Jump to content

Recommended Posts

Can someone analyze this log for me please.

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 9:55:44 PM, on 3/27/2011

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Unable to get Internet Explorer version!

Boot mode: Normal

Running processes:

C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe

C:\Windows\SysWOW64\Ctxfihlp.exe

C:\Program Files (x86)\KeyScrambler\KeyScrambler.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Windows\SysWOW64\CTXFISPI.EXE

C:\Program Files (x86)\Steam\Steam.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Program Files (x86)\VideoLAN\VLC\vlc.exe

C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=10148&l=dis

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll

F2 - REG:system.ini: UserInit=userinit.exe,

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\4.3.0.5\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\4.3.0.5\IPSBHO.DLL

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\4.3.0.5\coIEPlg.dll

O4 - HKLM\..\Run: [bCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE

O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"

O4 - HKLM\..\Run: [identityPatrol] C:\Program Files (x86)\IdentityPatrol\IdentityPatrol.exe

O4 - HKLM\..\Run: [KeyScrambler] C:\Program Files (x86)\KeyScrambler\keyscrambler.exe /a

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\RunOnce: [EasyTuneVI] C:\Program Files (x86)\GIGABYTE\ET6\ETCall.exe

O4 - HKCU\..\Run: [RGSC] C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent

O4 - HKCU\..\Run: [Google Update] "C:\Users\FAKK YOU\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll

O9 - Extra 'Tools' menuitem: &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O16 - DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} (Battlefield Play4Free Updater) - https://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.26.2.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPID.cab

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)

O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

O23 - Service: AMD FusionUtility Service - Advanced Micro Devices, Inc. - C:\Program Files (x86)\AMD\Fusion Utility for Desktop\FusionUtility2Service.exe

O23 - Service: AMD Reservation Manager - Advanced Micro Devices - C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe

O23 - Service: AODService - Unknown owner - C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe

O23 - Service: AppleChargerSrv - Unknown owner - C:\Windows\system32\AppleChargerSrv.exe (file missing)

O23 - Service: Browser Configuration Utility Service (BCUService) - DeviceVM, Inc. - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe

O23 - Service: Creative ALchemy AL6 Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe

O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe

O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Futuremark SystemInfo Service - Futuremark Corporation - C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: Norton Security Suite (N360) - Symantec Corporation - C:\Program Files (x86)\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 9735 bytes

Link to post
Share on other sites

heres the log after running the program in admin mode.

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 9:55:44 PM, on 3/27/2011

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Unable to get Internet Explorer version!

Boot mode: Normal

Running processes:

C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe

C:\Windows\SysWOW64\Ctxfihlp.exe

C:\Program Files (x86)\KeyScrambler\KeyScrambler.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Windows\SysWOW64\CTXFISPI.EXE

C:\Program Files (x86)\Steam\Steam.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Program Files (x86)\VideoLAN\VLC\vlc.exe

C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=10148&l=dis

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll

F2 - REG:system.ini: UserInit=userinit.exe,

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\4.3.0.5\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\4.3.0.5\IPSBHO.DLL

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\4.3.0.5\coIEPlg.dll

O4 - HKLM\..\Run: [bCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE

O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"

O4 - HKLM\..\Run: [identityPatrol] C:\Program Files (x86)\IdentityPatrol\IdentityPatrol.exe

O4 - HKLM\..\Run: [KeyScrambler] C:\Program Files (x86)\KeyScrambler\keyscrambler.exe /a

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\RunOnce: [EasyTuneVI] C:\Program Files (x86)\GIGABYTE\ET6\ETCall.exe

O4 - HKCU\..\Run: [RGSC] C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent

O4 - HKCU\..\Run: [Google Update] "C:\Users\FAKK YOU\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll

O9 - Extra 'Tools' menuitem: &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O16 - DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} (Battlefield Play4Free Updater) - https://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.26.2.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPID.cab

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)

O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

O23 - Service: AMD FusionUtility Service - Advanced Micro Devices, Inc. - C:\Program Files (x86)\AMD\Fusion Utility for Desktop\FusionUtility2Service.exe

O23 - Service: AMD Reservation Manager - Advanced Micro Devices - C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe

O23 - Service: AODService - Unknown owner - C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe

O23 - Service: AppleChargerSrv - Unknown owner - C:\Windows\system32\AppleChargerSrv.exe (file missing)

O23 - Service: Browser Configuration Utility Service (BCUService) - DeviceVM, Inc. - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe

O23 - Service: Creative ALchemy AL6 Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe

O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe

O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Futuremark SystemInfo Service - Futuremark Corporation - C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: Norton Security Suite (N360) - Symantec Corporation - C:\Program Files (x86)\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 9735 bytes

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

Are you experiencing any symptoms of infection??

Please update MBAM, run a Quick Scan, and post its log.

Next, download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post DDS.txt directly into your reply.

Link to post
Share on other sites

Heres the DDs logs.

.

DDS (Ver_11-03-05.01) - NTFS_AMD64

Run by FAKK YOU at 18:23:07.20 on Tue 03/29/2011

Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_24

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4092.2174 [GMT -7:00]

.

AV: Norton Security Suite *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton Security Suite *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}

FW: Norton Security Suite *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe

C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\AMD\Fusion Utility for Desktop\FusionUtility2Service.exe

C:\Windows\system32\Dwm.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe

C:\Windows\SysWOW64\Ctxfihlp.exe

C:\Program Files (x86)\KeyScrambler\KeyScrambler.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\KeyScrambler\x64\KeyScrambler.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe

C:\Windows\SysWOW64\CTXFISPI.EXE

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Program Files\WinRAR\WinRAR.exe

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Steam\Steam.exe

C:\Program Files (x86)\Common Files\Steam\SteamService.exe

C:\Program Files (x86)\VideoLAN\VLC\vlc.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Users\FAKK YOU\Downloads\dds.scr

C:\Windows\system32\conhost.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.ask.com?o=10148&l=dis

uURLSearchHooks: SearchHook Class: {bc86e1ab-eda5-4059-938f-ce307b0c6f0a} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Security Suite\Engine\4.3.0.5\coIEPlg.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Security Suite\Engine\4.3.0.5\IPSBHO.DLL

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Security Suite\Engine\4.3.0.5\coIEPlg.dll

uRun: [RGSC] C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent

uRun: [Google Update] "C:\Users\FAKK YOU\AppData\Local\Google\Update\GoogleUpdate.exe" /c

mRun: [bCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [CTxfiHlp] CTXFIHLP.EXE

mRun: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"

mRun: [identityPatrol] C:\Program Files (x86)\IdentityPatrol\IdentityPatrol.exe

mRun: [KeyScrambler] C:\Program Files (x86)\KeyScrambler\keyscrambler.exe /a

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRunOnce: [EasyTuneVI] C:\Program Files (x86)\GIGABYTE\ET6\ETCall.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - {B745F984-EF2E-40D6-A9AC-D8CED7230E61} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} - hxxps://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.26.2.cab

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab

DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPID.cab

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

mRun-x64: [intelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\FAKKYO~1\AppData\Roaming\Mozilla\Firefox\Profiles\4as123rd.default\

FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\components\coFFPlgn.dll

FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\components\IPSFFPl.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Users\FAKK YOU\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: C:\Users\FAKK YOU\AppData\Roaming\Mozilla\Firefox\Profiles\4as123rd.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll

FF - plugin: C:\Users\FAKK YOU\AppData\Roaming\Mozilla\Firefox\Profiles\4as123rd.default\extensions\battlefieldplay4free@ea.com\platform\WINNT_x86-msvc\plugins\npBP4FUpdater.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

FF - Ext: Battlefield Heroes Updater: battlefieldheroespatcher@ea.com - %profile%\extensions\battlefieldheroespatcher@ea.com

FF - Ext: Battlefield Play4Free: battlefieldplay4free@ea.com - %profile%\extensions\battlefieldplay4free@ea.com

FF - Ext: Norton IPS: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn

FF - Ext: Norton Toolbar: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62} - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn

.

============= SERVICES / DRIVERS ===============

.

R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\0403000.005\symds64.sys [2011-2-21 433200]

R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\0403000.005\symefa64.sys [2011-2-21 221232]

R1 AppleCharger;AppleCharger;C:\Windows\System32\drivers\AppleCharger.sys [2010-12-29 21544]

R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20110309.001\BHDrvx64.sys [2011-3-10 1124472]

R1 ccHP;Symantec Hash Provider;C:\Windows\System32\drivers\N360x64\0403000.005\cchpx64.sys [2011-2-21 615040]

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2011-1-5 254528]

R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20110325.002\IDSviA64.sys [2011-3-14 476792]

R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\0403000.005\ironx64.sys [2011-2-21 150064]

R1 SYMTDIv;Symantec Vista Network Dispatch Driver;C:\Windows\System32\drivers\N360x64\0403000.005\symtdiv.sys [2011-2-21 451120]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-1-26 203776]

R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-1-26 354304]

R2 AMD FusionUtility Service;AMD FusionUtility Service;C:\Program Files (x86)\AMD\Fusion Utility for Desktop\FusionUtility2Service.exe [2010-4-14 275832]

R2 AMD Reservation Manager;AMD Reservation Manager;C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-6-17 194496]

R2 BCUService;Browser Configuration Utility Service;C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-15 223464]

R2 cpuz135;cpuz135;C:\Windows\System32\drivers\cpuz135_x64.sys [2011-1-24 21992]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-2-8 363344]

R2 N360;Norton Security Suite;C:\Program Files (x86)\Norton Security Suite\Engine\4.3.0.5\ccsvchst.exe [2011-2-21 126392]

R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2010-12-29 46136]

R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atikmdag.sys [2011-1-26 9085952]

R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2011-1-26 299520]

R3 CT20XUT.SYS;CT20XUT.SYS;C:\Windows\System32\drivers\CT20XUT.sys [2010-5-5 202840]

R3 CTEXFIFX.SYS;CTEXFIFX.SYS;C:\Windows\System32\drivers\CTEXFIFX.sys [2010-5-5 1417304]

R3 CTHWIUT.SYS;CTHWIUT.SYS;C:\Windows\System32\drivers\CTHWIUT.sys [2010-5-5 94808]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-3-19 132656]

R3 etdrv;etdrv;C:\Windows\etdrv.sys [2010-12-30 25640]

R3 KeyScrambler;KeyScrambler;C:\Windows\System32\drivers\keyscrambler.sys [2011-2-8 130696]

R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2011-2-8 24152]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-12-29 347680]

S2 AODService;AODService;C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe [2010-7-1 136616]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]

S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2010-11-17 115216]

S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-12-29 79360]

S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-12-29 79360]

S3 CT20XUT;CT20XUT;C:\Windows\System32\drivers\CT20XUT.sys [2010-5-5 202840]

S3 CTEXFIFX;CTEXFIFX;C:\Windows\System32\drivers\CTEXFIFX.sys [2010-5-5 1417304]

S3 CTHWIUT;CTHWIUT;C:\Windows\System32\drivers\CTHWIUT.sys [2010-5-5 94808]

S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [2011-1-11 128928]

S3 GVTDrv64;GVTDrv64;C:\Windows\GVTDrv64.sys [2010-12-29 30528]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2011-3-20 20992]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-3-20 59392]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-12-29 1255736]

.

=============== Created Last 30 ================

.

2011-03-29 20:11:44 -------- d-----w- C:\PROGRA~3\EA Core

2011-03-29 19:43:23 -------- d-----w- C:\crysis 2

2011-03-29 19:43:15 -------- d-----w- C:\New Folder (2)

2011-03-25 01:42:30 388096 ----a-r- C:\Users\FAKKYO~1\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-03-25 01:42:30 -------- d-----w- C:\Program Files (x86)\Trend Micro

2011-03-24 04:01:37 -------- d-----w- C:\Users\FAKKYO~1\AppData\Roaming\Need for Speed World

2011-03-21 02:07:10 -------- d-----w- C:\Windows\System32\SPReview

2011-03-21 02:03:59 853504 ----a-w- C:\Windows\System32\IKEEXT.DLL

2011-03-21 02:02:59 78848 ----a-w- C:\Windows\System32\hbaapi.dll

2011-03-21 02:01:47 323072 ----a-w- C:\Windows\SysWow64\drvstore.dll

2011-03-21 02:01:47 257024 ----a-w- C:\Windows\SysWow64\dpx.dll

2011-03-21 02:01:38 606208 ----a-w- C:\Windows\SysWow64\wbem\fastprox.dll

2011-03-21 02:01:38 363008 ----a-w- C:\Windows\SysWow64\wbemcomn.dll

2011-03-21 01:59:01 529408 ----a-w- C:\Windows\System32\wbemcomn.dll

2011-03-21 01:59:01 524288 ----a-w- C:\Windows\System32\wmicmiplugin.dll

2011-03-21 01:59:01 1225216 ----a-w- C:\Windows\System32\wbem\wbemcore.dll

2011-03-21 01:58:51 933376 ----a-w- C:\Windows\System32\SmiEngine.dll

2011-03-21 01:58:44 199168 ----a-w- C:\Windows\System32\PkgMgr.exe

2011-03-21 01:58:14 422912 ----a-w- C:\Windows\System32\drvstore.dll

2011-03-21 01:58:14 399872 ----a-w- C:\Windows\System32\dpx.dll

2011-03-21 01:33:50 -------- d-----w- C:\Program Files\Microsoft IntelliPoint

2011-03-21 01:33:41 -------- d-----w- C:\Windows\PCHEALTH

2011-03-21 01:30:43 -------- d-----w- C:\Windows\System32\EventProviders

2011-03-21 01:19:34 321024 ----a-w- C:\Windows\System32\d3d10_1core.dll

2011-03-21 01:19:34 219136 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll

2011-03-21 01:19:34 197120 ----a-w- C:\Windows\System32\d3d10_1.dll

2011-03-21 01:19:34 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll

2011-03-18 06:19:30 -------- d-----w- C:\PROGRA~3\Electronic Arts

2011-03-03 19:18:20 -------- d-----w- C:\Users\FAKKYO~1\AppData\Local\Chromium

2011-03-03 04:49:13 -------- d-----w- C:\PROGRA~3\Media Center Programs

2011-03-03 04:35:35 -------- d-sh--w- C:\Windows\ftpcache

2011-03-03 02:39:18 -------- d-----w- C:\Users\FAKKYO~1\AppData\Roaming\GetRightToGo

.

==================== Find3M ====================

.

2011-03-29 03:20:56 25640 ----a-w- C:\Windows\etdrv.sys

2011-03-28 21:42:09 266400 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr

2011-03-28 21:42:09 266400 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe

2011-03-28 21:39:50 215128 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0

2011-03-27 21:56:37 30528 ----a-w- C:\Windows\GVTDrv64.sys

2011-03-27 21:56:12 25640 ----a-w- C:\Windows\gdrv.sys

2011-03-21 02:12:52 175616 ----a-w- C:\Windows\System32\msclmd.dll

2011-03-21 02:12:52 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll

2011-02-22 07:58:54 86016 ----a-w- C:\Windows\SysWow64\frapsvid.dll

2011-02-22 07:58:48 84992 ----a-w- C:\Windows\System32\frapsv64.dll

2011-02-19 12:05:15 1139200 ----a-w- C:\Windows\System32\FntCache.dll

2011-02-19 12:04:37 1544192 ----a-w- C:\Windows\System32\DWrite.dll

2011-02-19 12:04:17 902656 ----a-w- C:\Windows\System32\d2d1.dll

2011-02-19 06:36:18 173104 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS

2011-02-19 06:30:51 1076736 ----a-w- C:\Windows\SysWow64\DWrite.dll

2011-02-19 06:30:50 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll

2011-02-03 05:40:23 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2011-02-03 01:11:20 270720 ------w- C:\Windows\System32\MpSigStub.exe

2011-01-26 23:37:20 9085952 ----a-w- C:\Windows\System32\drivers\atikmdag.sys

2011-01-26 23:22:18 22295040 ----a-w- C:\Windows\System32\atio6axx.dll

2011-01-26 23:00:44 143360 ----a-w- C:\Windows\System32\atiapfxx.exe

2011-01-26 23:00:30 596480 ----a-w- C:\Windows\SysWow64\aticfx32.dll

2011-01-26 22:59:46 17204736 ----a-w- C:\Windows\SysWow64\atioglxx.dll

2011-01-26 22:59:10 708608 ----a-w- C:\Windows\System32\aticfx64.dll

2011-01-26 22:56:30 462848 ----a-w- C:\Windows\System32\ATIDEMGX.dll

2011-01-26 22:56:14 479232 ----a-w- C:\Windows\System32\atieclxx.exe

2011-01-26 22:55:36 203776 ----a-w- C:\Windows\System32\atiesrxx.exe

2011-01-26 22:54:20 120320 ----a-w- C:\Windows\System32\atitmm64.dll

2011-01-26 22:54:00 423424 ----a-w- C:\Windows\System32\atipdl64.dll

2011-01-26 22:53:54 356352 ----a-w- C:\Windows\SysWow64\atipdlxx.dll

2011-01-26 22:53:42 278528 ----a-w- C:\Windows\SysWow64\Oemdspif.dll

2011-01-26 22:53:36 16384 ----a-w- C:\Windows\System32\atimuixx.dll

2011-01-26 22:53:32 59392 ----a-w- C:\Windows\System32\atiedu64.dll

2011-01-26 22:53:26 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll

2011-01-26 22:49:44 4105728 ----a-w- C:\Windows\SysWow64\atidxx32.dll

2011-01-26 22:40:02 4847616 ----a-w- C:\Windows\System32\atidxx64.dll

2011-01-26 22:32:46 1208320 ----a-w- C:\Windows\System32\atiumd6v.dll

2011-01-26 22:32:12 1912832 ----a-w- C:\Windows\SysWow64\atiumdmv.dll

2011-01-26 22:32:00 3222016 ----a-w- C:\Windows\System32\atiumd6a.dll

2011-01-26 22:28:52 4170752 ----a-w- C:\Windows\SysWow64\atiumdag.dll

2011-01-26 22:27:52 51200 ----a-w- C:\Windows\System32\aticalrt64.dll

2011-01-26 22:27:50 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll

2011-01-26 22:27:42 44544 ----a-w- C:\Windows\System32\aticalcl64.dll

2011-01-26 22:27:40 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll

2011-01-26 22:27:30 6982144 ----a-w- C:\Windows\System32\aticaldd64.dll

2011-01-26 22:25:50 5580800 ----a-w- C:\Windows\SysWow64\aticaldd.dll

2011-01-26 22:24:18 3463680 ----a-w- C:\Windows\SysWow64\atiumdva.dll

2011-01-26 22:21:58 5316096 ----a-w- C:\Windows\System32\atiumd64.dll

2011-01-26 22:20:46 58880 ----a-w- C:\Windows\System32\coinst.dll

2011-01-26 22:14:14 354304 ----a-w- C:\Windows\System32\atiadlxx.dll

2011-01-26 22:14:08 249856 ----a-w- C:\Windows\SysWow64\atiadlxy.dll

2011-01-26 22:13:56 14848 ----a-w- C:\Windows\System32\atig6pxx.dll

2011-01-26 22:13:52 12800 ----a-w- C:\Windows\SysWow64\atiglpxx.dll

2011-01-26 22:13:52 12800 ----a-w- C:\Windows\System32\atiglpxx.dll

2011-01-26 22:13:50 39936 ----a-w- C:\Windows\System32\atig6txx.dll

2011-01-26 22:13:42 32768 ----a-w- C:\Windows\SysWow64\atigktxx.dll

2011-01-26 22:13:32 299520 ----a-w- C:\Windows\System32\drivers\atikmpag.sys

2011-01-26 22:12:46 39936 ----a-w- C:\Windows\System32\atiuxp64.dll

2011-01-26 22:12:40 30720 ----a-w- C:\Windows\SysWow64\atiuxpag.dll

2011-01-26 22:12:32 38400 ----a-w- C:\Windows\System32\atiu9p64.dll

2011-01-26 22:12:24 28672 ----a-w- C:\Windows\SysWow64\atiu9pag.dll

2011-01-26 22:11:46 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll

2011-01-26 22:08:46 53760 ----a-w- C:\Windows\System32\atimpc64.dll

2011-01-26 22:08:46 53760 ----a-w- C:\Windows\System32\amdpcom64.dll

2011-01-26 22:08:40 52736 ----a-w- C:\Windows\SysWow64\atimpc32.dll

2011-01-26 22:08:40 52736 ----a-w- C:\Windows\SysWow64\amdpcom32.dll

2011-01-19 04:52:09 669184 ----a-w- C:\Windows\SysWow64\pbsvc.exe

2011-01-09 02:46:30 2434856 ----a-w- C:\Windows\SysWow64\pbsvc_bc2.exe

2011-01-07 12:17:52 475648 ----a-w- C:\Windows\System32\XpsGdiConverter.dll

2011-01-07 12:17:52 1465344 ----a-w- C:\Windows\System32\XpsPrint.dll

2011-01-07 12:14:11 46080 ----a-w- C:\Windows\System32\atmlib.dll

2011-01-07 09:51:01 1638912 ----a-w- C:\Windows\System32\mshtml.tlb

2011-01-07 09:20:44 366592 ----a-w- C:\Windows\System32\atmfd.dll

2011-01-07 07:46:34 870912 ----a-w- C:\Windows\SysWow64\XpsPrint.dll

2011-01-07 07:46:34 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll

2011-01-07 07:45:57 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll

2011-01-07 06:01:22 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2011-01-07 05:43:36 294400 ----a-w- C:\Windows\SysWow64\atmfd.dll

2011-01-06 03:18:46 254528 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys

2011-01-05 10:34:00 612864 ----a-w- C:\Windows\System32\vbscript.dll

2011-01-05 08:17:13 178800 ----a-w- C:\Windows\SysWow64\CmdLineExt_x64.dll

2011-01-05 06:56:24 3129344 ----a-w- C:\Windows\System32\win32k.sys

2011-01-05 05:55:55 428032 ----a-w- C:\Windows\SysWow64\vbscript.dll

2011-01-04 22:15:16 466520 ----a-w- C:\Windows\System32\wrap_oal.dll

2011-01-04 22:15:14 123480 ----a-w- C:\Windows\System32\OpenAL32.dll

2011-01-04 22:15:12 445016 ----a-w- C:\Windows\SysWow64\wrap_oal.dll

2011-01-04 22:15:12 109144 ----a-w- C:\Windows\SysWow64\OpenAL32.dll

2010-12-30 19:59:18 2690280 ----a-w- C:\Windows\System32\drivers\RTKVHD64.sys

2010-12-30 01:42:37 0 ----a-w- C:\Windows\ativpsrm.bin

.

============= FINISH: 18:24:22.21 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_11-03-05.01)

.

Microsoft Windows 7 Ultimate

Boot Device: \Device\HarddiskVolume1

Install Date: 1/1/2010 1:08:47 AM

System Uptime: 3/27/2011 2:55:17 PM (52 hours ago)

.

Motherboard: Gigabyte Technology Co., Ltd. | | GA-MA785GM-US2H

Processor: AMD Phenom II X4 B60 Processor | Socket M2 | 3600/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 298 GiB total, 38.094 GiB free.

D: is CDROM ()

E: is CDROM ()

F: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP46: 3/29/2011 1:13:02 PM - Installed ProductName from default.wxl

.

==== Installed Programs ======================

.

@BIOS

Link to post
Share on other sites

  • Staff

Hi,

Are you experiencing any symptoms of infection??

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Link to post
Share on other sites

  • 4 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.