Jump to content

Problem with Windows 7 after TDSS infection


jch02140
 Share

Recommended Posts

Hi,

Two days ago my laptop was infected with a nasty TDSS rootkit and have been having the iastor.sys BSOD every time I boot into windows or safemode.

While attempt to get through to the command-line option with 10 tries, 9 times got bsod and restarted but

I managed to get to the command prompt option via F8 and used the Kaspersky TDSSkiller tool to remove the rootkit.

I have also scanned my computer and remove other virus with Malwarebytes Anti-Virus tool in safe mode.

I have also attached a log files from DSS and HiJackThis. Since my system is Windows 7 x64, I have not include the GMER log file.

I have scanned and removed all the virus/malwares from the system until all my scanners returns nothing found. Problems are mostly solved but I am still having some other problem

like the system disk check not starting up on reboot. Also, all my shortcuts on the start menu are gone as well as the one in Administrative tools, etc....

I tried to roll back but the rootkit turned the system security center off and the restore point is removed....

How do I fix this?

Seems like there is some system files corrupted or something... I ran sfc /scannow and it says I have some corrupted files but cannot be fixed...

Attach.txt

DDS.txt

hijackthis.txt

CBS.txt

Link to post
Share on other sites

Hello jch02140! Welcome to Malwarebytes' Anti-Malware Forums!

My name is Borislav and I will be glad to help you solve your problems with malware. Before we begin, please note the following:

  • The process of cleaning your system may take some time, so please be patient.
  • Follow my instructions step by step if there is a problem somewhere, stop and tell me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • If you don't know or can't understand something please ask.
  • Do not install or uninstall any software or hardware, while work on.
  • Keep me informed about any changes.
  • Post all of your log files, don't attach them.

Step 1

I see you are running Teatimer.

I suggest you to disable it because it can interfere with the changes you'll make on your system.

When everything is done and your log is clean again, you can enable it again.

If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.

How to disable TeaTimer <== click me for instructions.

After you disabled Teatimer, download ResetTeaTimer.exe to your desktop.

Then run ResetTeaTimer.exe.

This will only take a few seconds.

Step 2

  • Launch Malwarebytes' Anti-Malware
  • Go to Update" tab and select Check for Updates.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

In your next reply, please post the following logs:

  1. Malwarebytes' Anti-Malware log
  2. a new fresh DDS log only

Link to post
Share on other sites

Hi Borislav,

Thank you for the link. I downloaded the executable and followed the steps.

However, I got a few problems.

1. The ResetTeaTimer executable reported can't find the TeaTimer.exe and spybotsd.exe processes when run.

2. While trying to update Malwarebytes Anti-Malware, I received the following error popup message:

An error has occurred. Please report this error code to our support team.

PROGRAM_ERROR_UPDATEING (5, 0, CreateFile)

Access Denied

I even tried using the Administrative right after right click on the shortcut but still having the same error.

Should I go ahead and attach the logs or until the Update error is fixed?...

It seems the system rights are somewhat screwed up by the virus/rootkit...

Link to post
Share on other sites

I am still getting the same error message after installing the file and run the update again. However, I see that the database seems to have updated. Not sure if they are of current:

Date: 2/28/2011

Database Version: 5905

Fingerprints loaded: 311126

Should I proceed to scan and attach the log files?

Link to post
Share on other sites

Here is the DSS log files

===================================================================================================================

DDS (Ver_10-12-12.02) - NTFS_AMD64

Run by Acer at 1:25:34.77 on 01/03/2011 ??

Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_23

Microsoft Windows 7 ????? 6.1.7600.0.936.86.3076.18.1781.777 [GMT 8:00]

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\taskeng.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\rundll32.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

C:\Program Files (x86)\Launch Manager\dsiwmis.exe

C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe

C:\Program Files (x86)\Acer\Registration\GregHSRW.exe

C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe

C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe

C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe

C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe

C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe

C:\Windows\SysWOW64\rpcnet.exe

C:\Program Files\Acer\Acer Updater\UpdaterService.exe

C:\Program Files\PacketiX VPN Client 64-bit Edition English\vpnclient_x64.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\system32\igfxsrvc.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe

C:\Program Files (x86)\Launch Manager\LManager.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe

C:\Windows\system32\igfxext.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Launch Manager\LMworker.exe

C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Apoint2K\ApMsgFwd.exe

C:\Program Files\Apoint2K\HidFind.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\Windows\system32\conhost.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\system32\sppsvc.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Users\Acer\Desktop\dds.scr

C:\Windows\system32\conhost.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0c04&m=aspire_4741&r=27360810l406l0458z145t45j1k389

mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0c04&m=aspire_4741&r=27360810l406l0458z145t45j1k389

uInternet Settings,ProxyOverride = local

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [backupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k

mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED

mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PACKET~1.LNK - C:\Program Files\PacketiX VPN Client 64-bit Edition English\vpncmgr_x64.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Download all with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlall.htm

IE: Download selected with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlselected.htm

IE: Download video with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlfvideo.htm

IE: Download with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dllink.htm

IE: Sothink SWF Catcher - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm

IE: ???????? - C:\Program Files (x86)\AliWangWang\AddToAlbum.htm

IE: ?????? - C:\Program Files (x86)\AliWangWang\ShareToTJH.htm

IE: ????????? - C:\Program Files (x86)\AliWangWang\AddNewEmotion.htm

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49}

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Trusted Zone: alipay.com

Trusted Zone: alisoft.com

Trusted Zone: archlord.com

Trusted Zone: hangame.com

Trusted Zone: naver.com\archlord

Trusted Zone: taobao.com

DPF: {24960521-7F51-4743-9D83-906B16D188E5} - hxxp://download.archlord.com/archlord/arch_relay/Archlord_downloader.2.0.0.9.cab

DPF: {2936308A-4942-4A0E-A3B6-BD6DE8E0FF58} - hxxp://launcher.nolto.com/GameStart/objectBK/SonovGStarter.cab

DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab

DPF: {488A4255-3236-44B3-8F27-FA1AECAA8844} - hxxps://download.alipay.com/aliedit/aliedit/2401/aliedit.cab

DPF: {4ABB12B3-8A8B-481D-874A-93E16F930A8B} - hxxp://www.hangame.com/common/CKKeyProInst.cab

DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

DPF: {6CE20149-ABE3-462E-A1B4-5B549971AA38} - hxxps://www.g-pin.go.kr/XecureObject/CKKeyPro3024_32k.cab

DPF: {708BFDA5-5B56-435B-8227-726021E197E9} - hxxp://tw.beanfun.com/beanfun_block/embeds/BFServiceAdapter.cab

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} - hxxp://dist.cdnetworks.co.kr/cdndist/neffynew/NeffyLauncher.cab

DPF: {B01AAFA1-2478-44A3-8894-BE4D4C23C271} - hxxp://su.hanbiton.com/Game/Launcher/HLauncher.cab

DPF: {BB5CB1AB-9613-44C7-B064-0F06ABAF2855} - hxxp://211.239.117.240/kcsdownloader/activex/KCSActiveX.cab

DPF: {C044CD87-DFB0-4130-A5E4-49361106FBC8} - hxxp://pubid.hangame.com/common/HanSetup1040.cab

DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

BHO-X64: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll

mRun-x64: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe

mRun-x64: [igfxTray] C:\Windows\system32\igfxtray.exe

mRun-x64: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

mRun-x64: [Persistence] C:\Windows\system32\igfxpers.exe

mRun-x64: [Apoint] C:\Program Files\Apoint2K\Apoint.exe

mRun-x64: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe

mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

mRun-x64: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"

IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

================= FIREFOX ===================

FF - ProfilePath - C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\61rv5wka.default\

FF - prefs.js: browser.startup.homepage - hxxp://zh-TW.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:zh-TW:official

FF - component: C:\Program Files (x86)\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll

FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll

FF - component: C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\61rv5wka.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npaliedit.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwangwang.dll

FF - plugin: C:\Program Files (x86)\Total Immersion\DFusionHomeWebPlugIn\NPDFusionWebFirefox.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\Acer\AppData\Local\Alibaba\AliSetup\0.1.0.51\npAliSetupOneClick.dll

FF - plugin: C:\Users\Acer\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll

FF - plugin: C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\61rv5wka.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll

FF - plugin: C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\61rv5wka.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll

FF - plugin: C:\Windows\system32\npKeyPro.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}

FF - Ext: BitDefender QuickScan: {e001c731-5e37-4538-a5cb-8168736a2360} - %profile%\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}

FF - Ext: Download Manager Tweak: {F8A55C97-3DB6-4961-A81D-0DE0080E53CB} - %profile%\extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}

FF - Ext: British English Dictionary: en-GB@dictionaries.addons.mozilla.org - %profile%\extensions\en-GB@dictionaries.addons.mozilla.org

FF - Ext: United States English Spellchecker: en-US@dictionaries.addons.mozilla.org - %profile%\extensions\en-US@dictionaries.addons.mozilla.org

FF - Ext: LogMeIn, Inc. Remote Access Plugin: LogMeInClient@logmein.com - %profile%\extensions\LogMeInClient@logmein.com

FF - Ext: Session Manager: {1280606b-2510-4fe0-97ef-9b5a22eafe30} - %profile%\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}

FF - Ext: KeepTube Downloader: webmaster@keep-tube.com - %profile%\extensions\webmaster@keep-tube.com

FF - Ext: eBay Sidebar for Firefox: {62760FD6-B943-48C9-AB09-F99C6FE96088} - %profile%\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}

============= SERVICES / DRIVERS ===============

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-14 59904]

R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2010-4-20 325200]

R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2010-4-20 865824]

R2 Greg_Service;GRegService;C:\Program Files (x86)\Acer\Registration\GregHSRW.exe [2009-8-28 1150496]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-3-27 13336]

R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2010-9-27 373640]

R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2010-5-31 15928]

R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\System32\drivers\LMIRfsDriver.sys [2010-11-11 72216]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-2-21 363344]

R2 mi-raysat_3dsmax2011_64;mental ray 3.8 Satellite for Autodesk 3ds Max 2011 64-bit 64-bit;C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe [2010-3-10 86016]

R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-3-8 250368]

R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-11-5 144640]

R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2009-11-2 13784]

R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-3-27 2320920]

R2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2010-3-27 243232]

R2 vpnclient;PacketiX VPN Client;C:\Program Files\PacketiX VPN Client 64-bit Edition English\vpnclient_x64.exe [2008-5-15 4601344]

R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-3-27 56344]

R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-4-20 158848]

R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-4-20 271872]

R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2009-10-16 321064]

R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2011-2-21 24152]

R3 Neo_VPN;VPN Client Device Driver - VPN;C:\Windows\System32\drivers\Neo_0094.sys [2011-2-16 29808]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-2-22 1153368]

S3 AmUStor;AM USB Stroage Driver;C:\Windows\System32\drivers\AmUStor.sys [2009-12-2 40448]

S3 btwampfl;Bluetooth AMP USB Filter;C:\Windows\System32\drivers\btwampfl.sys [2010-4-20 335400]

S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2010-4-20 39464]

S3 CEDRIVER55;CEDRIVER55;C:\Program Files (x86)\Cheat Engine\dbk64.sys [2011-1-9 39424]

S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-12-20 1436424]

S3 JRSKD24;JRSKD24;C:\Windows\System32\JRSKD24.SYS [2010-12-26 14056]

S3 kcrtx64;kcrtx64;C:\Windows\System32\kcrtx64.sys [2010-12-26 141848]

S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]

S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-11-5 50432]

S3 TesSafe;TesSafe;C:\Windows\System32\TesSafe.sys [2011-2-15 163920]

S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-11-2 126352]

S3 WatAdminSvc;Windows ??????;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-8-29 1255736]

=============== Created Last 30 ================

2011-02-28 14:45:44 367104 ----a-w- C:\Windows\System32\wcncsvc.dll

2011-02-28 14:45:44 276992 ----a-w- C:\Windows\SysWow64\wcncsvc.dll

2011-02-26 21:21:39 662528 ----a-w- C:\Windows\System32\XpsPrint.dll

2011-02-26 21:21:39 475648 ----a-w- C:\Windows\System32\XpsGdiConverter.dll

2011-02-26 21:21:39 442880 ----a-w- C:\Windows\SysWow64\XpsPrint.dll

2011-02-26 21:21:39 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll

2011-02-22 12:13:27 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy

2011-02-22 12:13:27 -------- d-----w- C:\PROGRA~3\Spybot - Search & Destroy

2011-02-21 21:26:12 -------- d-----w- C:\CFLog

2011-02-21 20:17:39 -------- d-----w- C:\Windows\SysWow64\Temp

2011-02-21 10:43:46 -------- d-----w- C:\Users\Acer\AppData\Roaming\Malwarebytes

2011-02-21 10:43:41 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

2011-02-21 10:43:40 -------- d--h--w- C:\PROGRA~3\Malwarebytes

2011-02-21 10:43:37 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-02-21 10:43:37 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2011-02-21 10:21:38 -------- d-sh--w- C:\$RECYCLE.BIN

2011-02-21 10:09:54 98816 ----a-w- C:\Windows\sed.exe

2011-02-21 10:09:54 89088 ----a-w- C:\Windows\MBR.exe

2011-02-21 10:09:54 256512 ----a-w- C:\Windows\PEV.exe

2011-02-21 10:09:54 161792 ----a-w- C:\Windows\SWREG.exe

2011-02-19 19:52:52 -------- d-----w- C:\Users\Acer\AppData\Roaming\updates

2011-02-19 19:52:39 76288 --sha-r- C:\Windows\SysWow64\licmgr10J.dll

2011-02-18 16:14:43 7844688 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{220D1479-958B-45A2-AAEE-170331E86521}\mpengine.dll

2011-02-15 16:01:04 29808 ----a-w- C:\Windows\System32\drivers\Neo_0094.sys

2011-02-15 15:59:38 97280 ----a-w- C:\Windows\System32\vpncmd.exe

2011-02-15 15:59:23 -------- d-----w- C:\Program Files\PacketiX VPN Client 64-bit Edition English

2011-02-15 14:30:05 163920 ----a-w- C:\Windows\System32\TesSafe.sys

2011-02-15 14:19:49 -------- d-----w- C:\Program Files\????

2011-02-15 13:40:23 -------- d--h--w- C:\PROGRA~3\Tencent

2011-02-15 13:40:23 -------- d-----w- C:\Users\Acer\AppData\Roaming\Tencent

2011-02-15 13:40:18 -------- d-----w- C:\Program Files (x86)\Common Files\Tencent

2011-02-10 13:30:50 -------- d-----w- C:\Users\Acer\AppData\Roaming\Total Immersion

2011-02-10 13:30:42 -------- d-----w- C:\Program Files (x86)\Total Immersion

2011-02-07 15:01:18 -------- d-----w- C:\Users\Acer\AppData\Local\FontCreator

2011-02-07 15:01:16 616600 ----a-w- C:\Windows\SysWow64\FontInstaller.dll

2011-02-04 03:43:00 -------- d-----w- C:\Users\Acer\AppData\Local\Humanbalance

2011-02-04 03:42:58 -------- d-----w- C:\Program Files (x86)\GraphicsGale

2011-02-03 18:10:22 -------- d-----w- C:\Users\Acer\AppData\Roaming\NNDD.F724EC019EC1F2A8EB0876D4F61C828E68A6A369.1

2011-02-03 18:10:18 -------- d-----w- C:\Program Files (x86)\NNDD

2011-02-02 16:52:30 -------- d--h--w- C:\PROGRA~3\NexonTW

2011-02-02 16:51:45 -------- d-----w- C:\Users\Acer\AppData\Local\CSO

2011-02-01 20:33:36 -------- d--h--w- C:\PROGRA~3\Nexon

2011-01-30 06:57:00 103864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll

==================== Find3M ====================

2011-02-28 17:21:41 17920 ----a-w- C:\Windows\System32\rpcnetp.exe

2011-02-28 17:21:39 58288 ----a-w- C:\Windows\SysWow64\rpcnet.dll

2011-02-28 14:57:35 17920 ----a-w- C:\Windows\SysWow64\rpcnetp.dll

2011-02-28 14:57:27 17920 ----a-w- C:\Windows\SysWow64\rpcnetp.exe

2011-02-16 17:38:30 13160 ----a-w- C:\Windows\SysWow64\Upgrd.exe

2011-02-16 17:38:24 58288 ------w- C:\Windows\SysWow64\rpcnet.exe

2011-01-26 06:53:10 982912 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys

2011-01-26 06:53:10 265088 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys

2011-01-26 06:31:20 144384 ----a-w- C:\Windows\System32\cdd.dll

2011-01-14 17:43:53 17640 ----a-w- C:\Windows\System32\JRSUKD25.SYS

2011-01-14 17:43:53 141848 ----a-w- C:\Windows\System32\kcrtx64.sys

2011-01-14 17:43:53 14056 ----a-w- C:\Windows\System32\JRSKD24.SYS

2011-01-07 08:06:50 46080 ----a-w- C:\Windows\System32\atmlib.dll

2011-01-07 07:27:11 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll

2011-01-07 05:49:20 366080 ----a-w- C:\Windows\System32\atmfd.dll

2011-01-07 05:33:11 294400 ----a-w- C:\Windows\SysWow64\atmfd.dll

2011-01-05 06:20:30 612352 ----a-w- C:\Windows\System32\vbscript.dll

2011-01-05 05:37:33 428032 ----a-w- C:\Windows\SysWow64\vbscript.dll

2011-01-05 04:00:16 3127808 ----a-w- C:\Windows\System32\win32k.sys

2011-01-01 06:19:10 521448 ----a-w- C:\Windows\System32\deployJava1.dll

2010-12-25 21:21:57 470024 ----a-w- C:\Windows\SysWow64\CKSetup64.exe

2010-12-25 21:21:57 124424 ----a-r- C:\Windows\SysWow64\CKAgent.exe

2010-12-25 21:21:57 124424 ----a-r- C:\Windows\System32\CKAgent.exe

2010-12-21 06:16:27 97280 ----a-w- C:\Windows\System32\wscsvc.dll

2010-12-21 06:16:27 62976 ----a-w- C:\Windows\System32\wscapi.dll

2010-12-21 06:16:16 214016 ----a-w- C:\Windows\System32\winsrv.dll

2010-12-21 06:16:14 442880 ----a-w- C:\Windows\System32\winhttp.dll

2010-12-21 06:16:14 1197056 ----a-w- C:\Windows\System32\wininet.dll

2010-12-21 06:16:09 258048 ----a-w- C:\Windows\System32\WebClnt.dll

2010-12-21 06:15:55 264192 ----a-w- C:\Windows\System32\upnp.dll

2010-12-21 06:15:31 15360 ----a-w- C:\Windows\System32\slwga.dll

2010-12-21 06:13:03 2003968 ----a-w- C:\Windows\System32\msxml6.dll

2010-12-21 06:13:03 1880576 ----a-w- C:\Windows\System32\msxml3.dll

2010-12-21 06:10:22 100864 ----a-w- C:\Windows\System32\davclnt.dll

2010-12-21 05:38:24 51200 ----a-w- C:\Windows\SysWow64\wscapi.dll

2010-12-21 05:38:22 981504 ----a-w- C:\Windows\SysWow64\wininet.dll

2010-12-21 05:38:22 350720 ----a-w- C:\Windows\SysWow64\winhttp.dll

2010-12-21 05:38:21 204800 ----a-w- C:\Windows\SysWow64\WebClnt.dll

2010-12-21 05:38:19 204288 ----a-w- C:\Windows\SysWow64\upnp.dll

2010-12-21 05:38:16 14336 ----a-w- C:\Windows\SysWow64\slwga.dll

2010-12-21 05:36:17 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll

2010-12-21 05:36:16 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll

2010-12-21 05:34:12 80384 ----a-w- C:\Windows\SysWow64\davclnt.dll

2010-12-18 06:11:41 57856 ----a-w- C:\Windows\System32\licmgr10.dll

2010-12-18 06:11:34 714752 ----a-w- C:\Windows\System32\kerberos.dll

2010-12-18 05:29:40 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll

2010-12-18 05:29:31 541184 ----a-w- C:\Windows\SysWow64\kerberos.dll

2010-12-18 04:55:03 482816 ----a-w- C:\Windows\System32\html.iec

2010-12-18 04:20:55 386048 ----a-w- C:\Windows\SysWow64\html.iec

2010-12-18 04:13:40 1638912 ----a-w- C:\Windows\System32\mshtml.tlb

2010-12-18 03:47:59 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2010-12-08 15:57:03 87456 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll.000.bak

2010-12-08 05:12:28 87456 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll

2010-12-08 05:12:16 80768 ----a-w- C:\Windows\System32\LMIinit.dll

2010-12-08 05:12:16 33152 ----a-w- C:\Windows\System32\LMIport.dll

============= FINISH: 1:26:39.48 ===============

====================================================================================================================

Here is the Malewarebytes' Anti-Malware log

=================================================================================================================

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 5905

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

1/3/2011 ?? 1:19:19

mbam-log-2011-03-01 (01-19-19).txt

Scan type: Quick scan

Objects scanned: 172703

Time elapsed: 3 minute(s), 36 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\Users\Acer\AppData\Roaming\microsoft\Windows\start menu\Programs\Startup\mousedriver.exe (Trojan.Proxy) -> Quarantined and deleted successfully.

===================================================================================================================

Link to post
Share on other sites

**Note: If you need more detailed information, please visit the web page of ComboFix in BleepingComputer. **

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper.

Please download ComboFix from

Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**

  1. If you are using Firefox, make sure that your download settings are as follows:
    • Open Tools -> Options -> Main tab
    • Set to Always ask me where to Save the files.

[*]During the download, rename Combofix to Combo-Fix as follows:

CF_download_FF.gif

CF_download_rename.gif

[*]It is important you rename Combofix during the download, but not after.

[*]Please do not rename Combofix to other names, but only to the one indicated.

[*]Close any open browsers.

[*]Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

-----------------------------------------------------------

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause unpredictable results.
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

    ----------------------------------------------------


  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

  • Double click on Combo-Fix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\Combo-Fix.txt for further review.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

Link to post
Share on other sites

Here is the log from Combo-Fix.exe

=============================================================================================

ComboFix 11-02-28.01 - Acer 03/2011 ?? 3:29.2.4 - x64

Microsoft Windows 7 Home Premium 6.1.7600.0.936.86.3076.18.1781.937 [GMT 8:00]

????: c:\users\Acer\Desktop\Combo-Fix.exe

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((((((((((((((((( ?????? )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\CFLog

c:\windows\SysWow64\Temp

c:\windows\TEMP\VPN_F6B1\B7091C83.dll

.

((((((((((((((((((((((((((((((((((((((( ??/?? )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_TESSAFE

-------\Service_TesSafe

((((((((((((((((((((((((( 2011-01-28 ? 2011-02-28 ????? )))))))))))))))))))))))))))))))

.

2011-02-28 19:36 . 2011-02-28 19:36 -------- d-----w- c:\users\LogMeInRemoteUser\AppData\Local\temp

2011-02-28 19:36 . 2011-02-28 19:36 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-02-28 14:45 . 2010-09-14 06:45 367104 ----a-w- c:\windows\system32\wcncsvc.dll

2011-02-28 14:45 . 2010-09-14 06:07 276992 ----a-w- c:\windows\SysWow64\wcncsvc.dll

2011-02-26 21:21 . 2011-01-07 08:07 662528 ----a-w- c:\windows\system32\XpsPrint.dll

2011-02-26 21:21 . 2011-01-07 08:07 475648 ----a-w- c:\windows\system32\XpsGdiConverter.dll

2011-02-26 21:21 . 2011-01-07 07:31 442880 ----a-w- c:\windows\SysWow64\XpsPrint.dll

2011-02-26 21:21 . 2011-01-07 07:31 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll

2011-02-22 12:13 . 2011-02-22 12:41 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2011-02-22 12:13 . 2011-02-22 12:15 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy

2011-02-21 10:43 . 2011-02-21 10:43 -------- d-----w- c:\users\Acer\AppData\Roaming\Malwarebytes

2011-02-21 10:43 . 2010-12-20 10:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys

2011-02-21 10:43 . 2011-02-21 10:43 -------- d--h--w- c:\programdata\Malwarebytes

2011-02-21 10:43 . 2011-02-21 10:43 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2011-02-21 10:43 . 2010-12-20 10:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-02-19 19:52 . 2011-02-21 10:19 -------- d-----w- c:\users\Acer\AppData\Roaming\updates

2011-02-19 19:52 . 2011-02-19 19:52 76288 --sha-r- c:\windows\SysWow64\licmgr10J.dll

2011-02-18 16:14 . 2011-01-13 10:20 7844688 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{220D1479-958B-45A2-AAEE-170331E86521}\mpengine.dll

2011-02-15 16:01 . 2011-02-15 16:01 29808 ----a-w- c:\windows\system32\drivers\Neo_0094.sys

2011-02-15 15:59 . 2011-02-15 15:59 97280 ----a-w- c:\windows\system32\vpncmd.exe

2011-02-15 15:59 . 2011-02-28 19:38 -------- d-----w- c:\program files\PacketiX VPN Client 64-bit Edition English

2011-02-15 14:30 . 2011-02-22 13:19 163920 ----a-w- c:\windows\system32\TesSafe.sys

2011-02-15 14:19 . 2011-02-15 14:19 -------- d-----w- c:\program files\????

2011-02-15 13:40 . 2011-02-15 13:40 -------- d--h--w- c:\programdata\Tencent

2011-02-15 13:40 . 2011-02-15 13:40 -------- d-----w- c:\users\Acer\AppData\Roaming\Tencent

2011-02-15 13:40 . 2011-02-15 13:40 -------- d-----w- c:\program files (x86)\Common Files\Tencent

2011-02-10 13:30 . 2011-02-10 13:30 -------- d-----w- c:\users\Acer\AppData\Roaming\Total Immersion

2011-02-10 13:30 . 2011-02-10 13:30 -------- d-----w- c:\program files (x86)\Total Immersion

2011-02-07 15:01 . 2011-02-07 15:16 -------- d-----w- c:\users\Acer\AppData\Local\FontCreator

2011-02-07 15:01 . 2009-06-16 16:02 616600 ----a-w- c:\windows\SysWow64\FontInstaller.dll

2011-02-04 03:43 . 2011-02-04 03:43 -------- d-----w- c:\users\Acer\AppData\Local\Humanbalance

2011-02-04 03:42 . 2011-02-04 03:42 -------- d-----w- c:\program files (x86)\GraphicsGale

2011-02-03 18:10 . 2011-02-03 18:10 -------- d-----w- c:\users\Acer\AppData\Roaming\NNDD.F724EC019EC1F2A8EB0876D4F61C828E68A6A369.1

2011-02-03 18:10 . 2011-02-03 18:10 -------- d-----w- c:\program files (x86)\NNDD

2011-02-02 16:51 . 2011-02-21 20:07 -------- d-----w- c:\users\Acer\AppData\Local\CSO

2011-02-01 20:33 . 2011-02-01 20:33 -------- d--h--w- c:\programdata\Nexon

2011-01-30 06:57 . 2011-01-30 06:57 103864 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll

.

(((((((((((((((((((((((((((((((((((((((( ??????????? ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-02-28 19:38 . 2010-03-17 12:56 17920 ----a-w- c:\windows\system32\rpcnetp.exe

2011-02-28 19:38 . 2010-03-21 23:58 58288 ----a-w- c:\windows\SysWow64\rpcnet.dll

2011-02-28 14:57 . 2010-03-17 12:57 17920 ----a-w- c:\windows\SysWow64\rpcnetp.dll

2011-02-28 14:57 . 2010-03-17 12:56 17920 ----a-w- c:\windows\SysWow64\rpcnetp.exe

2011-02-16 17:38 . 2010-03-21 23:57 13160 ----a-w- c:\windows\SysWow64\Upgrd.exe

2011-02-16 17:38 . 2010-03-21 23:58 58288 ------w- c:\windows\SysWow64\rpcnet.exe

2011-01-14 17:43 . 2010-12-25 21:21 17640 ----a-w- c:\windows\system32\JRSUKD25.SYS

2011-01-14 17:43 . 2010-12-25 21:21 141848 ----a-w- c:\windows\system32\kcrtx64.sys

2011-01-14 17:43 . 2010-12-25 21:21 14056 ----a-w- c:\windows\system32\JRSKD24.SYS

2011-01-13 14:39 . 2009-08-18 04:49 564632 ---ha-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll

2011-01-13 14:39 . 2009-08-18 03:24 17816 ---ha-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2011-01-02 21:46 . 2011-01-02 21:46 634880 ----a-r- c:\users\Acer\AppData\Roaming\Microsoft\Installer\{9216E17D-FBFB-417B-B1B6-60FE41688EF3}\LineageII.exe1_9216E17DFBFB417BB1B660FE41688EF3.exe

2011-01-02 21:46 . 2011-01-02 21:46 634880 ----a-r- c:\users\Acer\AppData\Roaming\Microsoft\Installer\{9216E17D-FBFB-417B-B1B6-60FE41688EF3}\LineageII.exe_9216E17DFBFB417BB1B660FE41688EF3.exe

2011-01-02 21:46 . 2011-01-02 21:46 45056 ----a-r- c:\users\Acer\AppData\Roaming\Microsoft\Installer\{9216E17D-FBFB-417B-B1B6-60FE41688EF3}\ARPPRODUCTICON.exe

2011-01-01 06:19 . 2011-01-01 06:19 521448 ----a-w- c:\windows\system32\deployJava1.dll

2010-12-25 21:21 . 2010-12-25 21:21 124424 ----a-r- c:\windows\SysWow64\CKAgent.exe

2010-12-25 21:21 . 2010-12-25 21:21 124424 ----a-r- c:\windows\system32\CKAgent.exe

2010-12-25 21:21 . 2010-09-30 14:08 470024 ----a-w- c:\windows\SysWow64\CKSetup64.exe

2010-12-08 15:57 . 2010-11-10 19:30 87456 ----a-w- c:\windows\system32\LMIRfsClientNP.dll.000.bak

2010-12-08 05:12 . 2010-11-10 19:30 87456 ----a-w- c:\windows\system32\LMIRfsClientNP.dll

2010-12-08 05:12 . 2010-11-10 19:30 33152 ----a-w- c:\windows\system32\LMIport.dll

2010-12-08 05:12 . 2010-11-10 19:30 80768 ----a-w- c:\windows\system32\LMIinit.dll

.

((((((((((((((((((((((((((((( SnapShot@2011-02-21_10.21.39 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-07-14 04:54 . 2011-02-28 19:38 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-07-14 04:54 . 2011-01-13 02:50 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-07-14 04:54 . 2011-01-13 02:50 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:54 . 2011-02-28 19:38 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2011-01-13 02:50 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:54 . 2011-02-28 19:38 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2010-03-26 16:45 . 2011-02-28 19:19 58584 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2011-02-28 19:19 35028 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2010-08-12 11:23 . 2011-02-28 19:19 13488 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3708158517-3727541704-1879287214-1000_UserData.bin

- 2010-04-20 08:19 . 2011-02-21 10:14 99334 c:\windows\system32\prfc0404.dat

+ 2010-04-20 08:19 . 2011-02-28 14:44 99334 c:\windows\system32\prfc0404.dat

+ 2011-02-22 01:53 . 2011-02-22 13:00 67584 c:\windows\system32\LogFiles\Srt\bootstat.dat

- 2011-02-22 01:53 . 2011-02-19 21:17 67584 c:\windows\system32\LogFiles\Srt\bootstat.dat

+ 2010-08-12 11:17 . 2011-02-28 15:05 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2010-08-12 11:17 . 2011-02-21 09:59 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2010-08-12 11:17 . 2011-02-28 15:05 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2010-08-12 11:17 . 2011-02-21 09:59 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:54 . 2011-02-28 15:05 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-07-14 04:54 . 2011-02-21 09:59 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2010-08-13 13:51 . 2011-02-19 09:43 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2010-08-13 13:51 . 2011-02-28 19:39 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-07-14 04:46 . 2011-02-28 17:28 80736 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat

- 2010-08-13 13:51 . 2011-02-19 09:43 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2010-08-13 13:51 . 2011-02-28 19:39 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2010-08-13 13:51 . 2011-02-19 09:43 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2010-08-13 13:51 . 2011-02-28 19:39 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2010-08-12 11:23 . 2011-02-19 19:14 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2010-08-12 11:23 . 2011-02-28 19:39 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2010-08-12 11:23 . 2011-02-28 19:39 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2010-08-12 11:23 . 2011-02-19 19:14 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2011-02-28 19:38 . 2011-02-28 19:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2011-02-21 10:21 . 2011-02-21 10:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2011-02-21 10:21 . 2011-02-21 10:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2011-02-28 19:38 . 2011-02-28 19:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2011-02-28 19:38 . 2011-02-28 19:38 167424 c:\windows\temp\VPN_4657\0FC343C0.dll

+ 2010-04-20 08:19 . 2011-02-28 14:44 377870 c:\windows\system32\prfh0404.dat

- 2010-04-20 08:19 . 2011-02-21 10:14 377870 c:\windows\system32\prfh0404.dat

- 2009-07-14 02:36 . 2011-02-21 10:14 616008 c:\windows\system32\perfh009.dat

+ 2009-07-14 02:36 . 2011-02-28 14:44 616008 c:\windows\system32\perfh009.dat

- 2009-07-14 02:36 . 2011-02-21 10:14 106388 c:\windows\system32\perfc009.dat

+ 2009-07-14 02:36 . 2011-02-28 14:44 106388 c:\windows\system32\perfc009.dat

- 2009-07-14 05:01 . 2011-02-19 01:27 304324 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2009-07-14 05:01 . 2011-02-28 19:37 304324 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2010-10-20 01:41 . 2011-01-16 21:39 305092 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3708158517-3727541704-1879287214-1000-8192.dat

+ 2010-10-20 01:41 . 2011-02-21 16:50 305092 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3708158517-3727541704-1879287214-1000-8192.dat

+ 2011-02-28 19:38 . 2011-02-28 19:38 2240512 c:\windows\temp\VPN_4657\B7091C83.dll

+ 2011-02-28 19:38 . 2011-02-28 19:38 1185302 c:\windows\temp\.unicode_cache_6da894d0.dat

- 2009-07-14 04:45 . 2011-02-10 11:11 3852951 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat

+ 2009-07-14 04:45 . 2011-02-28 17:18 3852951 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat

- 2010-08-28 17:48 . 2011-02-19 01:28 1538904 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

+ 2010-08-28 17:48 . 2011-02-21 12:46 1538904 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

- 2009-07-14 02:34 . 2011-02-22 01:48 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT

+ 2009-07-14 02:34 . 2011-02-28 19:28 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT

.

-- ???????? --

.

((((((((((((((((((((((((((((((((((((( ????? ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*??* ???????????????

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2009-12-23 284696]

"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2010-03-08 260608]

"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-07-24 588648]

"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-02-26 1289296]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-12-20 443728]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-3-26 1125152]

PacketiX VPN Client Task Tray.lnk - c:\program files\PacketiX VPN Client 64-bit Edition English\vpncmgr_x64.exe [2008-5-15 4793856]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk /p \??\C:\0autocheck autochk *

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2009-12-02 40448]

R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-03-06 335400]

R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-03-02 39464]

R3 CEDRIVER55;CEDRIVER55;c:\program files (x86)\Cheat Engine\dbk64.sys [2010-08-05 39424]

R3 dump_wmimmc;dump_wmimmc;c:\program files (x86)\PLAYNC\AION????\bin32\GameGuard\dump_wmimmc.sys [x]

R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]

R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-12-20 1436424]

R3 JRSKD24;JRSKD24;c:\windows\system32\JRSKD24.SYS [2011-01-14 14056]

R3 kcrtx64;kcrtx64;c:\windows\system32\kcrtx64.sys [2011-01-14 141848]

R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]

R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-11-05 50432]

R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-11-02 126352]

R3 WatAdminSvc;Windows ??????;c:\windows\system32\Wat\WatAdminSvc.exe [2010-08-28 1255736]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-02-26 325200]

S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2010-02-05 865824]

S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-08-28 1150496]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-12-23 13336]

S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2010-12-08 373640]

S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2010-05-31 15928]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2010-12-20 363344]

S2 mi-raysat_3dsmax2011_64;mental ray 3.8 Satellite for Autodesk 3ds Max 2011 64-bit 64-bit;c:\program files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe [2010-03-09 86016]

S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-03-08 250368]

S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-11-05 144640]

S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2009-11-02 13784]

S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-10-01 2320920]

S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-28 243232]

S2 vpnclient;PacketiX VPN Client;c:\program files\PacketiX VPN Client 64-bit Edition English\vpnclient_x64.exe [2008-05-15 4601344]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]

S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-01-07 158848]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-01-08 271872]

S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-10-15 321064]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-12-20 24152]

S3 Neo_VPN;VPN Client Device Driver - VPN;c:\windows\system32\DRIVERS\Neo_0094.sys [2011-02-15 29808]

.

--------- x86-64 -----------

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]

c:\program files (x86)\Hotspot Shield\HssIE\HssIE_64.dll [bU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"combofix"="c:\combo-fix\CF10803.cfxxe" [X]

"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-09-22 323584]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-02-12 166424]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-02-12 390680]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-02-12 410136]

"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-10-22 325120]

"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2010-02-05 860192]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-01-29 10038304]

"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2010-05-31 57928]

.

------- ????? -------

.

uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0c04&m=aspire_4741&r=27360810l406l0458z145t45j1k389

uLocal Page = c:\windows\system32\blank.htm

mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0c04&m=aspire_4741&r=27360810l406l0458z145t45j1k389

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = local

IE: Download all with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlall.htm

IE: Download selected with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlselected.htm

IE: Download video with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlfvideo.htm

IE: Download with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dllink.htm

IE: Sothink SWF Catcher - c:\program files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm

IE: ???????? - c:\program files (x86)\AliWangWang\AddToAlbum.htm

IE: ?????? - c:\program files (x86)\AliWangWang\ShareToTJH.htm

IE: ????????? - c:\program files (x86)\AliWangWang\AddNewEmotion.htm

Trusted Zone: alipay.com

Trusted Zone: alisoft.com

Trusted Zone: archlord.com

Trusted Zone: hangame.com

Trusted Zone: naver.com\archlord

Trusted Zone: taobao.com

DPF: {24960521-7F51-4743-9D83-906B16D188E5} - hxxp://download.archlord.com/archlord/arch_relay/Archlord_downloader.2.0.0.9.cab

DPF: {2936308A-4942-4A0E-A3B6-BD6DE8E0FF58} - hxxp://launcher.nolto.com/GameStart/objectBK/SonovGStarter.cab

DPF: {488A4255-3236-44B3-8F27-FA1AECAA8844} - hxxps://download.alipay.com/aliedit/aliedit/2401/aliedit.cab

DPF: {4ABB12B3-8A8B-481D-874A-93E16F930A8B} - hxxp://www.hangame.com/common/CKKeyProInst.cab

DPF: {6CE20149-ABE3-462E-A1B4-5B549971AA38} - hxxps://www.g-pin.go.kr/XecureObject/CKKeyPro3024_32k.cab

DPF: {708BFDA5-5B56-435B-8227-726021E197E9} - hxxp://tw.beanfun.com/beanfun_block/embeds/BFServiceAdapter.cab

DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} - hxxp://dist.cdnetworks.co.kr/cdndist/neffynew/NeffyLauncher.cab

DPF: {B01AAFA1-2478-44A3-8894-BE4D4C23C271} - hxxp://su.hanbiton.com/Game/Launcher/HLauncher.cab

DPF: {BB5CB1AB-9613-44C7-B064-0F06ABAF2855} - hxxp://211.239.117.240/kcsdownloader/activex/KCSActiveX.cab

DPF: {C044CD87-DFB0-4130-A5E4-49361106FBC8} - hxxp://pubid.hangame.com/common/HanSetup1040.cab

FF - ProfilePath - c:\users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\61rv5wka.default\

FF - prefs.js: browser.startup.homepage - hxxp://zh-TW.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:zh-TW:official

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}

FF - Ext: BitDefender QuickScan: {e001c731-5e37-4538-a5cb-8168736a2360} - %profile%\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}

FF - Ext: Download Manager Tweak: {F8A55C97-3DB6-4961-A81D-0DE0080E53CB} - %profile%\extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}

FF - Ext: British English Dictionary: en-GB@dictionaries.addons.mozilla.org - %profile%\extensions\en-GB@dictionaries.addons.mozilla.org

FF - Ext: United States English Spellchecker: en-US@dictionaries.addons.mozilla.org - %profile%\extensions\en-US@dictionaries.addons.mozilla.org

FF - Ext: LogMeIn, Inc. Remote Access Plugin: LogMeInClient@logmein.com - %profile%\extensions\LogMeInClient@logmein.com

FF - Ext: Session Manager: {1280606b-2510-4fe0-97ef-9b5a22eafe30} - %profile%\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}

FF - Ext: KeepTube Downloader: webmaster@keep-tube.com - %profile%\extensions\webmaster@keep-tube.com

FF - Ext: eBay Sidebar for Firefox: {62760FD6-B943-48C9-AB09-F99C6FE96088} - %profile%\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}

.

- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3708158517-3727541704-1879287214-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{803EDEE9-73BB-EC99-C0CE-A6529E202957}*]

"nagnbgghobgcmgkhflajelppbmhj"=hex:6b,61,6a,69,61,61,67,61,67,63,6b,6c,6c,6b,

66,6d,66,66,62,6f,68,6d,00,00

"gbipjihginpgipicblgbffkcfainecfegfcdbmdolgjoag"=hex:64,61,6a,70,6e,6e,67,6f,

00,00

"bbonpemcklneplmlkhngnkmgilgnjdeickgg"=hex:68,62,61,6d,64,6d,6d,6b,6a,65,61,61,

63,67,6b,65,6d,70,70,6d,6c,6b,64,62,65,6d,65,68,63,6e,6a,6f,6f,6b,70,6d,6b,\

"oaamhkdhmdfpfgmghinbhkophdljao"=hex:6b,61,6a,69,61,61,67,61,67,63,6b,6c,6c,6b,

66,6d,66,66,62,6f,68,6d,00,00

[HKEY_USERS\S-1-5-21-3708158517-3727541704-1879287214-1000\Software\SecuROM\License information*]

"datasecu"=hex:81,84,cb,ac,a0,b3,4d,4c,b7,0b,96,14,03,b6,bc,16,af,36,eb,8a,cc,

bb,6e,1a,cc,12,63,50,93,7c,58,76,bf,49,5c,84,13,75,32,41,7f,87,a5,51,82,76,\

"rkeysecu"=hex:96,01,4d,b0,df,be,91,b6,97,75,0b,ad,ca,d4,40,4f

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"

"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"

"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ ?????? ------------------------

.

c:\windows\SysWOW64\rundll32.exe

c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

c:\windows\SysWOW64\rpcnet.exe

c:\program files (x86)\Launch Manager\LMworker.exe

.

**************************************************************************

.

????: 2011-03-01 03:43:38 - ???????

ComboFix-quarantined-files.txt 2011-02-28 19:43

ComboFix2.txt 2011-02-21 10:26

Pre-Run: 50,767,613,952 bytes free

Post-Run: 50,771,341,312 bytes free

- - End Of File - - 7F470BF02A09547985F76B31D06A7623

=======================================================================================================

Link to post
Share on other sites

I am still having weird errors when running certain programs and everytime I schedule a chkdsk routine on restart,

however upon reboot the chkdsk is always skipped and goes straight to loading windows.

Also, I have check to enable Firefox as my default browser, however evertime when I restart Firefox seems to have reset and ask me again

if I want to set it to default broswer again.

Shortcuts on start menu are still gone along with the one in Administrative Tools under Control Panel.....

I am not sure what other problems are still present in my laptop....

Link to post
Share on other sites

ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however may need to disable your current installed Anti-Virus, how to do so can be read here.

  • Please go here then click on: EOLS1.gif
  • Select the option YES, I accept the Terms of Use then click on: EOLS2.gif
  • When prompted allow the Add-On/Active X to install.
  • Now click on Advanced Settings and select the following:

    • Remove found threats
    • Scan archives
    • Scan for potentially unwanted applications
      Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology

[*]Now click on: EOLS3.gif

[*]The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.

When completed theOnline Scan will begin automatically.

[*]Do not touch either the Mouse or keyboard during the scan otherwise it may stall.

[*]When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!

[*]Now click on: EOLS4.gif

[*]Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.

[*]Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

Link to post
Share on other sites

This is the only content in the said log file

ESETSmartInstaller@High as CAB hook log:

OnlineScanner64.ocx - registred OK

OnlineScanner.ocx - registred OK

esets_scanner_update returned -1 esets_gle=53251

However, I did exported the scan result as txt... Do I need to post that log too?

Link to post
Share on other sites

Here is the scan result from EET online scanner:

==============================================

C:\Program Files (x86)\Cheat Engine\Cheat Engine.exe a variant of Win32/HackTool.CheatEngine.AA application cleaned by deleting - quarantined

C:\Program Files (x86)\Cheat Engine\dbk32.dll a variant of Win32/HackTool.CheatEngine.AA application cleaned by deleting - quarantined

C:\Program Files (x86)\Cheat Engine\dbk32.sys a variant of Win32/HackTool.CheatEngine.AA application cleaned by deleting - quarantined

C:\Program Files (x86)\Cheat Engine\Systemcallretriever.exe a variant of Win32/HackTool.SystemCall.AA application cleaned by deleting - quarantined

C:\Program Files (x86)\Cheat Engine\systemcallsignal.exe a variant of Win32/HackTool.SystemCall.AA application cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\Users\Acer\AppData\Local\ppi.exe.vir a variant of MSIL/Injector.DK trojan cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\Users\Acer\AppData\Roaming\ppi.exe.vir a variant of MSIL/Injector.DK trojan cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\Users\Acer\AppData\Roaming\updates\updates.exe.vir Win32/TrojanProxy.Wintu.B trojan cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\Windows\svchost.exe.vir probably a variant of Win32/Agent.GLHHQXY trojan cleaned by deleting - quarantined

C:\Users\Acer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\78db2b39-6efc5a8a multiple threats deleted - quarantined

===============================================

Link to post
Share on other sites

Windows almost return to normal but I still can't schedule the chkdsk on bootup and I still receive the error message when updating the Malwarebyte's Anti-Malwares.... I might need to restore it back to factory default if there is no other solution... Not sure if there are any issue in the system apart from the missing shortcuts...

Link to post
Share on other sites

  • Download MBRCheck to your desktop
  • For Windows XP: Double click on MBRCheck.exe to run it.
  • For Windows Vista/7: Right click on MBRCheck.exe and select Run as Administrator
  • It will show a black screen with some data on it
  • Don't run any of the options!!!
  • When it's done, Press Enter to close the program
  • A file will called MBRCheck_ will appear on your desktop
  • Please copy into to your next reply

Link to post
Share on other sites

MBRCheck log

===============================================================

MBRCheck, version 1.2.3

© 2010, AD

Command-line:

Windows Version: Windows 7 Home Premium Edition

Windows Information: (build 7600), 64-bit

Base Board Manufacturer: Acer

BIOS Manufacturer: Phoenix Technologies LTD

System Manufacturer: Acer

System Product Name: Aspire 4741

Logical Drives Mask: 0x0000003c

Kernel Drivers (total 151):

0x0465E000 \SystemRoot\system32\ntoskrnl.exe

0x04615000 \SystemRoot\system32\hal.dll

0x00B9B000 \SystemRoot\system32\kdcom.dll

0x00CB7000 \SystemRoot\system32\mcupdate_GenuineIntel.dll

0x00CFB000 \SystemRoot\system32\PSHED.dll

0x00D0F000 \SystemRoot\system32\CLFS.SYS

0x00E29000 \SystemRoot\system32\CI.dll

0x00EE9000 \SystemRoot\system32\drivers\Wdf01000.sys

0x00F8D000 \SystemRoot\system32\drivers\WDFLDR.SYS

0x00F9C000 \SystemRoot\system32\DRIVERS\ACPI.sys

0x00FF3000 \SystemRoot\system32\DRIVERS\WMILIB.SYS

0x00E00000 \SystemRoot\system32\DRIVERS\msisadrv.sys

0x00D6D000 \SystemRoot\system32\DRIVERS\pci.sys

0x00E0A000 \SystemRoot\system32\DRIVERS\vdrvroot.sys

0x00DA0000 \SystemRoot\System32\drivers\partmgr.sys

0x00E17000 \SystemRoot\system32\DRIVERS\compbatt.sys

0x00DB5000 \SystemRoot\system32\DRIVERS\BATTC.SYS

0x00DC1000 \SystemRoot\system32\DRIVERS\volmgr.sys

0x00C00000 \SystemRoot\System32\drivers\volmgrx.sys

0x00C5C000 \SystemRoot\System32\drivers\mountmgr.sys

0x010A7000 \SystemRoot\system32\DRIVERS\iaStor.sys

0x012AF000 \SystemRoot\system32\DRIVERS\atapi.sys

0x012B8000 \SystemRoot\system32\DRIVERS\ataport.SYS

0x012E2000 \SystemRoot\system32\DRIVERS\amdxata.sys

0x012ED000 \SystemRoot\system32\drivers\fltmgr.sys

0x01339000 \SystemRoot\system32\drivers\fileinfo.sys

0x01429000 \SystemRoot\System32\Drivers\Ntfs.sys

0x0134D000 \SystemRoot\System32\Drivers\msrpc.sys

0x015CC000 \SystemRoot\System32\Drivers\ksecdd.sys

0x01000000 \SystemRoot\System32\Drivers\cng.sys

0x015E6000 \SystemRoot\System32\drivers\pcw.sys

0x01400000 \SystemRoot\System32\Drivers\Fs_Rec.sys

0x016DA000 \SystemRoot\system32\drivers\ndis.sys

0x01600000 \SystemRoot\system32\drivers\NETIO.SYS

0x01660000 \SystemRoot\System32\Drivers\ksecpkg.sys

0x01800000 \SystemRoot\System32\drivers\tcpip.sys

0x0168B000 \SystemRoot\System32\drivers\fwpkclnt.sys

0x013AB000 \SystemRoot\system32\DRIVERS\volsnap.sys

0x017CC000 \SystemRoot\System32\Drivers\spldr.sys

0x00C76000 \SystemRoot\System32\drivers\rdyboost.sys

0x017D4000 \SystemRoot\System32\Drivers\mup.sys

0x017E6000 \SystemRoot\System32\drivers\hwpolicy.sys

0x01AD5000 \SystemRoot\System32\DRIVERS\fvevol.sys

0x01B0F000 \SystemRoot\system32\DRIVERS\disk.sys

0x01B25000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS

0x0589F000 \SystemRoot\system32\DRIVERS\cdrom.sys

0x058C9000 \SystemRoot\System32\Drivers\Null.SYS

0x058D2000 \SystemRoot\System32\Drivers\Beep.SYS

0x058D9000 \SystemRoot\System32\drivers\vga.sys

0x058E7000 \SystemRoot\System32\drivers\VIDEOPRT.SYS

0x0590C000 \SystemRoot\System32\drivers\watchdog.sys

0x0591C000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

0x05925000 \SystemRoot\system32\drivers\rdpencdd.sys

0x0592E000 \SystemRoot\system32\drivers\rdprefmp.sys

0x05937000 \SystemRoot\System32\Drivers\Msfs.SYS

0x05942000 \SystemRoot\System32\Drivers\Npfs.SYS

0x05953000 \SystemRoot\system32\DRIVERS\tdx.sys

0x05971000 \SystemRoot\system32\DRIVERS\TDI.SYS

0x0597E000 \SystemRoot\System32\DRIVERS\netbt.sys

0x01B63000 \SystemRoot\system32\drivers\afd.sys

0x059C3000 \SystemRoot\system32\DRIVERS\wfplwf.sys

0x059CC000 \SystemRoot\system32\DRIVERS\pacer.sys

0x05600000 \SystemRoot\system32\DRIVERS\vwififlt.sys

0x05616000 \SystemRoot\system32\DRIVERS\netbios.sys

0x05625000 \SystemRoot\system32\DRIVERS\wanarp.sys

0x05640000 \SystemRoot\system32\DRIVERS\termdd.sys

0x01A00000 \SystemRoot\system32\DRIVERS\rdbss.sys

0x05654000 \SystemRoot\system32\drivers\nsiproxy.sys

0x05660000 \SystemRoot\system32\DRIVERS\mssmbios.sys

0x0566B000 \SystemRoot\System32\drivers\discache.sys

0x01A51000 \SystemRoot\System32\Drivers\dfsc.sys

0x01A6F000 \SystemRoot\system32\DRIVERS\blbdrive.sys

0x01A80000 \SystemRoot\system32\DRIVERS\tunnel.sys

0x0605D000 \SystemRoot\system32\DRIVERS\igdkmd64.sys

0x05A5B000 \SystemRoot\System32\drivers\dxgkrnl.sys

0x05B4F000 \SystemRoot\System32\drivers\dxgmms1.sys

0x05B95000 \SystemRoot\system32\DRIVERS\HECIx64.sys

0x05BA6000 \SystemRoot\system32\DRIVERS\usbehci.sys

0x05A00000 \SystemRoot\system32\DRIVERS\USBPORT.SYS

0x05BB7000 \SystemRoot\system32\DRIVERS\HDAudBus.sys

0x06000000 \SystemRoot\system32\DRIVERS\k57nd60a.sys

0x068EF000 \SystemRoot\system32\DRIVERS\athrx.sys

0x06B13000 \SystemRoot\system32\DRIVERS\vwifibus.sys

0x06B20000 \SystemRoot\system32\DRIVERS\CmBatt.sys

0x06B25000 \SystemRoot\system32\DRIVERS\i8042prt.sys

0x06B43000 \SystemRoot\system32\DRIVERS\kbdclass.sys

0x06B52000 \SystemRoot\system32\DRIVERS\Apfiltr.sys

0x06B9B000 \SystemRoot\system32\DRIVERS\mouclass.sys

0x06BAA000 \??\C:\Windows\system32\drivers\UBHelper.sys

0x06BB2000 \??\C:\Windows\system32\drivers\NTIDrvr.sys

0x06BBA000 \SystemRoot\system32\DRIVERS\Impcd.sys

0x06BE1000 \SystemRoot\system32\DRIVERS\intelppm.sys

0x06BF7000 \SystemRoot\system32\DRIVERS\wmiacpi.sys

0x06800000 \SystemRoot\system32\DRIVERS\CompositeBus.sys

0x06810000 \SystemRoot\system32\DRIVERS\lmimirr.sys

0x06817000 \SystemRoot\system32\DRIVERS\AgileVpn.sys

0x0682D000 \SystemRoot\system32\DRIVERS\rasl2tp.sys

0x06851000 \SystemRoot\system32\DRIVERS\ndistapi.sys

0x0685D000 \SystemRoot\system32\DRIVERS\ndiswan.sys

0x0688C000 \SystemRoot\system32\DRIVERS\raspppoe.sys

0x068A7000 \SystemRoot\system32\DRIVERS\raspptp.sys

0x068C8000 \SystemRoot\system32\DRIVERS\rassstp.sys

0x068E2000 \SystemRoot\system32\DRIVERS\Neo_0094.sys

0x068E8000 \SystemRoot\system32\DRIVERS\swenum.sys

0x06E34000 \SystemRoot\system32\DRIVERS\ks.sys

0x06E77000 \SystemRoot\system32\DRIVERS\umbus.sys

0x06E89000 \SystemRoot\system32\DRIVERS\usbhub.sys

0x06EE3000 \SystemRoot\System32\Drivers\NDProxy.SYS

0x0720E000 \SystemRoot\system32\drivers\RTKVHD64.sys

0x07435000 \SystemRoot\system32\drivers\portcls.sys

0x07472000 \SystemRoot\system32\drivers\drmk.sys

0x07494000 \SystemRoot\system32\drivers\ksthunk.sys

0x0749A000 \SystemRoot\system32\DRIVERS\IntcDAud.sys

0x074E1000 \SystemRoot\system32\DRIVERS\usbccgp.sys

0x074FE000 \SystemRoot\system32\DRIVERS\USBD.SYS

0x07500000 \SystemRoot\System32\Drivers\usbvideo.sys

0x000A0000 \SystemRoot\System32\win32k.sys

0x0752E000 \SystemRoot\System32\drivers\Dxapi.sys

0x0753A000 \SystemRoot\System32\Drivers\crashdmp.sys

0x0567A000 \SystemRoot\System32\Drivers\dump_iaStor.sys

0x07548000 \SystemRoot\System32\Drivers\dump_dumpfve.sys

0x0755B000 \SystemRoot\system32\DRIVERS\monitor.sys

0x005E0000 \SystemRoot\System32\TSDDD.dll

0x00790000 \SystemRoot\System32\cdd.dll

0x07569000 \SystemRoot\system32\drivers\luafv.sys

0x0758C000 \SystemRoot\system32\drivers\WudfPf.sys

0x075AD000 \SystemRoot\system32\DRIVERS\lltdio.sys

0x06EF8000 \SystemRoot\system32\DRIVERS\nwifi.sys

0x075C2000 \SystemRoot\system32\DRIVERS\ndisuio.sys

0x075D5000 \SystemRoot\system32\DRIVERS\rspndr.sys

0x075ED000 \SystemRoot\system32\DRIVERS\TurboB.sys

0x02802000 \SystemRoot\system32\drivers\HTTP.sys

0x028CA000 \SystemRoot\system32\DRIVERS\bowser.sys

0x028E8000 \SystemRoot\System32\drivers\mpsdrv.sys

0x02900000 \SystemRoot\system32\DRIVERS\mrxsmb.sys

0x0292D000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys

0x0297B000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys

0x0299E000 \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys

0x029A5000 \??\C:\Windows\system32\drivers\LMIRfsDriver.sys

0x06F4B000 \SystemRoot\system32\drivers\peauth.sys

0x029B8000 \SystemRoot\System32\Drivers\secdrv.SYS

0x029C3000 \SystemRoot\System32\DRIVERS\srvnet.sys

0x06E00000 \SystemRoot\System32\drivers\tcpipreg.sys

0x05CAE000 \SystemRoot\System32\DRIVERS\srv2.sys

0x05D15000 \SystemRoot\System32\DRIVERS\srv.sys

0x05DAB000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS

0x05DC6000 \SystemRoot\System32\Drivers\fastfat.SYS

0x05C00000 \SystemRoot\system32\DRIVERS\WUDFRd.sys

0x76FE0000 \Windows\System32\ntdll.dll

0x47D70000 \Windows\System32\smss.exe

0xFF300000 \Windows\System32\apisetschema.dll

Processes (total 83):

0 System Idle Process

4 System

304 C:\Windows\System32\smss.exe

464 csrss.exe

504 C:\Windows\System32\wininit.exe

524 csrss.exe

560 C:\Windows\System32\services.exe

584 C:\Windows\System32\lsass.exe

592 C:\Windows\System32\lsm.exe

700 C:\Windows\System32\svchost.exe

776 C:\Windows\System32\svchost.exe

840 C:\Windows\System32\svchost.exe

872 C:\Windows\System32\svchost.exe

900 C:\Windows\System32\svchost.exe

960 C:\Windows\System32\audiodg.exe

1020 C:\Windows\System32\svchost.exe

552 C:\Windows\System32\winlogon.exe

528 C:\Windows\System32\svchost.exe

1184 C:\Windows\System32\spoolsv.exe

1204 C:\Windows\System32\taskeng.exe

1260 C:\Windows\System32\svchost.exe

1288 C:\Windows\System32\rundll32.exe

1308 C:\Windows\SysWOW64\rundll32.exe

1316 C:\Windows\System32\Lpksetup.exe

1432 C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

1500 C:\Program Files (x86)\Launch Manager\dsiwmis.exe

1564 C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe

1608 C:\Program Files (x86)\Acer\Registration\GregHSRW.exe

1648 C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe

1680 C:\Program Files (x86)\LogMeIn\x64\ramaint.exe

1704 C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

1728 C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe

1804 C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe

1836 C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe

1868 C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe

1940 C:\Windows\SysWOW64\rpcnet.exe

1108 C:\Program Files\Acer\Acer Updater\UpdaterService.exe

1336 C:\Program Files\PacketiX VPN Client 64-bit Edition English\vpnclient_x64.exe

1828 C:\Windows\System32\taskhost.exe

2044 C:\Windows\System32\taskeng.exe

2060 C:\Windows\System32\dwm.exe

2140 C:\Windows\explorer.exe

2316 C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe

2528 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

2652 C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

2856 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

2912 C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe

2928 C:\Windows\System32\igfxtray.exe

2940 C:\Windows\System32\hkcmd.exe

2952 C:\Windows\System32\igfxpers.exe

2964 C:\Program Files\Apoint2K\Apoint.exe

2984 C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe

2996 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

3044 C:\Windows\System32\igfxsrvc.exe

2476 C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

2504 C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe

1788 C:\Program Files (x86)\Launch Manager\LManager.exe

3380 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

3420 C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe

3444 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

3736 C:\Windows\System32\SearchIndexer.exe

3348 C:\Windows\System32\SearchProtocolHost.exe

3360 C:\Windows\System32\SearchFilterHost.exe

3512 C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe

3928 C:\Program Files\Apoint2K\ApntEx.exe

3936 C:\Program Files\Apoint2K\Hidfind.exe

3236 C:\Windows\System32\conhost.exe

1144 C:\Windows\System32\svchost.exe

3528 C:\Program Files (x86)\Launch Manager\LMworker.exe

3556 C:\Windows\System32\igfxext.exe

3632 C:\Windows\System32\wbem\unsecapp.exe

3704 WmiPrvSE.exe

3916 C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe

3168 C:\Windows\System32\svchost.exe

4136 C:\Windows\System32\svchost.exe

4388 C:\Program Files\Windows Media Player\wmpnetwk.exe

244 WUDFHost.exe

4980 dllhost.exe

3864 C:\Windows\System32\wbem\WMIADAP.exe

1692 dllhost.exe

4796 dllhost.exe

4212 C:\Users\Acer\Desktop\MBRCheck.exe

4888 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`32d00000 (NTFS)

\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000026`db300000 (NTFS)

PhysicalDrive0 Model Number: HitachiHTS545032B9A300, Rev: PB3OC60F

Size Device Name MBR Status

--------------------------------------------

298 GB \\.\PhysicalDrive0 Windows 7 MBR code detected

SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79

Done!

==========================================================

Link to post
Share on other sites

http://forums.spybot.info/showthread.php?p=397303

We understand the frustration that comes from having an infected computer, how anxious it makes you feel and how you want the computer cleaned as quickly as possible.

However, posting to multiple forums is self defeating.

1) It increases the post load to each forum, decreasing the number of replies that can physically get answered as we only have so many helpers, who are all volunteers and do this in their spare time.

2) It decreases the ability of helpers to assist as many users as possible.

4) Following the advise of more than one helper can be detrimental to your computer, we each have different methods to attain the same outcome - mixing the two methods can have a negative effect.

5) If you are being helped at another forum, your thread at MalwareBytes will be closed.

6) If you insist on posting to more than one forum - be gracious enough to inform the other forums when you get a response from one, so you don't waste a helpers time.

7) There are very few helpers and many people seeking help, to waste the time of a helper is very inconsiderate.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.