dc --> [stolen.Data]Infected: c:\Users\user\AppData\Roaming\dclogs --> [stolen.Data]Infected: c:\Users\user\AppData\Local\Temp\AppLaunch\msnmsgr.exe --> [Trojan.Agent]Infected: HKCU\SOFTWARE\DC3_FEXEC --> [Malware.Trace]Scan finishedCreating System Restore point...Could not create restore point...Cleaning up...Removal scheduling successful. System shutdown needed.System shutdown occurred======================================= Removal queue found; removal startedRemoving c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_0_2048_i.mbam...Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_1_i.mbam...Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_1_r.mbam...Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_6_i.mbam...Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_6_r.mbam...Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_7_i.mbam...Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_7_0_2048_i.mbam...Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_7_r.mbam...Removal finished---------------------------------------Malwarebytes Anti-Rootkit BETA 1.06.0.1004 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 10.0.9200.16635 File system is: NTFSDisk drives: C:\ DRIVE_FIXEDCPU speed: 2.405000 GHzMemory total: 4293451776, free: 2311356416 Initializing...------------ Kernel report ------------ 07/30/2013 14:45:46------------ Loaded modules -----------\SystemRoot\system32\ntoskrnl.exe\SystemRoot\system32\hal.dll\SystemRoot\system32\kdcom.dll\SystemRoot\system32\mcupdate_AuthenticAMD.dll\SystemRoot\system32\PSHED.dll\SystemRoot\system32\CLFS.SYS\SystemRoot\system32\CI.dll\SystemRoot\system32\drivers\Wdf01000.sys\SystemRoot\system32\drivers\WDFLDR.SYS\SystemRoot\system32\drivers\ACPI.sys\SystemRoot\system32\drivers\WMILIB.SYS\SystemRoot\system32\drivers\msisadrv.sys\SystemRoot\system32\drivers\pci.sys\SystemRoot\system32\drivers\vdrvroot.sys\SystemRoot\system32\DRIVERS\kl1.sys\SystemRoot\System32\drivers\partmgr.sys\SystemRoot\system32\drivers\volmgr.sys\SystemRoot\System32\drivers\volmgrx.sys\SystemRoot\system32\drivers\pciide.sys\SystemRoot\system32\drivers\PCIIDEX.SYS\SystemRoot\System32\drivers\mountmgr.sys\SystemRoot\system32\drivers\atapi.sys\SystemRoot\system32\drivers\ataport.SYS\SystemRoot\system32\drivers\nvstor.sys\SystemRoot\system32\drivers\storport.sys\SystemRoot\system32\drivers\amdxata.sys\SystemRoot\system32\drivers\fltmgr.sys\SystemRoot\system32\drivers\fileinfo.sys\SystemRoot\system32\DRIVERS\MpFilter.sys\SystemRoot\System32\Drivers\Ntfs.sys\SystemRoot\System32\Drivers\msrpc.sys\SystemRoot\System32\Drivers\ksecdd.sys\SystemRoot\System32\Drivers\cng.sys\SystemRoot\System32\drivers\pcw.sys\SystemRoot\System32\Drivers\Fs_Rec.sys\SystemRoot\system32\drivers\ndis.sys\SystemRoot\system32\drivers\NETIO.SYS\SystemRoot\System32\Drivers\ksecpkg.sys\SystemRoot\System32\drivers\tcpip.sys\SystemRoot\System32\drivers\fwpkclnt.sys\SystemRoot\system32\drivers\volsnap.sys\SystemRoot\System32\Drivers\spldr.sys\SystemRoot\System32\drivers\rdyboost.sys\SystemRoot\System32\Drivers\mup.sys\SystemRoot\System32\drivers\hwpolicy.sys\SystemRoot\System32\DRIVERS\fvevol.sys\SystemRoot\system32\drivers\disk.sys\SystemRoot\system32\drivers\CLASSPNP.SYS\SystemRoot\system32\DRIVERS\cdrom.sys\SystemRoot\system32\DRIVERS\klif.sys\SystemRoot\system32\DRIVERS\klflt.sys\SystemRoot\System32\Drivers\Null.SYS\SystemRoot\System32\Drivers\Beep.SYS\SystemRoot\System32\drivers\vga.sys\SystemRoot\System32\drivers\VIDEOPRT.SYS\SystemRoot\System32\drivers\watchdog.sys\SystemRoot\System32\DRIVERS\RDPCDD.sys\SystemRoot\system32\drivers\rdpencdd.sys\SystemRoot\system32\drivers\rdprefmp.sys\SystemRoot\System32\Drivers\Msfs.SYS\SystemRoot\System32\Drivers\Npfs.SYS\SystemRoot\system32\DRIVERS\tdx.sys\SystemRoot\system32\DRIVERS\TDI.SYS\SystemRoot\system32\DRIVERS\kltdi.sys\SystemRoot\System32\DRIVERS\netbt.sys\SystemRoot\system32\drivers\afd.sys\SystemRoot\system32\DRIVERS\vsdatant.sys\SystemRoot\system32\DRIVERS\wfplwf.sys\SystemRoot\system32\DRIVERS\pacer.sys\SystemRoot\system32\DRIVERS\klim6.sys\SystemRoot\system32\DRIVERS\netbios.sys\SystemRoot\system32\DRIVERS\wanarp.sys\SystemRoot\system32\DRIVERS\termdd.sys\SystemRoot\system32\DRIVERS\rdbss.sys\SystemRoot\system32\drivers\nsiproxy.sys\SystemRoot\system32\DRIVERS\mssmbios.sys\SystemRoot\system32\DRIVERS\kneps.sys\SystemRoot\System32\drivers\discache.sys\SystemRoot\System32\Drivers\dfsc.sys\SystemRoot\system32\DRIVERS\blbdrive.sys\SystemRoot\system32\DRIVERS\easytthr.sys\SystemRoot\system32\DRIVERS\tunnel.sys\SystemRoot\system32\DRIVERS\amdk8.sys\SystemRoot\system32\DRIVERS\nvlddmkm.sys\SystemRoot\System32\drivers\dxgkrnl.sys\SystemRoot\System32\drivers\dxgmms1.sys\SystemRoot\system32\DRIVERS\HDAudBus.sys\SystemRoot\system32\DRIVERS\usbohci.sys\SystemRoot\system32\DRIVERS\USBPORT.SYS\SystemRoot\system32\DRIVERS\usbehci.sys\SystemRoot\system32\DRIVERS\1394ohci.sys\SystemRoot\system32\DRIVERS\VSTBS26.SYS\SystemRoot\system32\DRIVERS\ks.sys\SystemRoot\system32\DRIVERS\VSTDPV6.SYS\SystemRoot\system32\DRIVERS\VSTCNXT6.SYS\SystemRoot\system32\drivers\modem.sys\SystemRoot\system32\DRIVERS\nvm62x64.sys\SystemRoot\system32\DRIVERS\i8042prt.sys\SystemRoot\system32\DRIVERS\klkbdflt.sys\SystemRoot\system32\DRIVERS\kbdclass.sys\SystemRoot\system32\DRIVERS\CompositeBus.sys\SystemRoot\system32\DRIVERS\AgileVpn.sys\SystemRoot\system32\DRIVERS\rasl2tp.sys\SystemRoot\system32\DRIVERS\ndistapi.sys\SystemRoot\system32\DRIVERS\ndiswan.sys\SystemRoot\system32\DRIVERS\raspppoe.sys\SystemRoot\system32\DRIVERS\raspptp.sys\SystemRoot\system32\DRIVERS\rassstp.sys\SystemRoot\system32\DRIVERS\mouclass.sys\SystemRoot\system32\DRIVERS\mcdbus.sys\SystemRoot\system32\DRIVERS\SCSIPORT.SYS\SystemRoot\system32\DRIVERS\swenum.sys\SystemRoot\system32\DRIVERS\umbus.sys\SystemRoot\system32\DRIVERS\usbhub.sys\SystemRoot\System32\Drivers\NDProxy.SYS\SystemRoot\system32\drivers\HdAudio.sys\SystemRoot\system32\drivers\portcls.sys\SystemRoot\system32\drivers\drmk.sys\SystemRoot\system32\drivers\ksthunk.sys\SystemRoot\system32\DRIVERS\cdfs.sys\SystemRoot\System32\win32k.sys\SystemRoot\System32\drivers\Dxapi.sys\SystemRoot\System32\Drivers\crashdmp.sys\SystemRoot\System32\Drivers\dump_diskdump.sys\SystemRoot\System32\Drivers\dump_nvstor.sys\SystemRoot\System32\Drivers\dump_dumpfve.sys\SystemRoot\system32\DRIVERS\monitor.sys\SystemRoot\System32\TSDDD.dll\SystemRoot\system32\DRIVERS\USBSTOR.SYS\SystemRoot\system32\DRIVERS\USBD.SYS\SystemRoot\System32\cdd.dll\SystemRoot\system32\DRIVERS\hidusb.sys\SystemRoot\system32\DRIVERS\HIDCLASS.SYS\SystemRoot\system32\DRIVERS\HIDPARSE.SYS\SystemRoot\system32\DRIVERS\mouhid.sys\SystemRoot\system32\DRIVERS\klmouflt.sys\SystemRoot\system32\DRIVERS\MijXfilt.sys\SystemRoot\system32\DRIVERS\xusb21.sys\SystemRoot\system32\DRIVERS\kbdhid.sys\SystemRoot\system32\DRIVERS\usbccgp.sys\SystemRoot\system32\DRIVERS\WinUsb.sys\SystemRoot\system32\drivers\luafv.sys\SystemRoot\system32\drivers\WudfPf.sys\SystemRoot\system32\DRIVERS\lltdio.sys\SystemRoot\system32\DRIVERS\rspndr.sys\SystemRoot\system32\drivers\HTTP.sys\SystemRoot\system32\DRIVERS\bowser.sys\SystemRoot\System32\drivers\mpsdrv.sys\SystemRoot\System32\Drivers\fastfat.SYS\SystemRoot\system32\DRIVERS\mrxsmb.sys\SystemRoot\system32\DRIVERS\mrxsmb10.sys\SystemRoot\system32\DRIVERS\mrxsmb20.sys\SystemRoot\system32\DRIVERS\NisDrvWFP.sys\SystemRoot\system32\drivers\peauth.sys\SystemRoot\System32\Drivers\secdrv.SYS\SystemRoot\System32\DRIVERS\srvnet.sys\SystemRoot\System32\drivers\tcpipreg.sys\SystemRoot\System32\DRIVERS\srv2.sys\SystemRoot\System32\DRIVERS\srv.sys\SystemRoot\system32\DRIVERS\WUDFRd.sys\??\C:\Windows\system32\drivers\mbamchameleon.sys\SystemRoot\system32\drivers\spsys.sys\??\C:\Windows\system32\drivers\mbamswissarmy.sys\Windows\System32\ntdll.dll\Windows\System32\smss.exe\Windows\System32\apisetschema.dll\Windows\System32\autochk.exe\Windows\System32\lpk.dll\Windows\System32\wininet.dll\Windows\System32\kernel32.dll\Windows\System32\psapi.dll\Windows\System32\ws2_32.dll\Windows\System32\advapi32.dll\Windows\System32\urlmon.dll\Windows\System32\clbcatq.dll\Windows\System32\normaliz.dll\Windows\System32\user32.dll\Windows\System32\gdi32.dll\Windows\System32\rpcrt4.dll\Windows\System32\imagehlp.dll\Windows\System32\msctf.dll\Windows\System32\shell32.dll\Windows\System32\shlwapi.dll\Windows\System32\msvcrt.dll\Windows\System32\imm32.dll\Windows\System32\Wldap32.dll\Windows\System32\iertutil.dll\Windows\System32\setupapi.dll\Windows\System32\oleaut32.dll\Windows\System32\comdlg32.dll\Windows\System32\sechost.dll\Windows\System32\difxapi.dll\Windows\System32\nsi.dll\Windows\System32\ole32.dll\Windows\System32\usp10.dll\Windows\System32\wintrust.dll\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll\Windows\System32\crypt32.dll\Windows\System32\comctl32.dll\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll\Windows\System32\devobj.dll\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll\Windows\System32\cfgmgr32.dll\Windows\System32\KernelBase.dll\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll\Windows\System32\msasn1.dll\Windows\SysWOW64\normaliz.dll----------- End -----------Done!<<<1>>>Upper Device Name: \Device\Harddisk7\DR7Upper Device Object: 0xfffffa800610d060Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\00000087\Lower Device Object: 0xfffffa8006089060Lower Device Driver Name: \Driver\USBSTOR\<<<1>>>Upper Device Name: \Device\Harddisk6\DR6Upper Device Object: 0xfffffa8006109060Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\00000086\Lower Device Object: 0xfffffa8006103760Lower Device Driver Name: \Driver\USBSTOR\<<<1>>>Upper Device Name: \Device\Harddisk5\DR5Upper Device Object: 0xfffffa8006108060Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\00000085\Lower Device Object: 0xfffffa8006091b60Lower Device Driver Name: \Driver\USBSTOR\<<<1>>>Upper Device Name: \Device\Harddisk4\DR4Upper Device Object: 0xfffffa800610a790Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\00000084\Lower Device Object: 0xfffffa8006085950Lower Device Driver Name: \Driver\USBSTOR\<<<1>>>Upper Device Name: \Device\Harddisk3\DR3Upper Device Object: 0xfffffa8005ffa060Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\00000081\Lower Device Object: 0xfffffa8005fee660Lower Device Driver Name: \Driver\USBSTOR\<<<1>>>Upper Device Name: \Device\Harddisk2\DR2Upper Device Object: 0xfffffa8006014790Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\00000080\Lower Device Object: 0xfffffa8005feeb60Lower Device Driver Name: \Driver\USBSTOR\<<<1>>>Upper Device Name: \Device\Harddisk1\DR1Upper Device Object: 0xfffffa8005d54790Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\00000074\Lower Device Object: 0xfffffa8005b63b60Lower Device Driver Name: \Driver\USBSTOR\<<<1>>>Upper Device Name: \Device\Harddisk0\DR0Upper Device Object: 0xfffffa8004403060Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\00000059\Lower Device Object: 0xfffffa8004241060Lower Device Driver Name: \Driver\nvstor\<<<2>>>Device number: 0, partition: 2Physical Sector Size: 512Drive: 0, DevicePointer: 0xfffffa8004403060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xfffffa8004403b90, DeviceName: Unknown, DriverName: \Driver\partmgr\DevicePointer: 0xfffffa8004403060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\DevicePointer: 0xfffffa80042b9a60, DeviceName: Unknown, DriverName: \Driver\ACPI\DevicePointer: 0xfffffa8004241060, DeviceName: \Device\00000059\, DriverName: \Driver\nvstor\------------ End ----------Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\Upper DeviceData: 0x0, 0x0, 0x0Lower DeviceData: 0x0, 0x0, 0x0<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes<<<2>>>Device number: 0, partition: 2<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesScanning drivers directory: C:\Windows\system32\drivers...<<<2>>>Device number: 0, partition: 2<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesDone!Drive 0Scanning MBR on drive 0...Inspecting partition table:MBR Signature: 55AADisk Signature: 8000000 Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 2048 Numsec = 204800 Partition file system is NTFS Partition is bootable Partition 1 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 206848 Numsec = 488069120 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 249998918144 bytesSector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-2047-488259137-488279137)...Done!Physical Sector Size: 512Drive: 1, DevicePointer: 0xfffffa8005d54790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xfffffa8005b6ab90, DeviceName: Unknown, DriverName: \Driver\partmgr\DevicePointer: 0xfffffa8005d54790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\DevicePointer: 0xfffffa8005b63b60, DeviceName: \Device\00000074\, DriverName: \Driver\USBSTOR\------------ End ----------Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\Upper DeviceData: 0x0, 0x0, 0x0Lower DeviceData: 0x0, 0x0, 0x0Drive 1Scanning MBR on drive 1...Inspecting partition table:MBR Signature: 55AADisk Signature: 1C231B8D Partition information: Partition 0 type is Other (0x6) Partition is NOT ACTIVE. Partition starts at LBA: 1504 Numsec = 3889696 Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 1992294400 bytesSector size: 512 bytes Done!Physical Sector Size: 512Drive: 2, DevicePointer: 0xfffffa8006014790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xfffffa800600ab90, DeviceName: Unknown, DriverName: \Driver\partmgr\DevicePointer: 0xfffffa8006014790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\DevicePointer: 0xfffffa8005feeb60, DeviceName: \Device\00000080\, DriverName: \Driver\USBSTOR\------------ End ----------Alternate DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\Upper DeviceData: 0x0, 0x0, 0x0Lower DeviceData: 0x0, 0x0, 0x0Drive 2Scanning MBR on drive 2...Inspecting partition table:MBR Signature: 55AADisk Signature: 0 Partition information: Partition 0 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 8603435008 bytesSector size: 512 bytes Done!Physical Sector Size: 512Drive: 3, DevicePointer: 0xfffffa8005ffa060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xfffffa800600db90, DeviceName: Unknown, DriverName: \Driver\partmgr\DevicePointer: 0xfffffa8005ffa060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\DevicePointer: 0xfffffa8005fee660, DeviceName: \Device\00000081\, DriverName: \Driver\USBSTOR\------------ End ----------Alternate DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\Upper DeviceData: 0x0, 0x0, 0x0Lower DeviceData: 0x0, 0x0, 0x0Drive 3Scanning MBR on drive 3...Inspecting partition table:MBR Signature: 55AADisk Signature: 0 Partition information: Partition 0 type is Other (0xc) Partition is ACTIVE. Partition starts at LBA: 2048 Numsec = 31114240 Partition file system is FAT32 Partition is not bootable Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 15931539456 bytesSector size: 512 bytes Done!Physical Sector Size: 0Drive: 4, DevicePointer: 0xfffffa800610a790, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xfffffa8006107970, DeviceName: Unknown, DriverName: \Driver\partmgr\DevicePointer: 0xfffffa800610a790, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\DevicePointer: 0xfffffa8006085950, DeviceName: \Device\00000084\, DriverName: \Driver\USBSTOR\------------ End ----------Physical Sector Size: 0Drive: 5, DevicePointer: 0xfffffa8006108060, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xfffffa800610bb90, DeviceName: Unknown, DriverName: \Driver\partmgr\DevicePointer: 0xfffffa8006108060, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\DevicePointer: 0xfffffa8006091b60, DeviceName: \Device\00000085\, DriverName: \Driver\USBSTOR\------------ End ----------Physical Sector Size: 0Drive: 6, DevicePointer: 0xfffffa8006109060, DeviceName: \Device\Harddisk6\DR6\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xfffffa8006108b90, DeviceName: Unknown, DriverName: \Driver\partmgr\DevicePointer: 0xfffffa8006109060, DeviceName: \Device\Harddisk6\DR6\, DriverName: \Driver\Disk\DevicePointer: 0xfffffa8006103760, DeviceName: \Device\00000086\, DriverName: \Driver\USBSTOR\------------ End ----------Physical Sector Size: 0Drive: 7, DevicePointer: 0xfffffa800610d060, DeviceName: \Device\Harddisk7\DR7\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xfffffa8006109b90, DeviceName: Unknown, DriverName: \Driver\partmgr\DevicePointer: 0xfffffa800610d060, DeviceName: \Device\Harddisk7\DR7\, DriverName: \Driver\Disk\DevicePointer: 0xfffffa8006089060, DeviceName: \Device\00000087\, DriverName: \Driver\USBSTOR\------------ End ----------Scan finished======================================= Removal queue found; removal startedRemoving c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_0_2048_i.mbam...Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_1_i.mbam...Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_1_r.mbam...Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_2_i.mbam...Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_2_r.mbam...Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_3_i.mbam...Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_3_0_2048_i.mbam...Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_3_r.mbam...Removal finished Malwarebytes Anti-Rootkit BETA 1.06.0.1004www.malwarebytes.org Database version: v2013.07.30.08 Windows 7 Service Pack 1 x64 NTFSInternet Explorer 10.0.9200.16635user :: BUYME [administrator] 7/30/2013 2:29:35 PMmbar-log-2013-07-30 (14-29-35).txt Scan type: Quick scanScan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2PScan options disabled: PUPObjects scanned: 240611Time elapsed: 11 minute(s), 40 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 1HKCU\SOFTWARE\DC3_FEXEC (Malware.Trace) -> Delete on reboot. Registry Values Detected: 0(No malicious items detected) Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 1c:\Users\user\AppData\Roaming\dclogs (Stolen.Data) -> Delete on reboot. Files Detected: 5c:\Users\user\AppData\Local\Temp\aeuwonpn.dll (Trojan.MSIL.Inject) -> Delete on reboot.c:\Users\user\AppData\Local\Temp\pmd9vklq.dll (Trojan.MSIL.Inject) -> Delete on reboot.c:\Users\user\AppData\Local\Temp\atqq_4yx.dll (Trojan.MSIL.Inject) -> Delete on reboot.c:\Users\user\AppData\Roaming\dclogs\2013-04-23-3.dc (Stolen.Data) -> Delete on reboot.c:\Users\user\AppData\Local\Temp\AppLaunch\msnmsgr.exe (Trojan.Agent) -> Delete on reboot. Physical Sectors Detected: 0(No malicious items detected) (end) Malwarebytes Anti-Rootkit BETA 1.06.0.1004www.malwarebytes.org Database version: v2013.07.30.08 Windows 7 Service Pack 1 x64 NTFSInternet Explorer 10.0.9200.16635user :: BUYME [administrator] 7/30/2013 2:45:55 PMmbar-log-2013-07-30 (14-45-55).txt Scan type: Quick scanScan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2PScan options disabled: PUPObjects scanned: 240489Time elapsed: 11 minute(s), 53 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 0(No malicious items detected) Registry Values Detected: 0(No malicious items detected) Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 0(No malicious items detected) Files Detected: 0(No malicious items detected) Physical Sectors Detected: 0(No malicious items detected) (end) Link to post Share on other sites More sharing options...
ThottiePippen Posted July 30, 2013 Author ID:708935 Share Posted July 30, 2013 Junkware Removal Tool wouldn't run. Link to post Share on other sites More sharing options...
ThottiePippen Posted July 30, 2013 Author ID:708936 Share Posted July 30, 2013 Here are my Adw Cleaner Logs # AdwCleaner v2.306 - Logfile created 07/30/2013 at 15:08:56# Updated 19/07/2013 by Xplode# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)# User : user - BUYME# Boot Mode : Normal# Running from : C:\Users\user\Downloads\AdwCleaner.exe# Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** Deleted on reboot : C:\ProgramData\BabylonDeleted on reboot : C:\ProgramData\Tarma InstallerFile Deleted : C:\ENDFile Deleted : C:\Windows\Tasks\DSite.job ***** [Registry] ***** Key Deleted : HKCU\Software\BabylonToolbarKey Deleted : HKCU\Software\DataMngrKey Deleted : HKCU\Software\InstallCoreKey Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Deleted : HKCU\Software\PrivitizeVPNInstallDatesKey Deleted : HKCU\Software\SoftonicKey Deleted : HKCU\Software\StartSearchKey Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}Key Deleted : HKLM\Software\BabylonKey Deleted : HKLM\SOFTWARE\Classes\Prod.capKey Deleted : HKLM\Software\DataMngrKey Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Deleted : HKLM\SOFTWARE\Tarma Installer ***** [internet Browsers] ***** -\\ Internet Explorer v10.0.9200.16635 [OK] Registry is clean. -\\ Google Chrome v28.0.1500.72 ************************* AdwCleaner[s1].txt - [2025 octets] - [30/07/2013 15:08:56] ########## EOF - C:\AdwCleaner[s1].txt - [2085 octets] ########## Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted July 31, 2013 Root Admin ID:709058 Share Posted July 31, 2013 Please go here to run the online antivirus scannner from ESET.Turn off the real time scanner of any existing antivirus program while performing the online scan Tick the box next to YES, I accept the Terms of Use. Click Start When asked, allow the activex control to install Click Start Make sure that the option Remove found threats is unticked Click on Advanced Settings and ensure these options are ticked:Scan for potentially unwanted applications Scan for potentially unsafe applications Enable Anti-Stealth Technology [*]Click Scan [*]Wait for the scan to finish [*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic. Link to post Share on other sites More sharing options...
ThottiePippen Posted July 31, 2013 Author ID:709063 Share Posted July 31, 2013 I just ran the ESET standalone scanner and it did not find any threats. I cannot run the online scanner because I am using an unsupported browser (Google Chrome). I cannot start Internet Explorer. It opens for a few seconds then it closes. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted July 31, 2013 Root Admin ID:709067 Share Posted July 31, 2013 Okay, no problem. Please visit this webpage and read the ComboFix User's Guide:Once you've read the article and are ready to use the program you can download it directly from the link below.Important! - Please make sure you save combofix to your desktop and do not run it from your browserDirect download link for: ComboFix.exePlease make sure you disable your security applications before running ComboFix.Once Combofix has completed it will produce and open a log file. Please be patient as it can take some time to load.Please attach that log file to your next reply.If needed the file can be located here: C:\combofix.txtNOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer. Link to post Share on other sites More sharing options...
ThottiePippen Posted July 31, 2013 Author ID:709086 Share Posted July 31, 2013 I cannot Export to text file but this is what ESET scanner found. C:\MGtools\Process.exe Win32/PrcView applicationC:\Program Files\Perfect Uninstaller\PU.exe a variant of Win32/PerfectUninstaller applicationC:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll a variant of Win32/Adware.Yontoo.B applicationC:\Users\All Users\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll a variant of Win32/Adware.Yontoo.B applicationC:\Users\user\Downloads\burrrn_v114_beta2zip.exe a variant of Win32/OpenInstall application Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted July 31, 2013 Root Admin ID:709088 Share Posted July 31, 2013 None of those are going to cause anything severe. Please proceed and run Combofix. Link to post Share on other sites More sharing options...
ThottiePippen Posted July 31, 2013 Author ID:709090 Share Posted July 31, 2013 This is my Combofix Log ComboFix 13-07-30.05 - user 07/30/2013 23:12:39.1.2 - x64Running from: c:\users\user\Downloads\Malware Removal\ComboFix.exe * Created a new restore point..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\windows\TEMP\ammemb.dllc:\windows\Temp\ammemb64.dll..((((((((((((((((((((((((( Files Created from 2013-06-28 to 2013-07-31 )))))))))))))))))))))))))))))))..2013-07-31 03:18 . 2013-07-31 03:18 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp2013-07-31 03:18 . 2013-07-31 03:18 -------- d-----w- c:\users\Default\AppData\Local\temp2013-07-30 22:14 . 2013-07-30 22:17 -------- d-----w- C:\MGtools2013-07-30 22:01 . 2013-07-30 22:11 -------- d-----w- c:\programdata\HitmanPro2013-07-30 21:34 . 2013-07-30 21:34 -------- d-----w- c:\program files\CCleaner2013-07-30 19:17 . 2013-07-30 19:17 -------- d-----w- c:\program files (x86)\ESET2013-07-30 19:09 . 2013-07-30 19:09 136 ----a-w- c:\windows\DeleteOnReboot.bat2013-07-30 18:26 . 2013-07-30 18:26 -------- d-----w- c:\program files (x86)\ERUNT2013-07-30 00:39 . 2013-07-30 00:39 -------- d-----w- c:\users\user\AppData\Roaming\Malwarebytes2013-07-30 00:39 . 2013-07-30 00:39 -------- d-----w- c:\programdata\Malwarebytes2013-07-30 00:39 . 2013-07-30 17:46 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware2013-07-30 00:39 . 2013-04-04 18:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys2013-07-29 18:24 . 2013-07-29 18:24 -------- d-----w- c:\users\user\AppData\Roaming\CleanMyPC Software2013-07-29 18:21 . 2013-07-29 18:21 -------- d-----w- c:\program files (x86)\CleanMyPC2013-07-29 18:16 . 2013-07-29 18:16 941720 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6803ED18-AFBA-41AF-9B3D-78A2E4A014D8}\gapaengine.dll2013-07-29 18:16 . 2013-07-02 05:34 9460976 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D37528BE-B96C-4021-9AA8-98CCF0D67919}\mpengine.dll2013-07-29 18:07 . 2013-07-29 18:07 -------- d-----w- c:\program files (x86)\Microsoft Security Client2013-07-29 18:07 . 2013-07-29 18:08 -------- d-----w- c:\program files\Microsoft Security Client2013-07-29 17:49 . 2013-07-29 17:50 -------- d-----w- c:\program files\Perfect Uninstaller2013-07-28 23:15 . 2013-07-28 23:15 -------- d-----w- c:\windows\ehome2013-07-28 23:15 . 2013-07-28 23:15 -------- d-----w- c:\users\Default\AppData\Roaming\Media Center Programs2013-07-28 22:46 . 2013-07-28 22:46 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll2013-07-28 22:46 . 2013-07-28 22:46 -------- d-----w- c:\program files (x86)\Java2013-07-28 20:11 . 2013-07-28 20:11 -------- d-----w- c:\users\user\AppData\Roaming\Ashampoo2013-07-28 20:03 . 2013-07-28 20:11 -------- d-----w- c:\users\user\AppData\Local\ashampoo2013-07-28 20:03 . 2013-07-28 20:03 -------- d-----w- c:\programdata\ashampoo2013-07-28 20:02 . 2013-07-28 20:02 -------- d-----w- c:\program files (x86)\Ashampoo2013-07-28 01:23 . 2012-11-16 01:06 458584 ----a-w- c:\windows\system32\drivers\SET3631.tmp2013-07-28 01:23 . 2013-02-21 18:44 89944 ----a-w- c:\windows\system32\drivers\SET1D93.tmp2013-07-28 01:23 . 2013-02-21 18:44 613720 ----a-w- c:\windows\system32\drivers\SET19BB.tmp2013-07-27 21:29 . 2013-07-28 01:23 -------- d-----w- c:\program files (x86)\CheckPoint2013-07-27 21:29 . 2013-07-27 21:29 -------- d-----w- c:\programdata\CheckPoint2013-07-27 21:23 . 2009-12-30 15:21 31800 ----a-w- c:\windows\system32\drivers\revoflt.sys2013-07-27 21:05 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll2013-07-27 21:05 . 2013-04-02 22:51 1643520 ----a-w- c:\windows\system32\DWrite.dll2013-07-27 21:03 . 2013-07-02 08:34 9460976 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6446C2DD-53DD-49E6-9A8B-85DA3F160CA7}\mpengine.dll2013-07-27 21:02 . 2013-06-05 03:34 3153920 ----a-w- c:\windows\system32\win32k.sys2013-07-27 21:02 . 2013-04-10 05:48 1732608 ----a-w- c:\program files\Windows Journal\NBDoc.DLL2013-07-27 21:02 . 2013-04-10 05:46 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll2013-07-27 21:02 . 2013-04-10 05:46 1393152 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll2013-07-27 21:02 . 2013-04-10 05:46 1367040 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll2013-07-27 21:02 . 2013-04-10 05:03 936448 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll2013-07-27 20:58 . 2013-07-27 20:58 -------- d-----w- c:\program files\Mobile Stream2013-07-27 20:58 . 2013-03-11 22:51 21704 ----a-w- c:\windows\system32\drivers\easytthr.sys2013-07-27 20:58 . 2013-07-27 20:58 -------- d-----w- c:\programdata\Package Cache2013-07-22 20:47 . 2013-05-27 05:50 1011712 ----a-w- c:\program files\Windows Defender\MpSvc.dll2013-07-22 20:47 . 2013-05-27 05:50 571904 ----a-w- c:\program files\Windows Defender\MpClient.dll2013-07-22 20:47 . 2013-05-27 05:50 314880 ----a-w- c:\program files\Windows Defender\MpCommu.dll2013-07-22 20:47 . 2013-05-27 04:57 392704 ----a-w- c:\program files (x86)\Windows Defender\MpClient.dll2013-07-22 20:47 . 2013-05-27 04:57 4608 ----a-w- c:\program files (x86)\Windows Defender\MsMpLics.dll2013-07-22 20:47 . 2013-05-27 04:57 54784 ----a-w- c:\program files (x86)\Windows Defender\MpOAV.dll2013-07-22 20:47 . 2013-05-27 03:15 9216 ----a-w- c:\program files (x86)\Windows Defender\MpAsDesc.dll2013-07-22 20:47 . 2013-06-04 06:00 624128 ----a-w- c:\windows\system32\qedit.dll2013-07-22 20:47 . 2013-06-04 04:53 509440 ----a-w- c:\windows\SysWow64\qedit.dll2013-07-22 20:47 . 2013-05-06 06:03 1887744 ----a-w- c:\windows\system32\WMVDECOD.DLL2013-07-22 20:47 . 2013-05-06 04:56 1620480 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL2013-07-22 19:34 . 2013-07-22 19:34 -------- d-----w- c:\program files (x86)\PCSX2 1.0.02013-07-20 22:28 . 2013-07-30 21:36 -------- dc----w- c:\users\user\AppData\Local\MigWiz2013-07-19 20:03 . 2013-07-19 20:03 -------- d-----w- c:\programdata\Ubisoft2013-07-19 19:25 . 2013-07-19 19:25 -------- d-----w- c:\program files (x86)\Ubisoft2013-07-15 23:26 . 2013-07-16 00:41 -------- d-----w- C:\Games...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-07-28 22:46 . 2013-02-07 17:00 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll2013-07-28 22:46 . 2013-02-07 17:00 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll2013-06-24 04:57 . 2013-01-28 01:49 78277128 ----a-w- c:\windows\system32\MRT.exe2013-06-19 01:50 . 2013-06-19 01:50 247216 ----a-w- c:\windows\system32\drivers\MpFilter.sys2013-06-19 01:50 . 2013-06-19 01:50 139616 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys2013-06-13 20:34 . 2013-06-13 20:34 451096 ----a-w- c:\windows\system32\drivers\vsdatant.sys2013-05-13 05:51 . 2013-06-26 18:00 184320 ----a-w- c:\windows\system32\cryptsvc.dll2013-05-13 05:51 . 2013-06-26 18:00 1464320 ----a-w- c:\windows\system32\crypt32.dll2013-05-13 05:51 . 2013-06-26 18:00 139776 ----a-w- c:\windows\system32\cryptnet.dll2013-05-13 05:50 . 2013-06-26 18:00 52224 ----a-w- c:\windows\system32\certenc.dll2013-05-13 04:45 . 2013-06-26 18:00 1160192 ----a-w- c:\windows\SysWow64\crypt32.dll2013-05-13 04:45 . 2013-06-26 18:00 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll2013-05-13 04:45 . 2013-06-26 18:00 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll2013-05-13 03:43 . 2013-06-26 18:00 1192448 ----a-w- c:\windows\system32\certutil.exe2013-05-13 03:08 . 2013-06-26 18:00 903168 ----a-w- c:\windows\SysWow64\certutil.exe2013-05-13 03:08 . 2013-06-26 18:00 43008 ----a-w- c:\windows\SysWow64\certenc.dll2013-05-08 06:39 . 2013-06-26 18:00 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys2013-05-02 15:29 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]2013-05-25 00:36 130736 ----a-w- c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]2013-05-25 00:36 130736 ----a-w- c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]2013-05-25 00:36 130736 ----a-w- c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2013-04-24 802136]"Actual Multiple Monitors"="c:\program files (x86)\Actual Multiple Monitors\ActualMultipleMonitorsCenter.exe" [2011-11-23 1495880]"EasyTether"="c:\program files\Mobile Stream\EasyTether\easytthr.exe" [2013-03-11 57128]"Registry Cleaner Scheduler"="c:\program files (x86)\CleanMyPC\Registry Cleaner\RCHelper.exe" [2013-07-29 471650].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe" [2012-05-31 218880]"ZoneAlarm"="c:\program files (x86)\CheckPoint\ZoneAlarm\zatray.exe" [2013-06-20 73832]"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816].c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk - c:\users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-24 27776968]MagicDisc.lnk - c:\program files (x86)\MagicDisc\MagicDisc.exe [2013-6-25 576000].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]"LoadAppInit_DLLs"=1 (0x1).[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]"aux4"=wdmaud.drv.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]@="Service".[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]"DisableMonitoring"=dword:00000001.R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe;c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe;c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys;c:\windows\SYSNATIVE\DRIVERS\revoflt.sys [x]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x]S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys;c:\windows\SYSNATIVE\DRIVERS\kltdi.sys [x]S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys;c:\windows\SYSNATIVE\DRIVERS\kneps.sys [x]S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]S2 ZAPrivacyService;ZoneAlarm Privacy Service;c:\program files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe;c:\program files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [x]S3 easytether;easytether;c:\windows\system32\DRIVERS\easytthr.sys;c:\windows\SYSNATIVE\DRIVERS\easytthr.sys [x]S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\klkbdflt.sys [x]S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x]S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys;c:\windows\SYSNATIVE\DRIVERS\MijXfilt.sys [x]S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]S3 VST64_DPV;VST64_DPV;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]S3 VST64HWBS2;VST64HWBS2;c:\windows\system32\DRIVERS\VSTBS26.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTBS26.SYS [x]..--- Other Services/Drivers In Memory ---.*NewlyCreated* - WS2IFSL.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2013-07-28 20:50 1173456 ----a-w- c:\program files (x86)\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe.Contents of the 'Scheduled Tasks' folder.2013-07-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-29 14:54].2013-07-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-29 14:54].2013-07-31 c:\windows\Tasks\WpsUpdateTask_user.job- c:\program files (x86)\Kingsoft\Kingsoft Spreadsheets\office6\wpsupdate.exe [2011-11-03 16:00]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]2013-05-25 00:36 164016 ----a-w- c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]2013-05-25 00:36 164016 ----a-w- c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]2013-05-25 00:36 164016 ----a-w- c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]2013-05-25 00:36 164016 ----a-w- c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-07-19 1356240].------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmmLocal Page = c:\windows\SysWOW64\blank.htmTCP: DhcpNameServer = 8.8.8.8 8.8.4.4.- - - - ORPHANS REMOVED - - - -.HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start...--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]@Denied: (2) (LocalSystem)"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc, 1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07, 72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93, aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db, df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd"{73455575-E40C-433C-9784-C78DC7761455}"=hex:51,66,7a,6c,4c,1d,38,12,1b,56,56, 77,3e,aa,52,06,e8,92,84,cd,c2,28,50,41"{9E6D0D23-3D72-4A94-AE1F-2D167624E3D9}"=hex:51,66,7a,6c,4c,1d,38,12,4d,0e,7e, 9a,40,73,fa,0f,d1,09,6e,56,73,7a,a7,cd"{E33CF602-D945-461A-83F0-819F76A199F8}"=hex:51,66,7a,6c,4c,1d,38,12,6c,f5,2f, e7,77,97,74,03,fc,e6,c2,df,73,ff,dd,ec"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16, fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9, b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b.[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]@Denied: (2) (LocalSystem)"Timestamp"=hex:10,e2,b7,b1,d5,71,ce,01.[HKEY_USERS\S-1-5-21-1415280773-1473236903-632062529-1000\Software\SecuROM\License information*]"datasecu"=hex:ca,63,7f,f5,9a,07,6f,94,be,97,f6,ac,9c,14,fb,a2,60,1c,67,3d,83, fd,15,86,02,60,45,81,00,44,ba,c2,a2,7e,1f,a0,4a,17,5a,b3,25,9a,41,7c,b8,ec,\"rkeysecu"=hex:61,a0,ee,d7,d3,28,fd,f0,f0,d7,1e,47,02,a1,00,19.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]@="?????????????????? v1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]@="?????????????????? v2".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).------------------------ Other Running Processes ------------------------.c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exec:\program files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe.**************************************************************************.Completion time: 2013-07-30 23:24:37 - machine was rebootedComboFix-quarantined-files.txt 2013-07-31 03:24.Pre-Run: 105,447,346,176 bytes freePost-Run: 105,329,328,128 bytes free.- - End Of File - - 46A6FB89B39D19291742A4D44A3653D1A36C5E4F47E84449FF07ED3517B43A31 Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted July 31, 2013 Root Admin ID:709092 Share Posted July 31, 2013 Please do not use the Registry cleaner from this program CleanMyPC - if it were my own computer I'd fully unistall this un-needed software.Do I need a Windows Registry Cleaner?Please disable your Kaspersky antivirus completely temporarily.Aso disable your uTorrent from loading as well as the Registry Cleaner Scheduler Snake Oil from CleanMyPC (if it hasn't already damaged your PC)[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2013-04-24 802136]"Actual Multiple Monitors"="c:\program files (x86)\Actual Multiple Monitors\ActualMultipleMonitorsCenter.exe" [2011-11-23 1495880]"EasyTether"="c:\program files\Mobile Stream\EasyTether\easytthr.exe" [2013-03-11 57128]"Registry Cleaner Scheduler"="c:\program files (x86)\CleanMyPC\Registry Cleaner\RCHelper.exe" [2013-07-29 471650]Then do the following and once installation of MBAM is done make sure to setup exclusions in Kaspersky as well as enabling it again.MBAM Clean Removal ProcessLet me know how that goesAlso... why are you using Zone Alarm when Kaspersky already has an integrated Firewall ? Link to post Share on other sites More sharing options...
ThottiePippen Posted July 31, 2013 Author ID:709095 Share Posted July 31, 2013 I attempted to uninstall Kaspersky a few months ago but it always runs at startup. It appears I cannot delete the leftover files. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted July 31, 2013 Root Admin ID:709096 Share Posted July 31, 2013 Please see the post here for assistance on removing Kaspersky or similar programs. http://forums.malwarebytes.org/index.php?showtopic=127580 Link to post Share on other sites More sharing options...
ThottiePippen Posted July 31, 2013 Author ID:709100 Share Posted July 31, 2013 MBAM was ran successfully. Link to post Share on other sites More sharing options...
ThottiePippen Posted July 31, 2013 Author ID:709102 Share Posted July 31, 2013 I have tried to use the Kaspersky software removal tool. It did not work. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted July 31, 2013 Root Admin ID:709109 Share Posted July 31, 2013 Click on Vista Start button.Locate the Command Prompt menu item (buried deep inside Accessories under All Programs or appear on program access history).Right click on Command Prompt.On the pop-up right click context menu, select "Run as Administrator"Then in the DOS command prompt type the following and press the Enter key for each one, line by line.You should ket a success message for each one, the exact spelling is important. If not let me know what you get.SC DELETE gupdateSC DELETE gupdatemSC DELETE KLIM6SC DELETE kltdiSC DELETE knepsSC DELETE klkbdfltSC DELETE klmoufltIf you do get a success for all of them then restart the computer and run Combofix one more time and post back the new log. Link to post Share on other sites More sharing options...
ThottiePippen Posted July 31, 2013 Author ID:709222 Share Posted July 31, 2013 I got a success for all. Heres my Combofix log: ComboFix 13-07-31.02 - user 07/31/2013 9:59.2.2 - x64Running from: c:\users\user\Downloads\Malware Removal\ComboFix.exe * Created a new restore point..((((((((((((((((((((((((( Files Created from 2013-06-28 to 2013-07-31 )))))))))))))))))))))))))))))))..2013-07-31 14:05 . 2013-07-31 14:05 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp2013-07-31 14:05 . 2013-07-31 14:05 -------- d-----w- c:\users\Default\AppData\Local\temp2013-07-31 03:42 . 2013-07-15 07:34 9460976 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C8456AE1-930D-40E3-A7CA-442D7966CA21}\mpengine.dll2013-07-30 22:14 . 2013-07-30 22:17 -------- d-----w- C:\MGtools2013-07-30 22:01 . 2013-07-30 22:11 -------- d-----w- c:\programdata\HitmanPro2013-07-30 21:34 . 2013-07-30 21:34 -------- d-----w- c:\program files\CCleaner2013-07-30 19:17 . 2013-07-30 19:17 -------- d-----w- c:\program files (x86)\ESET2013-07-30 19:09 . 2013-07-30 19:09 136 ----a-w- c:\windows\DeleteOnReboot.bat2013-07-30 18:26 . 2013-07-30 18:26 -------- d-----w- c:\program files (x86)\ERUNT2013-07-29 18:24 . 2013-07-29 18:24 -------- d-----w- c:\users\user\AppData\Roaming\CleanMyPC Software2013-07-29 18:21 . 2013-07-29 18:21 -------- d-----w- c:\program files (x86)\CleanMyPC2013-07-29 18:16 . 2013-07-29 18:16 941720 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6803ED18-AFBA-41AF-9B3D-78A2E4A014D8}\gapaengine.dll2013-07-29 18:07 . 2013-07-29 18:07 -------- d-----w- c:\program files (x86)\Microsoft Security Client2013-07-29 18:07 . 2013-07-29 18:08 -------- d-----w- c:\program files\Microsoft Security Client2013-07-29 17:49 . 2013-07-29 17:50 -------- d-----w- c:\program files\Perfect Uninstaller2013-07-28 23:15 . 2013-07-28 23:15 -------- d-----w- c:\windows\ehome2013-07-28 23:15 . 2013-07-28 23:15 -------- d-----w- c:\users\Default\AppData\Roaming\Media Center Programs2013-07-28 22:46 . 2013-07-28 22:46 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll2013-07-28 22:46 . 2013-07-28 22:46 -------- d-----w- c:\program files (x86)\Java2013-07-28 20:11 . 2013-07-28 20:11 -------- d-----w- c:\users\user\AppData\Roaming\Ashampoo2013-07-28 20:03 . 2013-07-28 20:11 -------- d-----w- c:\users\user\AppData\Local\ashampoo2013-07-28 20:03 . 2013-07-28 20:03 -------- d-----w- c:\programdata\ashampoo2013-07-28 20:02 . 2013-07-28 20:02 -------- d-----w- c:\program files (x86)\Ashampoo2013-07-28 01:23 . 2012-11-16 01:06 458584 ----a-w- c:\windows\system32\drivers\SET3631.tmp2013-07-28 01:23 . 2013-02-21 18:44 89944 ----a-w- c:\windows\system32\drivers\SET1D93.tmp2013-07-28 01:23 . 2013-02-21 18:44 613720 ----a-w- c:\windows\system32\drivers\SET19BB.tmp2013-07-27 21:29 . 2013-07-28 01:23 -------- d-----w- c:\program files (x86)\CheckPoint2013-07-27 21:29 . 2013-07-27 21:29 -------- d-----w- c:\programdata\CheckPoint2013-07-27 21:23 . 2009-12-30 15:21 31800 ----a-w- c:\windows\system32\drivers\revoflt.sys2013-07-27 21:05 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll2013-07-27 21:05 . 2013-04-02 22:51 1643520 ----a-w- c:\windows\system32\DWrite.dll2013-07-27 21:03 . 2013-07-02 08:34 9460976 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6446C2DD-53DD-49E6-9A8B-85DA3F160CA7}\mpengine.dll2013-07-27 21:02 . 2013-06-05 03:34 3153920 ----a-w- c:\windows\system32\win32k.sys2013-07-27 21:02 . 2013-04-10 05:48 1732608 ----a-w- c:\program files\Windows Journal\NBDoc.DLL2013-07-27 21:02 . 2013-04-10 05:46 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll2013-07-27 21:02 . 2013-04-10 05:46 1393152 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll2013-07-27 21:02 . 2013-04-10 05:46 1367040 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll2013-07-27 21:02 . 2013-04-10 05:03 936448 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll2013-07-27 20:58 . 2013-07-27 20:58 -------- d-----w- c:\program files\Mobile Stream2013-07-27 20:58 . 2013-03-11 22:51 21704 ----a-w- c:\windows\system32\drivers\easytthr.sys2013-07-27 20:58 . 2013-07-27 20:58 -------- d-----w- c:\programdata\Package Cache2013-07-22 20:47 . 2013-05-27 05:50 1011712 ----a-w- c:\program files\Windows Defender\MpSvc.dll2013-07-22 20:47 . 2013-05-27 05:50 571904 ----a-w- c:\program files\Windows Defender\MpClient.dll2013-07-22 20:47 . 2013-05-27 05:50 314880 ----a-w- c:\program files\Windows Defender\MpCommu.dll2013-07-22 20:47 . 2013-05-27 04:57 392704 ----a-w- c:\program files (x86)\Windows Defender\MpClient.dll2013-07-22 20:47 . 2013-05-27 04:57 4608 ----a-w- c:\program files (x86)\Windows Defender\MsMpLics.dll2013-07-22 20:47 . 2013-05-27 04:57 54784 ----a-w- c:\program files (x86)\Windows Defender\MpOAV.dll2013-07-22 20:47 . 2013-05-27 03:15 9216 ----a-w- c:\program files (x86)\Windows Defender\MpAsDesc.dll2013-07-22 20:47 . 2013-06-04 06:00 624128 ----a-w- c:\windows\system32\qedit.dll2013-07-22 20:47 . 2013-06-04 04:53 509440 ----a-w- c:\windows\SysWow64\qedit.dll2013-07-22 20:47 . 2013-05-06 06:03 1887744 ----a-w- c:\windows\system32\WMVDECOD.DLL2013-07-22 20:47 . 2013-05-06 04:56 1620480 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL2013-07-22 19:34 . 2013-07-22 19:34 -------- d-----w- c:\program files (x86)\PCSX2 1.0.02013-07-20 22:28 . 2013-07-30 21:36 -------- dc----w- c:\users\user\AppData\Local\MigWiz2013-07-19 20:03 . 2013-07-19 20:03 -------- d-----w- c:\programdata\Ubisoft2013-07-19 19:25 . 2013-07-19 19:25 -------- d-----w- c:\program files (x86)\Ubisoft2013-07-15 23:26 . 2013-07-16 00:41 -------- d-----w- C:\Games...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-07-28 22:46 . 2013-02-07 17:00 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll2013-07-28 22:46 . 2013-02-07 17:00 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll2013-06-24 04:57 . 2013-01-28 01:49 78277128 ----a-w- c:\windows\system32\MRT.exe2013-06-19 01:50 . 2013-06-19 01:50 247216 ----a-w- c:\windows\system32\drivers\MpFilter.sys2013-06-19 01:50 . 2013-06-19 01:50 139616 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys2013-06-13 20:34 . 2013-06-13 20:34 451096 ----a-w- c:\windows\system32\drivers\vsdatant.sys2013-05-13 05:51 . 2013-06-26 18:00 184320 ----a-w- c:\windows\system32\cryptsvc.dll2013-05-13 05:51 . 2013-06-26 18:00 1464320 ----a-w- c:\windows\system32\crypt32.dll2013-05-13 05:51 . 2013-06-26 18:00 139776 ----a-w- c:\windows\system32\cryptnet.dll2013-05-13 05:50 . 2013-06-26 18:00 52224 ----a-w- c:\windows\system32\certenc.dll2013-05-13 04:45 . 2013-06-26 18:00 1160192 ----a-w- c:\windows\SysWow64\crypt32.dll2013-05-13 04:45 . 2013-06-26 18:00 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll2013-05-13 04:45 . 2013-06-26 18:00 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll2013-05-13 03:43 . 2013-06-26 18:00 1192448 ----a-w- c:\windows\system32\certutil.exe2013-05-13 03:08 . 2013-06-26 18:00 903168 ----a-w- c:\windows\SysWow64\certutil.exe2013-05-13 03:08 . 2013-06-26 18:00 43008 ----a-w- c:\windows\SysWow64\certenc.dll2013-05-08 06:39 . 2013-06-26 18:00 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys2013-05-02 15:29 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]2013-05-25 00:36 130736 ----a-w- c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]2013-05-25 00:36 130736 ----a-w- c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]2013-05-25 00:36 130736 ----a-w- c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2013-04-24 802136]"Actual Multiple Monitors"="c:\program files (x86)\Actual Multiple Monitors\ActualMultipleMonitorsCenter.exe" [2011-11-23 1495880]"EasyTether"="c:\program files\Mobile Stream\EasyTether\easytthr.exe" [2013-03-11 57128]"Registry Cleaner Scheduler"="c:\program files (x86)\CleanMyPC\Registry Cleaner\RCHelper.exe" [2013-07-29 471650].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe" [2012-05-31 218880]"ZoneAlarm"="c:\program files (x86)\CheckPoint\ZoneAlarm\zatray.exe" [2013-06-20 73832]"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816].c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk - c:\users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-24 27776968]MagicDisc.lnk - c:\program files (x86)\MagicDisc\MagicDisc.exe [2013-6-25 576000].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]"LoadAppInit_DLLs"=1 (0x1).[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]"aux4"=wdmaud.drv.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]@="Service".[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]"DisableMonitoring"=dword:00000001.R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys;c:\windows\SYSNATIVE\DRIVERS\revoflt.sys [x]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x]S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys;c:\windows\SYSNATIVE\DRIVERS\kltdi.sys [x]S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys;c:\windows\SYSNATIVE\DRIVERS\kneps.sys [x]S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]S2 ZAPrivacyService;ZoneAlarm Privacy Service;c:\program files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe;c:\program files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [x]S3 easytether;easytether;c:\windows\system32\DRIVERS\easytthr.sys;c:\windows\SYSNATIVE\DRIVERS\easytthr.sys [x]S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\klkbdflt.sys [x]S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x]S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys;c:\windows\SYSNATIVE\DRIVERS\MijXfilt.sys [x]S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]S3 VST64_DPV;VST64_DPV;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]S3 VST64HWBS2;VST64HWBS2;c:\windows\system32\DRIVERS\VSTBS26.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTBS26.SYS [x]..[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2013-07-28 20:50 1173456 ----a-w- c:\program files (x86)\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe.Contents of the 'Scheduled Tasks' folder.2013-07-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-29 14:54].2013-07-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-29 14:54].2013-07-31 c:\windows\Tasks\WpsUpdateTask_user.job- c:\program files (x86)\Kingsoft\Kingsoft Spreadsheets\office6\wpsupdate.exe [2011-11-03 16:00]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]2013-05-25 00:36 164016 ----a-w- c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]2013-05-25 00:36 164016 ----a-w- c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]2013-05-25 00:36 164016 ----a-w- c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]2013-05-25 00:36 164016 ----a-w- c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-07-19 1356240].------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmmLocal Page = c:\windows\SysWOW64\blank.htmTCP: DhcpNameServer = 8.8.8.8 8.8.4.4..--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]@Denied: (2) (LocalSystem)"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc, 1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07, 72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93, aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db, df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd"{73455575-E40C-433C-9784-C78DC7761455}"=hex:51,66,7a,6c,4c,1d,38,12,1b,56,56, 77,3e,aa,52,06,e8,92,84,cd,c2,28,50,41"{9E6D0D23-3D72-4A94-AE1F-2D167624E3D9}"=hex:51,66,7a,6c,4c,1d,38,12,4d,0e,7e, 9a,40,73,fa,0f,d1,09,6e,56,73,7a,a7,cd"{E33CF602-D945-461A-83F0-819F76A199F8}"=hex:51,66,7a,6c,4c,1d,38,12,6c,f5,2f, e7,77,97,74,03,fc,e6,c2,df,73,ff,dd,ec"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16, fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9, b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b.[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]@Denied: (2) (LocalSystem)"Timestamp"=hex:10,e2,b7,b1,d5,71,ce,01.[HKEY_USERS\S-1-5-21-1415280773-1473236903-632062529-1000\Software\SecuROM\License information*]"datasecu"=hex:ca,63,7f,f5,9a,07,6f,94,be,97,f6,ac,9c,14,fb,a2,60,1c,67,3d,83, fd,15,86,02,60,45,81,00,44,ba,c2,a2,7e,1f,a0,4a,17,5a,b3,25,9a,41,7c,b8,ec,\"rkeysecu"=hex:61,a0,ee,d7,d3,28,fd,f0,f0,d7,1e,47,02,a1,00,19.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]@="?????????????????? v1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]@="?????????????????? v2".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).Completion time: 2013-07-31 10:07:49ComboFix-quarantined-files.txt 2013-07-31 14:07ComboFix2.txt 2013-07-31 03:24.Pre-Run: 105,389,907,968 bytes freePost-Run: 105,326,276,608 bytes free.- - End Of File - - 8328F67C0661352E11A67ED1746E26C8A36C5E4F47E84449FF07ED3517B43A31 Link to post Share on other sites More sharing options...
ThottiePippen Posted July 31, 2013 Author ID:709223 Share Posted July 31, 2013 I just removed MyCleanPC from its uninstaller. I have been unable to do so through my Control Panel. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted August 1, 2013 Root Admin ID:709554 Share Posted August 1, 2013 Please download the attached file CFScript.txt and save it next to combofix.exeThen close your browser and drag and drop cfscript.txt onto combofix.exe to run it. When done it will produce a new log. Please attach that log on your next reply. Then run this tool again. Please download Farbar Recovery Scan Tool and save it to your desktop.Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.Double-click to run it. When the tool opens click Yes to disclaimer.Press Scan button.It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply. CFScript.txt Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted August 5, 2013 Root Admin ID:711146 Share Posted August 5, 2013 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts