Serascel Posted November 16, 2011 ID:495170 Share Posted November 16, 2011 Hello, first time posting, so im sorry in advanced for any mistakes/errors.Got infected yesterday or the day before, and malware bytes anti malware PRO isnt detecting anything, but i keep getting random adobe flash installations and random attemps of csrss and svchost.exe to access internet etc..Posting exactly what the "I'm infected - What do I do now?" sticky sayd.If I need to paste hijack this or malware Pro let me know.Thanks.DDS.txtAttach.txt Link to post Share on other sites More sharing options...
Maniac Posted November 16, 2011 ID:495224 Share Posted November 16, 2011 Hello Serascel! My name is Maniac and I will be glad to help you solve your malware problem.Please note:I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.Make sure you read all of the instructions and fixes thoroughly before continuing with them.Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.Post your log files, don't attach them. Every log file should be copy/paste in your next reply.Please post them in your next reply. Link to post Share on other sites More sharing options...
Serascel Posted November 16, 2011 Author ID:495227 Share Posted November 16, 2011 Thanks for the Reply, Will do..DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26Run by Javier at 11:26:10 on 2011-11-16Microsoft Windows 7 Ultimate 6.1.7601.1.1252.34.1033.18.8169.3788 [GMT 1:00].SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.============== Running Processes ===============.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\nvvsvc.exeC:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exeC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k NetworkServiceC:\Program Files\NVIDIA Corporation\Display\nvxdsync.exeC:\Windows\system32\nvvsvc.exeC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exeC:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exeC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exeC:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exeC:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exeC:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exeC:\Program Files (x86)\Bonjour\mDNSResponder.exeC:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exeC:\Windows\SysWOW64\svchost.exe -k hpdevmgmtC:\Windows\system32\IProsetMonitor.exeE:\LogMeIn\x64\LMIGuardianSvc.exeC:\Windows\System32\svchost.exe -k HPZ12C:\Windows\System32\svchost.exe -k HPZ12C:\Windows\SysWOW64\PnkBstrA.exeE:\Tunngle\TnglCtrl.exeC:\Windows\SysWOW64\UAService7.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exeE:\Malwarebytes' Anti-Malware\mbamservice.exeC:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exeC:\Windows\System32\svchost.exe -k secsvcsC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Windows\system32\taskhost.exeC:\Windows\system32\taskeng.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exeC:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exeC:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeC:\Program Files\Realtek\Audio\HDA\RAVBg64.exeC:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exeE:\HP\Digital Imaging\bin\hpqtra08.exeE:\HP\HP Software Update\hpwuSchd2.exeE:\Malwarebytes' Anti-Malware\mbamgui.exeC:\Program Files (x86)\iTunes\iTunesHelper.exeC:\Program Files\NVIDIA Corporation\Display\nvtray.exeE:\Razer\Naga\RazerNagaSysTray.exeC:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\iPhone Simulator\pnSvc.exeC:\Program Files (x86)\Windows Live\Contacts\wlcomm.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exeE:\HP\Digital Imaging\bin\hpqSTE08.exeE:\HP\Digital Imaging\bin\hpqbam08.exeE:\HP\Digital Imaging\bin\hpqgpc01.exeC:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exeC:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exeC:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exeC:\Program Files (x86)\Java\jre6\bin\javaw.exeE:\Open Office\program\swriter.exeE:\Open Office\program\soffice.exeE:\Open Office\program\soffice.binE:\DAEMON Tools Lite\DTLite.exeC:\Windows\explorer.exeC:\Windows\system32\notepad.exeC:\Windows\system32\svchost.exe -k imgsvcE:\Malwarebytes' Anti-Malware\mbam.exeE:\Program Files (x86)\Mozilla Firefox\firefox.exeE:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Windows\system32\msiexec.exeC:\Windows\System32\svchost.exe -k swprvE:\HijackThis\Trend Micro\HiJackThis\HiJackThis.exe"C:\Windows\system32\svchost.exe"C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\conhost.exeC:\Windows\SysWOW64\cscript.exeC:\Windows\system32\wbem\wmiprvse.exe.============== Pseudo HJT Report ===============.uInternet Settings,ProxyServer = http=210.107.100.251:8080;https=210.107.100.251:8080;ftp=210.107.100.251:8080uURLSearchHooks: SearchHook Class: {bc86e1ab-eda5-4059-938f-ce307b0c6f0a} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dllmWinlogon: Userinit=userinit.exe,BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - E:\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dllBHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllBHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dllBHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No FileBHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dllBHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - E:\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dlluRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /backgrounduRun: [Google Update] "C:\Users\Javier\AppData\Local\Google\Update\GoogleUpdate.exe" /cuRun: [DAEMON Tools Lite] "E:\DAEMON Tools Lite\DTLite.exe" -autorunmRun: [bCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"mRun: [HP Software Update] E:\HP\HP Software Update\HPWuSchd2.exemRun: [Adobe Reader Speed Launcher] "E:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun: [Malwarebytes' Anti-Malware] "E:\Malwarebytes' Anti-Malware\mbamgui.exe" /starttraymRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottimemRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"mRun: [Razer Naga Driver] E:\Razer\Naga\RazerNagaSysTray.exeStartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - E:\HP\Digital Imaging\bin\hpqtra08.exemPolicies-explorer: NoActiveDesktop = 1 (0x1)mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)mPolicies-system: EnableLUA = 0 (0x0)mPolicies-system: EnableUIADesktopToggle = 0 (0x0)mPolicies-system: PromptOnSecureDesktop = 0 (0x0)mPolicies-system: EnableLinkedConnections = 1 (0x1)IE: Free YouTube to MP3 Converter - C:\Users\Javier\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htmIE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - E:\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dllLSP: mswsock.dllDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cabTCP: DhcpNameServer = 87.216.1.65 87.216.1.66TCP: Interfaces\{0EF470FC-2CA4-4648-8DEA-426EB57A57B4} : DhcpNameServer = 87.216.1.65 87.216.1.66TCP: Interfaces\{593690F9-0E56-4C39-BAEA-38D547F2DC69} : DhcpNameServer = 7.254.254.254TCP: Interfaces\{7748365C-5BD9-45C3-9CD2-56B9B7A2EABC} : DhcpNameServer = 95.141.192.4SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - E:\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dllBHO-X64: HP Print Enhancer - No FileBHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllBHO-X64: AcroIEHelperStub - No FileBHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dllBHO-X64: Increase performance and video formats for your HTML5 <video> - No FileBHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No FileBHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dllBHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - E:\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dllBHO-X64: HP Smart BHO Class - No FilemRun-x64: [bCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"mRun-x64: [HP Software Update] E:\HP\HP Software Update\HPWuSchd2.exemRun-x64: [Adobe Reader Speed Launcher] "E:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun-x64: [Malwarebytes' Anti-Malware] "E:\Malwarebytes' Anti-Malware\mbamgui.exe" /starttraymRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottimemRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"mRun-x64: [Razer Naga Driver] E:\Razer\Naga\RazerNagaSysTray.exe.================= FIREFOX ===================.FF - ProfilePath - C:\Users\Javier\AppData\Roaming\Mozilla\Firefox\Profiles\f50z0qws.default\FF - prefs.js: network.proxy.type - 0FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dllFF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dllFF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dllFF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dllFF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dllFF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dllFF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dllFF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dllFF - plugin: C:\Users\Javier\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dllFF - plugin: C:\Users\Javier\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dllFF - plugin: C:\Users\Javier\AppData\Roaming\Mozilla\Firefox\Profiles\f50z0qws.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dllFF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dllFF - plugin: E:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dllFF - plugin: E:\Program Files (x86)\Adobe\Reader 9.0\Reader\browser\nppdf32.dllFF - plugin: E:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll.============= SERVICES / DRIVERS ===============.R0 AiCharger;ASUS Charger Driver;C:\Windows\system32\DRIVERS\AiCharger.sys --> C:\Windows\system32\DRIVERS\AiCharger.sys [?]R0 mv91xx;mv91xx;C:\Windows\system32\DRIVERS\mv91xx.sys --> C:\Windows\system32\DRIVERS\mv91xx.sys [?]R0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);C:\Windows\system32\DRIVERS\tdrpm273.sys --> C:\Windows\system32\DRIVERS\tdrpm273.sys [?]R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]R2 afcdpsrv;Acronis Nonstop Backup Service;C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2011-7-7 3246040]R2 asComSvc;ASUS Com Service;C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe [2010-11-3 918144]R2 asHmComSvc;ASUS HM Com Service;C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe [2010-12-2 915584]R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2011-7-6 586880]R2 BCUService;Browser Configuration Utility Service;C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-26 223464]R2 DTSAudioService;DTSAudioService;C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe [2011-11-13 210024]R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-7-6 13336]R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\system32\IProsetMonitor.exe --> C:\Windows\system32\IProsetMonitor.exe [?]R2 LMIGuardianSvc;LMIGuardianSvc;E:\LogMeIn\x64\LMIGuardianSvc.exe [2011-9-26 375176]R2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\C:\Windows\system32\drivers\LMIRfsDriver.sys --> C:\Windows\system32\drivers\LMIRfsDriver.sys [?]R2 MBAMService;MBAMService;E:\Malwarebytes' Anti-Malware\mbamservice.exe [2011-9-14 366152]R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-7-6 2255464]R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-14 381248]R2 TunngleService;TunngleService;E:\Tunngle\TnglCtrl.exe [2011-8-15 741224]R3 afcdp;afcdp;C:\Windows\system32\DRIVERS\afcdp.sys --> C:\Windows\system32\DRIVERS\afcdp.sys [?]R3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;C:\Windows\system32\DRIVERS\e1c62x64.sys --> C:\Windows\system32\DRIVERS\e1c62x64.sys [?]R3 ICCWDT;Intel® Watchdog Timer Driver (Intel® WDT);C:\Windows\system32\DRIVERS\ICCWDT.sys --> C:\Windows\system32\DRIVERS\ICCWDT.sys [?]R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]R3 RzSynapse;Razer Driver;C:\Windows\system32\DRIVERS\RzSynapse.sys --> C:\Windows\system32\DRIVERS\RzSynapse.sys [?]R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);C:\Windows\system32\DRIVERS\tap0901t.sys --> C:\Windows\system32\DRIVERS\tap0901t.sys [?]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S2 LMIInfo;LogMeIn Kernel Information Provider;E:\LogMeIn\x64\rainfo.sys [2011-9-16 15928]S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]S3 Synth3dVsc;Synth3dVsc;C:\Windows\system32\drivers\synth3dvsc.sys --> C:\Windows\system32\drivers\synth3dvsc.sys [?]S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\system32\drivers\terminpt.sys --> C:\Windows\system32\drivers\terminpt.sys [?]S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]S3 tsusbhub;tsusbhub;C:\Windows\system32\drivers\tsusbhub.sys --> C:\Windows\system32\drivers\tsusbhub.sys [?]S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?].=============== Created Last 30 ================.2011-11-16 10:20:38 388096 ----a-r- C:\Users\Javier\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe2011-11-16 05:44:47 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys2011-11-15 22:54:10 -------- d-sh--w- C:\Windows\System32\%APPDATA%2011-11-15 22:48:44 -------- d-sh--w- C:\Users\Javier\AppData\Local\7d1143f42011-11-15 06:35:09 8570192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8D31AE10-2CF0-4D2C-A017-A8DA482FCD53}\mpengine.dll2011-11-15 06:35:09 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8D31AE10-2CF0-4D2C-A017-A8DA482FCD53}\offreg.dll2011-11-13 10:43:19 -------- d-----w- C:\Windows\SysWow64\RTCOM2011-11-11 15:53:25 78680 ----a-w- C:\Windows\System32\XAPOFX1_4.dll2011-11-10 20:53:57 -------- d-----w- C:\Program Files (x86)\Origin Games2011-11-09 12:33:29 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll2011-11-09 12:33:29 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll2011-11-09 12:33:29 1923952 ----a-w- C:\Windows\System32\drivers\tcpip.sys2011-11-09 12:33:26 3144704 ----a-w- C:\Windows\System32\win32k.sys2011-10-31 19:35:02 409 ----a-w- C:\Users\Javier\Tunngle_restart.bat2011-10-26 14:51:46 -------- d-----w- C:\Program Files (x86)\Battlelog Web Plugins2011-10-26 09:19:27 -------- d-----r- C:\Users\Javier\Dropbox2011-10-26 09:18:26 -------- d-----w- C:\Users\Javier\AppData\Roaming\Dropbox2011-10-25 19:59:31 -------- d-----w- C:\Users\Javier\AppData\Roaming\Origin2011-10-25 19:59:30 -------- d-----w- C:\Users\Javier\AppData\Local\Origin2011-10-25 19:59:25 -------- d-----w- C:\ProgramData\Origin2011-10-25 13:55:53 21504 ----a-w- C:\Windows\jestertb.dll2011-10-21 15:43:10 -------- d-----w- C:\Users\Javier\AppData\Local\LogMeIn2011-10-21 15:43:09 87456 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll2011-10-21 15:43:09 72216 ----a-w- C:\Windows\System32\drivers\LMIRfsDriver.sys2011-10-21 15:43:09 59776 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\LMIproc.dll2011-10-21 15:43:09 34688 ----a-w- C:\Windows\System32\LMIport.dll2011-10-21 15:43:08 80768 ----a-w- C:\Windows\System32\LMIinit.dll2011-10-21 15:43:07 -------- d-----w- C:\ProgramData\LogMeIn2011-10-19 19:35:52 270912 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys2011-10-19 19:35:26 -------- d-----w- C:\Users\Javier\AppData\Roaming\DAEMON Tools Lite2011-10-19 19:35:21 -------- d-----w- C:\ProgramData\DAEMON Tools Lite2011-10-18 21:10:15 136568 ----a-r- C:\Users\Javier\AppData\Roaming\Microsoft\Installer\{ED4108A9-60FD-4F18-AF42-122219977773}\NewShortcut3_AF179E0CC236405CA1EFA46CF947F194.exe2011-10-18 21:10:15 136568 ----a-r- C:\Users\Javier\AppData\Roaming\Microsoft\Installer\{ED4108A9-60FD-4F18-AF42-122219977773}\NewShortcut2_D6607052B9DB47B4AF253647598126AE.exe2011-10-18 21:10:15 136568 ----a-r- C:\Users\Javier\AppData\Roaming\Microsoft\Installer\{ED4108A9-60FD-4F18-AF42-122219977773}\NewShortcut1_49B41568AE25455B9AB2C3635A6F635C.exe2011-10-18 21:10:15 136568 ----a-r- C:\Users\Javier\AppData\Roaming\Microsoft\Installer\{ED4108A9-60FD-4F18-AF42-122219977773}\ARPPRODUCTICON.exe2011-10-18 21:09:18 300408 ----a-r- C:\Users\Javier\AppData\Roaming\Microsoft\Installer\{5A336D74-E680-4986-96F4-E9CEBC784F56}\ARPPRODUCTICON.exe2011-10-18 21:09:18 136568 ----a-r- C:\Users\Javier\AppData\Roaming\Microsoft\Installer\{5A336D74-E680-4986-96F4-E9CEBC784F56}\ShortcutUpdater_DF0BD54B5FA14948AAC4D5BDB1FBFCF2.exe2011-10-17 12:53:00 1698408 ----a-w- C:\Windows\RtlExUpd.dll.==================== Find3M ====================.2011-11-15 14:47:06 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr2011-11-15 14:47:06 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe2011-11-13 19:18:49 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex02011-10-27 02:28:27 75136 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe2011-10-18 18:53:14 2957544 ----a-w- C:\Windows\System32\drivers\RTKVHD64.sys2011-10-18 17:10:30 99432 ----a-w- C:\Windows\System32\RCoInst64.dll2011-10-18 12:55:50 331880 ----a-w- C:\Windows\System32\RtlCPAPI64.dll2011-10-18 12:47:22 1914472 ----a-w- C:\Windows\System32\RtkApi64.dll2011-10-18 10:05:00 2528872 ----a-w- C:\Windows\System32\RtPgEx64.dll2011-10-17 16:30:38 3213928 ----a-w- C:\Windows\System32\RtkAPO64.dll2011-10-14 12:43:48 1873920 ----a-w- C:\Windows\System32\RCoRes64.dat2011-10-13 06:34:54 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2011-09-22 22:41:00 3074368 ----a-w- C:\Windows\System32\nvsvcr.dll2011-09-16 13:10:24 35616 ----a-w- C:\Windows\System32\lmimirr.dll2011-09-16 13:10:24 14624 ----a-w- C:\Windows\System32\lmimirr2.dll2011-09-16 13:10:24 11552 ----a-w- C:\Windows\System32\drivers\lmimirr.sys2011-09-15 12:17:06 235 ----a-w- C:\Windows\SysWow64\nxEuUninstall.bat2011-09-15 12:17:05 446464 ----a-w- C:\Windows\NEXON_EU_DownloaderUpdater.exe2011-09-02 13:21:40 221024 ----a-w- C:\Windows\System32\SFNHK64.dll2011-09-02 13:21:38 78688 ----a-w- C:\Windows\System32\SFAPO64.dll2011-09-02 13:21:36 81248 ----a-w- C:\Windows\System32\SFCOM64.dll2011-09-01 05:24:07 2309120 ----a-w- C:\Windows\System32\jscript9.dll2011-09-01 05:17:57 1389056 ----a-w- C:\Windows\System32\wininet.dll2011-09-01 05:12:04 2382848 ----a-w- C:\Windows\System32\mshtml.tlb2011-09-01 02:35:59 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll2011-09-01 02:28:15 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll2011-09-01 02:22:54 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb2011-08-31 15:00:50 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys2011-08-27 05:37:49 861696 ----a-w- C:\Windows\System32\oleaut32.dll2011-08-27 05:37:48 331776 ----a-w- C:\Windows\System32\oleacc.dll2011-08-27 04:26:27 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll2011-08-27 04:26:27 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll2011-08-23 16:00:24 603984 ----a-w- C:\Windows\System32\KAAPORT64.dll.============= FINISH: 11:26:20,02 ===============.UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2011-08-26.01).Microsoft Windows 7 Ultimate Boot Device: \Device\HarddiskVolume1Install Date: 06/07/2011 23:25:18System Uptime: 15/11/2011 5:14:56 (30 hours ago).Motherboard: ASUSTeK Computer INC. | | P8P67 EVOProcessor: Intel® Core i7-2600 CPU @ 3.40GHz | LGA1155 | 3401/100mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 56 GiB total, 26,42 GiB free.D: is CDROM ()E: is FIXED (NTFS) - 932 GiB total, 553,198 GiB free.F: is FIXED (NTFS) - 466 GiB total, 333,497 GiB free.G: is FIXED (NTFS) - 932 GiB total, 534,768 GiB free.H: is CDROM (CDFS).==== Disabled Device Manager Items =============.Class GUID: Description: Device ID: USB\VID_0CF3&PID_3000\6&DF2EE03&0&7Manufacturer: Name: PNP Device ID: USB\VID_0CF3&PID_3000\6&DF2EE03&0&7Service: .==== System Restore Points ===================.RP167: 15/11/2011 7:34:55 - Windows UpdateRP168: 16/11/2011 11:20:35 - Installed HiJackThis.==== Installed Programs ======================.4500_HelpAcrobat.comAcronis True Image Home 2011Adobe AIRAdobe Flash Player 10 ActiveXAdobe Flash Player 11 PluginAdobe Reader 9.4.6AI Suite IIAny Video Converter 3.2.5Apple Application SupportApple Software UpdateASUS Ai ChargerBandisoft MPEG-1 DecoderBastionBattlefield 3™Battlefield: Bad Company 2Battlelog Web PluginsBPD_HPSUbpd_scanBPDSoftwareBPDSoftware_IniBrowser Configuration UtilityBufferChmCDisplay 1.8CustomerResearchQFolderDAEMON Tools LiteDawn of FantasyDead IslandDestination ComponentDeviceDiscoveryDeviceManagementQFolderDocMgrDocProcDocProcQFolderDungeon DefendersESN SonareSupportQFolderFaxFraps (remove only)Free YouTube to MP3 Converter version 3.10.11.923Google ChromeGPBaseServiceHerramienta de carga de Windows LiveHiJackThisHP UpdateHPProductAssistantInstalación de DivXIntel® Management Engine ComponentsIntel® Rapid Storage TechnologyIntel® Watchdog Timer Driver (Intel® WDT)IrfanView (remove only)J4500Java Auto UpdaterJava 6 Update 26JDownloader 0.9JMicron JMB36X DriverLogMeInMalwarebytes' Anti-Malware version 1.51.2.1300MarketResearchmarvell 91xx console driverMicrosoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170)Microsoft SilverlightMicrosoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219Microsoft XNA Framework Redistributable 3.1Mozilla Firefox 8.0 (x86 es-ES)MSI Afterburner 2.1.0MSI Kombustor 2.0.0MSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)Naga Firmware Updater 1.13NVIDIA 3D Vision Controller DriverNVIDIA PhysXNVIDIA Stereoscopic 3D DriverOpenOffice.org 3.3OpenVPN 2.2.0OriginPlus Pack for Acronis True Image Home 2011Pokemon World Online version 1.81PortalProductContextPunkBuster ServicesQuickTimeRaidCallRazer NagaRealtek High Definition Audio DriverRed Orchestra 2: Heroes of StalingradRenesas Electronics USB 3.0 Host Controller DriverScanSection 8: PrejudiceSecurity Update for Microsoft .NET Framework 4 Client Profile (KB2446708)Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)SmartWebPrintingOCSolutionCenterStatusSteamSystem Requirements Lab CYRITeamSpeak 3 ClientToolboxTrayAppTunngle betaUnity Web PlayerUpdate for Microsoft .NET Framework 4 Client Profile (KB2468871)Update for Microsoft .NET Framework 4 Client Profile (KB2533523)VC80CRTRedist - 8.0.50727.4053VLC media player 1.1.11WebRegWindows Live CallWindows Live Communications PlatformWindows Live EssentialsWindows Live MessengerWindows Movie Maker 2.6WinRAR archiver.==== Event Viewer Messages From Past Week ========.15/11/2011 8:39:03, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR2.15/11/2011 5:16:34, Error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.13/11/2011 23:03:32, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.13/11/2011 11:43:24, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk3\DR3.10/11/2011 21:11:44, Error: Microsoft-Windows-BitLocker-Driver [24620] - Encrypted volume check: Volume information on cannot be read..==== End Of File =========================== Link to post Share on other sites More sharing options...
Maniac Posted November 16, 2011 ID:495236 Share Posted November 16, 2011 Step 1Now it's time to clean the cache of Java, because of malware. Malware that could be found in this cache directory are not associated with the Java that was downloaded and installed on the system. A cache directory is aa temporary storage location. When the browser runs an applet or application, Java stores files into its cache directory for better performance.Click Start => Control Panel.Double-click the Java icon in the control panel. The Java Control Panel appears.Click Settings under Temporary Internet Files. The Temporary Files Settings dialog box appears.Click Delete Files. The Delete Temporary Files dialog box appears.Click OK on Delete Temporary Files window. Note: This deletes all the Downloaded Applications and Applets from the cache.Click OK on Temporary Files Settings window. Note: If you want to delete a specific application and applet from the cache, click on View Application and View Applet options respectively.Step 2Please follow the instructions here to download and run ComboFix tool:www.bleepingcomputer.com/combofix/how-to-use-combofix#usePlease post the log.txt when you are ready. Link to post Share on other sites More sharing options...
Serascel Posted November 16, 2011 Author ID:495243 Share Posted November 16, 2011 Did both, just one slight problem, after combofix atempted to restart the computer it actually shuted it down, when it turned it on, it gave me the txt file properly.Also, im getting the following error message on various program startups: "Illegal operation attempted on a registry key that has been marked for deletion"ComboFix 11-11-15.06 - Javier 16/11/2011 17:25:09.1.8 - x64Microsoft Windows 7 Ultimate 6.1.7601.1.1252.34.1033.18.8169.5722 [GMT 1:00]Running from: e:\documents\ComboFix.exeSP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\windows\assembly\tmp\Uc:\windows\assembly\tmp\U\000000c0.@c:\windows\assembly\tmp\U\000000cb.@c:\windows\assembly\tmp\U\000000cf.@c:\windows\assembly\tmp\U\80000000.@c:\windows\assembly\tmp\U\800000c0.@c:\windows\assembly\tmp\U\800000cb.@c:\windows\assembly\tmp\U\800000cf.@c:\windows\jestertb.dllc:\windows\system32\consrv.dllF:\Autorun.infG:\Autorun.inf..((((((((((((((((((((((((( Files Created from 2011-10-16 to 2011-11-16 )))))))))))))))))))))))))))))))..2011-11-16 16:27 . 2011-11-16 16:27 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp2011-11-16 16:27 . 2011-11-16 16:27 -------- d-----w- c:\users\Default\AppData\Local\temp2011-11-16 10:20 . 2011-11-16 10:20 388096 ----a-r- c:\users\Javier\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe2011-11-16 05:09 . 2011-11-16 05:09 -------- d-----w- c:\windows\system32\Macromed2011-11-15 22:54 . 2011-11-15 22:54 -------- d-sh--w- c:\windows\system32\%APPDATA%2011-11-15 22:48 . 2011-11-15 22:48 -------- d-sh--w- c:\users\Javier\AppData\Local\7d1143f42011-11-15 06:35 . 2011-11-15 06:35 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8D31AE10-2CF0-4D2C-A017-A8DA482FCD53}\offreg.dll2011-11-15 06:35 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8D31AE10-2CF0-4D2C-A017-A8DA482FCD53}\mpengine.dll2011-11-13 10:43 . 2011-11-13 10:43 -------- d-----w- c:\windows\SysWow64\RTCOM2011-11-11 15:53 . 2010-02-04 09:01 78680 ----a-w- c:\windows\system32\XAPOFX1_4.dll2011-11-10 20:53 . 2011-11-10 20:53 -------- d-----w- c:\program files (x86)\Origin Games2011-11-09 12:33 . 2011-10-01 05:45 886784 ----a-w- c:\program files\Common Files\System\wab32.dll2011-11-09 12:33 . 2011-10-01 04:37 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll2011-11-09 12:33 . 2011-09-29 16:29 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys2011-11-09 12:33 . 2011-09-29 04:03 3144704 ----a-w- c:\windows\system32\win32k.sys2011-10-31 19:35 . 2011-10-31 19:34 409 ----a-w- c:\users\Javier\Tunngle_restart.bat2011-10-26 14:51 . 2011-11-10 20:52 -------- d-----w- c:\program files (x86)\Battlelog Web Plugins2011-10-26 09:19 . 2011-11-16 11:01 -------- d-----r- c:\users\Javier\Dropbox2011-10-26 09:18 . 2011-11-16 16:37 -------- d-----w- c:\users\Javier\AppData\Roaming\Dropbox2011-10-25 19:59 . 2011-10-25 19:59 -------- d-----w- c:\users\Javier\AppData\Roaming\Origin2011-10-25 19:59 . 2011-10-25 19:59 -------- d-----w- c:\users\Javier\AppData\Local\Origin2011-10-25 19:59 . 2011-10-26 09:50 -------- d-----w- c:\programdata\Origin2011-10-21 15:43 . 2011-10-21 15:43 -------- d-----w- c:\users\Javier\AppData\Local\LogMeIn2011-10-21 15:43 . 2011-09-26 16:17 87456 ----a-w- c:\windows\system32\LMIRfsClientNP.dll2011-10-21 15:43 . 2011-09-26 16:16 59776 ----a-w- c:\windows\system32\Spool\prtprocs\x64\LMIproc.dll2011-10-21 15:43 . 2011-09-26 16:16 34688 ----a-w- c:\windows\system32\LMIport.dll2011-10-21 15:43 . 2011-09-16 13:10 72216 ----a-w- c:\windows\system32\drivers\LMIRfsDriver.sys2011-10-21 15:43 . 2011-09-26 16:16 80768 ----a-w- c:\windows\system32\LMIinit.dll2011-10-21 15:43 . 2011-11-16 16:36 -------- d-----w- c:\programdata\LogMeIn2011-10-19 19:35 . 2011-10-19 19:36 270912 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys2011-10-19 19:35 . 2011-11-16 05:32 -------- d-----w- c:\users\Javier\AppData\Roaming\DAEMON Tools Lite2011-10-19 19:35 . 2011-10-19 19:35 -------- d-----w- c:\programdata\DAEMON Tools Lite2011-10-18 21:10 . 2011-10-18 21:10 136568 ----a-r- c:\users\Javier\AppData\Roaming\Microsoft\Installer\{ED4108A9-60FD-4F18-AF42-122219977773}\NewShortcut3_AF179E0CC236405CA1EFA46CF947F194.exe2011-10-18 21:10 . 2011-10-18 21:10 136568 ----a-r- c:\users\Javier\AppData\Roaming\Microsoft\Installer\{ED4108A9-60FD-4F18-AF42-122219977773}\NewShortcut2_D6607052B9DB47B4AF253647598126AE.exe2011-10-18 21:10 . 2011-10-18 21:10 136568 ----a-r- c:\users\Javier\AppData\Roaming\Microsoft\Installer\{ED4108A9-60FD-4F18-AF42-122219977773}\NewShortcut1_49B41568AE25455B9AB2C3635A6F635C.exe2011-10-18 21:10 . 2011-10-18 21:10 136568 ----a-r- c:\users\Javier\AppData\Roaming\Microsoft\Installer\{ED4108A9-60FD-4F18-AF42-122219977773}\ARPPRODUCTICON.exe2011-10-18 21:10 . 2011-10-18 21:10 -------- d-----w- c:\program files (x86)\Razer2011-10-18 21:09 . 2011-10-18 21:09 300408 ----a-r- c:\users\Javier\AppData\Roaming\Microsoft\Installer\{5A336D74-E680-4986-96F4-E9CEBC784F56}\ARPPRODUCTICON.exe2011-10-18 21:09 . 2011-10-18 21:09 136568 ----a-r- c:\users\Javier\AppData\Roaming\Microsoft\Installer\{5A336D74-E680-4986-96F4-E9CEBC784F56}\ShortcutUpdater_DF0BD54B5FA14948AAC4D5BDB1FBFCF2.exe...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2011-11-15 14:47 . 2011-07-06 20:57 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr2011-11-15 14:47 . 2011-07-06 20:06 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.exe2011-11-13 19:18 . 2011-07-06 20:06 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex02011-10-27 02:28 . 2011-07-06 20:06 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe2011-10-15 08:53 . 2011-09-24 19:51 1533248 ----a-w- c:\windows\system32\nvdispco64.dll2011-10-15 08:53 . 2011-09-24 19:51 1454400 ----a-w- c:\windows\system32\nvgenco64.dll2011-10-15 08:53 . 2011-07-06 16:18 8791360 ----a-w- c:\windows\system32\nvwgf2umx.dll2011-10-15 08:53 . 2011-07-06 16:18 7041856 ----a-w- c:\windows\SysWow64\nvwgf2um.dll2011-10-15 08:53 . 2011-07-06 16:18 2808128 ----a-w- c:\windows\system32\nvapi64.dll2011-10-15 08:53 . 2011-07-06 16:18 2458432 ----a-w- c:\windows\SysWow64\nvapi.dll2011-10-13 06:34 . 2011-07-06 20:13 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2011-09-22 22:41 . 2011-01-07 18:49 3074368 ----a-w- c:\windows\system32\nvsvcr.dll2011-09-16 13:10 . 2011-09-16 13:10 35616 ----a-w- c:\windows\system32\lmimirr.dll2011-09-16 13:10 . 2011-09-16 13:10 14624 ----a-w- c:\windows\system32\lmimirr2.dll2011-09-16 13:10 . 2011-09-16 13:10 11552 ----a-w- c:\windows\system32\drivers\lmimirr.sys2011-09-15 12:17 . 2011-09-15 12:17 235 ----a-w- c:\windows\SysWow64\nxEuUninstall.bat2011-09-15 12:17 . 2011-09-15 12:17 446464 ----a-w- c:\windows\NEXON_EU_DownloaderUpdater.exe2011-09-01 05:24 . 2011-10-13 01:00 2309120 ----a-w- c:\windows\system32\jscript9.dll2011-09-01 05:17 . 2011-10-13 01:00 1389056 ----a-w- c:\windows\system32\wininet.dll2011-09-01 05:12 . 2011-10-13 01:00 2382848 ----a-w- c:\windows\system32\mshtml.tlb2011-09-01 02:35 . 2011-10-13 01:00 1798144 ----a-w- c:\windows\SysWow64\jscript9.dll2011-09-01 02:28 . 2011-10-13 01:00 1126912 ----a-w- c:\windows\SysWow64\wininet.dll2011-09-01 02:22 . 2011-10-13 01:00 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb2011-08-31 17:12 . 2011-10-17 12:53 1698408 ----a-w- c:\windows\RtlExUpd.dll2011-08-31 15:00 . 2011-07-06 17:08 25416 ----a-w- c:\windows\system32\drivers\mbam.sys2011-08-27 05:37 . 2011-10-12 22:41 861696 ----a-w- c:\windows\system32\oleaut32.dll2011-08-27 05:37 . 2011-10-12 22:41 331776 ----a-w- c:\windows\system32\oleacc.dll2011-08-27 04:26 . 2011-10-12 22:41 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll2011-08-27 04:26 . 2011-10-12 22:41 233472 ----a-w- c:\windows\SysWow64\oleacc.dll..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]2011-10-31 21:02 94208 ----a-w- c:\users\Javier\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]2011-10-31 21:02 94208 ----a-w- c:\users\Javier\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]2011-10-31 21:02 94208 ----a-w- c:\users\Javier\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]2011-10-31 21:02 94208 ----a-w- c:\users\Javier\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2011-02-02 3872080]"DAEMON Tools Lite"="e:\daemon tools lite\DTLite.exe" [2011-08-02 4910912].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-10-26 375000]"HP Software Update"="e:\hp\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]"Adobe Reader Speed Launcher"="e:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]"Malwarebytes' Anti-Malware"="e:\malwarebytes' anti-malware\mbamgui.exe" [2011-08-31 449608]"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-08-18 421736]"Razer Naga Driver"="e:\razer\Naga\RazerNagaSysTray.exe" [2011-04-12 953232].c:\users\Javier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk - c:\users\Javier\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-10-31 24241928].c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk - e:\hp\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 0 (0x0)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableLUA"= 0 (0x0)"EnableUIADesktopToggle"= 0 (0x0)"PromptOnSecureDesktop"= 0 (0x0)"EnableLinkedConnections"= 1 (0x1).[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp.R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-05 13336]R2 MBAMService;MBAMService;e:\malwarebytes' anti-malware\mbamservice.exe [2011-08-31 366152]R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-03 2255464]R3 1394hub;1394 Enabled Hub;c:\windows\System32\svchost.exe [2009-07-14 27136]R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]R3 MSICDSetup;MSICDSetup;D:\CDriver64.sys [x]R3 ncvet.dll;ncvet.dll;c:\windows\Temp\ncvet.dll [x]R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]R3 X6va005;X6va005;c:\users\Javier\AppData\Local\Temp\0052F5A.tmp [x]S0 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys [x]S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys [x]S0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\DRIVERS\tdrpm273.sys [x]S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]S2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2011-07-07 3246040]S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe [2010-11-03 918144]S2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe [2010-12-02 915584]S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2010-10-21 586880]S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-26 223464]S2 DTSAudioService;DTSAudioService;c:\program files\Realtek\Audio\HDA\DTSAudioService64.exe [2011-05-31 210024]S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [x]S2 LMIGuardianSvc;LMIGuardianSvc;e:\logmein\x64\LMIGuardianSvc.exe [2011-09-26 375176]S2 LMIInfo;LogMeIn Kernel Information Provider;e:\logmein\x64\RaInfo.sys [2011-09-16 15928]S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-14 381248]S2 TunngleService;TunngleService;e:\tunngle\TnglCtrl.exe [2011-08-09 741224]S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [x]S3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [x]S3 ICCWDT;Intel® Watchdog Timer Driver (Intel® WDT);c:\windows\system32\DRIVERS\ICCWDT.sys [x]S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]S3 RzSynapse;Razer Driver;c:\windows\system32\DRIVERS\RzSynapse.sys [x]S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [x]..[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc.Contents of the 'Scheduled Tasks' folder.2011-11-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3641578468-56870901-2788665423-1000Core.job- c:\users\Javier\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-06 23:38].2011-11-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3641578468-56870901-2788665423-1000UA.job- c:\users\Javier\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-06 23:38]..--------- x86-64 -----------..[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]2011-10-31 21:02 97792 ----a-w- c:\users\Javier\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]2011-10-31 21:02 97792 ----a-w- c:\users\Javier\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]2011-10-31 21:02 97792 ----a-w- c:\users\Javier\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]2011-10-31 21:02 97792 ----a-w- c:\users\Javier\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"LogMeIn GUI"="e:\logmein\x64\LogMeInSystray.exe" [2011-09-16 57928]"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-10-17 13307496]"RtHDVBg_DTS"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-10-14 2278504]"combofix"="c:\combofix\CF18287.3XE" [2010-11-21 345088].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]"LoadAppInit_DLLs"=0x0.------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmmLocal Page = c:\windows\SysWOW64\blank.htmuInternet Settings,ProxyServer = http=210.107.100.251:8080;https=210.107.100.251:8080;ftp=210.107.100.251:8080IE: Free YouTube to MP3 Converter - c:\users\Javier\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htmTCP: DhcpNameServer = 87.216.1.65 87.216.1.66FF - ProfilePath - c:\users\Javier\AppData\Roaming\Mozilla\Firefox\Profiles\f50z0qws.default\FF - prefs.js: network.proxy.type - 0..[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va005]"ImagePath"="\??\c:\users\Javier\AppData\Local\Temp\0052F5A.tmp".--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.10".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]@Denied: (A 2) (Everyone)@="IFlashBroker3".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).------------------------ Other Running Processes ------------------------.c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exec:\program files (x86)\Bonjour\mDNSResponder.exec:\windows\SysWOW64\PnkBstrA.exec:\windows\SysWOW64\UAService7.exec:\program files (x86)\ASUS\AI Suite II\AsRoutineController.exec:\program files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe.**************************************************************************.Completion time: 2011-11-16 17:38:11 - machine was rebootedComboFix-quarantined-files.txt 2011-11-16 16:38.Pre-Run: 27.760.738.304 bytes freePost-Run: 27.251.183.616 bytes free.- - End Of File - - B649878B80E94D96DE64365F604BE967 Link to post Share on other sites More sharing options...
Maniac Posted November 16, 2011 ID:495254 Share Posted November 16, 2011 Also, im getting the following error message on various program startups: "Illegal operation attempted on a registry key that has been marked for deletion"Reboot your computer and then will be fine. Link to post Share on other sites More sharing options...
Serascel Posted November 16, 2011 Author ID:495255 Share Posted November 16, 2011 Reboot your computer and then will be fine.Yeah did that, now its fine.Should I do anything else or is that it? computer still feels a bit slugish. Link to post Share on other sites More sharing options...
Maniac Posted November 16, 2011 ID:495256 Share Posted November 16, 2011 Meanwhile, please open www.virustotal.com and upload the following file:C:\Windows\NEXON_EU_DownloaderUpdater.exeWhen the scan finished, please copy&paste the link. Link to post Share on other sites More sharing options...
Serascel Posted November 16, 2011 Author ID:495262 Share Posted November 16, 2011 http://www.virustotal.com/file-scan/reanalysis.html?id=fdf6a15e87b9028f6c38620a77e5cc5f82582d3dd0c09e81dabb8d35621c0b61-1321464906Thanks. Link to post Share on other sites More sharing options...
Maniac Posted November 16, 2011 ID:495277 Share Posted November 16, 2011 Thanks!Open Notepad and copy and paste the text in the code box below into it:Folder::c:\users\Javier\AppData\Local\7d1143f4Save the file to your desktop and name it CFScript.txt Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply.Note: These instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system.In your next post here, please include ComboFix.txt and let me know how are things there. Link to post Share on other sites More sharing options...
Serascel Posted November 16, 2011 Author ID:495288 Share Posted November 16, 2011 Things seem to be getting better, no sluginesh anymore, at least for now.Also not getting anymore blocked attempts by malware bytes.Thanks.ComboFix 11-11-15.06 - Javier 16/11/2011 20:12:30.2.8 - x64Microsoft Windows 7 Ultimate 6.1.7601.1.1252.34.1033.18.8169.5103 [GMT 1:00]Running from: e:\documents\ComboFix.exeCommand switches used :: e:\documents\CFScript.txtSP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\users\Javier\AppData\Local\7d1143f4c:\users\Javier\AppData\Local\7d1143f4\@..((((((((((((((((((((((((( Files Created from 2011-10-16 to 2011-11-16 )))))))))))))))))))))))))))))))..2011-11-16 19:14 . 2011-11-16 19:14 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp2011-11-16 19:14 . 2011-11-16 19:14 -------- d-----w- c:\users\Default\AppData\Local\temp2011-11-16 17:20 . 2011-11-16 17:20 -------- d-----w- c:\users\Javier\AppData\Roaming\Download Manager2011-11-16 10:20 . 2011-11-16 10:20 388096 ----a-r- c:\users\Javier\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe2011-11-16 05:09 . 2011-11-16 05:09 -------- d-----w- c:\windows\system32\Macromed2011-11-15 22:54 . 2011-11-15 22:54 -------- d-sh--w- c:\windows\system32\%APPDATA%2011-11-15 06:35 . 2011-11-16 17:16 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8D31AE10-2CF0-4D2C-A017-A8DA482FCD53}\offreg.dll2011-11-15 06:35 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8D31AE10-2CF0-4D2C-A017-A8DA482FCD53}\mpengine.dll2011-11-13 10:43 . 2011-11-13 10:43 -------- d-----w- c:\windows\SysWow64\RTCOM2011-11-11 15:53 . 2010-02-04 09:01 78680 ----a-w- c:\windows\system32\XAPOFX1_4.dll2011-11-10 20:53 . 2011-11-10 20:53 -------- d-----w- c:\program files (x86)\Origin Games2011-11-09 12:33 . 2011-10-01 05:45 886784 ----a-w- c:\program files\Common Files\System\wab32.dll2011-11-09 12:33 . 2011-10-01 04:37 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll2011-11-09 12:33 . 2011-09-29 16:29 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys2011-11-09 12:33 . 2011-09-29 04:03 3144704 ----a-w- c:\windows\system32\win32k.sys2011-10-31 19:35 . 2011-10-31 19:34 409 ----a-w- c:\users\Javier\Tunngle_restart.bat2011-10-26 14:51 . 2011-11-10 20:52 -------- d-----w- c:\program files (x86)\Battlelog Web Plugins2011-10-26 09:19 . 2011-11-16 17:13 -------- d-----r- c:\users\Javier\Dropbox2011-10-26 09:18 . 2011-11-16 17:13 -------- d-----w- c:\users\Javier\AppData\Roaming\Dropbox2011-10-25 19:59 . 2011-10-25 19:59 -------- d-----w- c:\users\Javier\AppData\Roaming\Origin2011-10-25 19:59 . 2011-10-25 19:59 -------- d-----w- c:\users\Javier\AppData\Local\Origin2011-10-25 19:59 . 2011-10-26 09:50 -------- d-----w- c:\programdata\Origin2011-10-21 15:43 . 2011-10-21 15:43 -------- d-----w- c:\users\Javier\AppData\Local\LogMeIn2011-10-21 15:43 . 2011-09-26 16:17 87456 ----a-w- c:\windows\system32\LMIRfsClientNP.dll2011-10-21 15:43 . 2011-09-26 16:16 59776 ----a-w- c:\windows\system32\Spool\prtprocs\x64\LMIproc.dll2011-10-21 15:43 . 2011-09-26 16:16 34688 ----a-w- c:\windows\system32\LMIport.dll2011-10-21 15:43 . 2011-09-16 13:10 72216 ----a-w- c:\windows\system32\drivers\LMIRfsDriver.sys2011-10-21 15:43 . 2011-09-26 16:16 80768 ----a-w- c:\windows\system32\LMIinit.dll2011-10-21 15:43 . 2011-11-16 16:36 -------- d-----w- c:\programdata\LogMeIn2011-10-19 19:35 . 2011-10-19 19:36 270912 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys2011-10-19 19:35 . 2011-11-16 05:32 -------- d-----w- c:\users\Javier\AppData\Roaming\DAEMON Tools Lite2011-10-19 19:35 . 2011-10-19 19:35 -------- d-----w- c:\programdata\DAEMON Tools Lite2011-10-18 21:10 . 2011-10-18 21:10 136568 ----a-r- c:\users\Javier\AppData\Roaming\Microsoft\Installer\{ED4108A9-60FD-4F18-AF42-122219977773}\NewShortcut3_AF179E0CC236405CA1EFA46CF947F194.exe2011-10-18 21:10 . 2011-10-18 21:10 136568 ----a-r- c:\users\Javier\AppData\Roaming\Microsoft\Installer\{ED4108A9-60FD-4F18-AF42-122219977773}\NewShortcut2_D6607052B9DB47B4AF253647598126AE.exe2011-10-18 21:10 . 2011-10-18 21:10 136568 ----a-r- c:\users\Javier\AppData\Roaming\Microsoft\Installer\{ED4108A9-60FD-4F18-AF42-122219977773}\NewShortcut1_49B41568AE25455B9AB2C3635A6F635C.exe2011-10-18 21:10 . 2011-10-18 21:10 136568 ----a-r- c:\users\Javier\AppData\Roaming\Microsoft\Installer\{ED4108A9-60FD-4F18-AF42-122219977773}\ARPPRODUCTICON.exe2011-10-18 21:10 . 2011-10-18 21:10 -------- d-----w- c:\program files (x86)\Razer2011-10-18 21:09 . 2011-10-18 21:09 300408 ----a-r- c:\users\Javier\AppData\Roaming\Microsoft\Installer\{5A336D74-E680-4986-96F4-E9CEBC784F56}\ARPPRODUCTICON.exe2011-10-18 21:09 . 2011-10-18 21:09 136568 ----a-r- c:\users\Javier\AppData\Roaming\Microsoft\Installer\{5A336D74-E680-4986-96F4-E9CEBC784F56}\ShortcutUpdater_DF0BD54B5FA14948AAC4D5BDB1FBFCF2.exe...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2011-11-15 14:47 . 2011-07-06 20:57 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr2011-11-15 14:47 . 2011-07-06 20:06 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.exe2011-11-13 19:18 . 2011-07-06 20:06 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex02011-10-27 02:28 . 2011-07-06 20:06 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe2011-10-15 08:53 . 2011-09-24 19:51 1533248 ----a-w- c:\windows\system32\nvdispco64.dll2011-10-15 08:53 . 2011-09-24 19:51 1454400 ----a-w- c:\windows\system32\nvgenco64.dll2011-10-15 08:53 . 2011-07-06 16:18 8791360 ----a-w- c:\windows\system32\nvwgf2umx.dll2011-10-15 08:53 . 2011-07-06 16:18 7041856 ----a-w- c:\windows\SysWow64\nvwgf2um.dll2011-10-15 08:53 . 2011-07-06 16:18 2808128 ----a-w- c:\windows\system32\nvapi64.dll2011-10-15 08:53 . 2011-07-06 16:18 2458432 ----a-w- c:\windows\SysWow64\nvapi.dll2011-10-13 06:34 . 2011-07-06 20:13 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2011-09-22 22:41 . 2011-01-07 18:49 3074368 ----a-w- c:\windows\system32\nvsvcr.dll2011-09-16 13:10 . 2011-09-16 13:10 35616 ----a-w- c:\windows\system32\lmimirr.dll2011-09-16 13:10 . 2011-09-16 13:10 14624 ----a-w- c:\windows\system32\lmimirr2.dll2011-09-16 13:10 . 2011-09-16 13:10 11552 ----a-w- c:\windows\system32\drivers\lmimirr.sys2011-09-15 12:17 . 2011-09-15 12:17 235 ----a-w- c:\windows\SysWow64\nxEuUninstall.bat2011-09-15 12:17 . 2011-09-15 12:17 446464 ----a-w- c:\windows\NEXON_EU_DownloaderUpdater.exe2011-09-01 05:24 . 2011-10-13 01:00 2309120 ----a-w- c:\windows\system32\jscript9.dll2011-09-01 05:17 . 2011-10-13 01:00 1389056 ----a-w- c:\windows\system32\wininet.dll2011-09-01 05:12 . 2011-10-13 01:00 2382848 ----a-w- c:\windows\system32\mshtml.tlb2011-09-01 02:35 . 2011-10-13 01:00 1798144 ----a-w- c:\windows\SysWow64\jscript9.dll2011-09-01 02:28 . 2011-10-13 01:00 1126912 ----a-w- c:\windows\SysWow64\wininet.dll2011-09-01 02:22 . 2011-10-13 01:00 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb2011-08-31 17:12 . 2011-10-17 12:53 1698408 ----a-w- c:\windows\RtlExUpd.dll2011-08-31 15:00 . 2011-07-06 17:08 25416 ----a-w- c:\windows\system32\drivers\mbam.sys2011-08-27 05:37 . 2011-10-12 22:41 861696 ----a-w- c:\windows\system32\oleaut32.dll2011-08-27 05:37 . 2011-10-12 22:41 331776 ----a-w- c:\windows\system32\oleacc.dll2011-08-27 04:26 . 2011-10-12 22:41 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll2011-08-27 04:26 . 2011-10-12 22:41 233472 ----a-w- c:\windows\SysWow64\oleacc.dll..((((((((((((((((((((((((((((( SnapShot@2011-11-16_16.37.01 ))))))))))))))))))))))))))))))))))))))))).+ 2009-07-14 05:10 . 2011-11-16 17:15 34446 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin+ 2011-07-06 16:01 . 2011-11-16 17:15 4440 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3641578468-56870901-2788665423-1000_UserData.bin+ 2011-11-13 10:50 . 2011-11-16 17:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat+ 2011-11-13 10:50 . 2011-11-16 17:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat- 2011-11-13 10:50 . 2011-11-16 16:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat- 2009-07-14 02:36 . 2011-11-15 04:19 615810 c:\windows\system32\perfh009.dat+ 2009-07-14 02:36 . 2011-11-16 17:17 615810 c:\windows\system32\perfh009.dat- 2009-07-14 02:36 . 2011-11-15 04:19 106190 c:\windows\system32\perfc009.dat+ 2009-07-14 02:36 . 2011-11-16 17:17 106190 c:\windows\system32\perfc009.dat- 2011-07-06 16:03 . 2011-11-16 16:36 114688 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat+ 2011-07-06 16:03 . 2011-11-16 17:12 114688 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat+ 2011-07-06 16:03 . 2011-11-16 17:12 1933312 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat- 2011-07-06 16:03 . 2011-11-16 16:36 1933312 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat- 2009-07-14 04:54 . 2011-11-16 16:36 1605632 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat+ 2009-07-14 04:54 . 2011-11-16 17:12 1605632 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]2011-10-31 21:02 94208 ----a-w- c:\users\Javier\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]2011-10-31 21:02 94208 ----a-w- c:\users\Javier\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]2011-10-31 21:02 94208 ----a-w- c:\users\Javier\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]2011-10-31 21:02 94208 ----a-w- c:\users\Javier\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2011-02-02 3872080]"DAEMON Tools Lite"="e:\daemon tools lite\DTLite.exe" [2011-08-02 4910912].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-10-26 375000]"HP Software Update"="e:\hp\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]"Adobe Reader Speed Launcher"="e:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]"Malwarebytes' Anti-Malware"="e:\malwarebytes' anti-malware\mbamgui.exe" [2011-08-31 449608]"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-08-18 421736]"Razer Naga Driver"="e:\razer\Naga\RazerNagaSysTray.exe" [2011-04-12 953232].c:\users\Javier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk - c:\users\Javier\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-10-31 24241928].c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk - e:\hp\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 0 (0x0)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableLUA"= 0 (0x0)"EnableUIADesktopToggle"= 0 (0x0)"PromptOnSecureDesktop"= 0 (0x0)"EnableLinkedConnections"= 1 (0x1).[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp.R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]R2 LMIInfo;LogMeIn Kernel Information Provider;e:\logmein\x64\RaInfo.sys [2011-09-16 15928]R3 1394hub;1394 Enabled Hub;c:\windows\System32\svchost.exe [2009-07-14 27136]R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]R3 MSICDSetup;MSICDSetup;D:\CDriver64.sys [x]R3 ncvet.dll;ncvet.dll;c:\windows\Temp\ncvet.dll [x]R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]R3 X6va005;X6va005;c:\users\Javier\AppData\Local\Temp\0052F5A.tmp [x]S0 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys [x]S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys [x]S0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\DRIVERS\tdrpm273.sys [x]S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]S2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2011-07-07 3246040]S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe [2010-11-03 918144]S2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe [2010-12-02 915584]S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2010-10-21 586880]S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-26 223464]S2 DTSAudioService;DTSAudioService;c:\program files\Realtek\Audio\HDA\DTSAudioService64.exe [2011-05-31 210024]S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-05 13336]S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [x]S2 LMIGuardianSvc;LMIGuardianSvc;e:\logmein\x64\LMIGuardianSvc.exe [2011-09-26 375176]S2 MBAMService;MBAMService;e:\malwarebytes' anti-malware\mbamservice.exe [2011-08-31 366152]S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-03 2255464]S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-14 381248]S2 TunngleService;TunngleService;e:\tunngle\TnglCtrl.exe [2011-08-09 741224]S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [x]S3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [x]S3 ICCWDT;Intel® Watchdog Timer Driver (Intel® WDT);c:\windows\system32\DRIVERS\ICCWDT.sys [x]S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]S3 RzSynapse;Razer Driver;c:\windows\system32\DRIVERS\RzSynapse.sys [x]S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [x]S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]..[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc.Contents of the 'Scheduled Tasks' folder.2011-11-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3641578468-56870901-2788665423-1000Core.job- c:\users\Javier\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-06 23:38].2011-11-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3641578468-56870901-2788665423-1000UA.job- c:\users\Javier\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-06 23:38]..--------- x86-64 -----------..[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]2011-10-31 21:02 97792 ----a-w- c:\users\Javier\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]2011-10-31 21:02 97792 ----a-w- c:\users\Javier\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]2011-10-31 21:02 97792 ----a-w- c:\users\Javier\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]2011-10-31 21:02 97792 ----a-w- c:\users\Javier\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"LogMeIn GUI"="e:\logmein\x64\LogMeInSystray.exe" [2011-09-16 57928]"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-10-17 13307496]"RtHDVBg_DTS"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-10-14 2278504].------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmmLocal Page = c:\windows\SysWOW64\blank.htmuInternet Settings,ProxyServer = http=210.107.100.251:8080;https=210.107.100.251:8080;ftp=210.107.100.251:8080IE: Free YouTube to MP3 Converter - c:\users\Javier\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htmTCP: DhcpNameServer = 87.216.1.65 87.216.1.66FF - ProfilePath - c:\users\Javier\AppData\Roaming\Mozilla\Firefox\Profiles\f50z0qws.default\FF - prefs.js: network.proxy.type - 0..[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va005]"ImagePath"="\??\c:\users\Javier\AppData\Local\Temp\0052F5A.tmp".--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.10".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]@Denied: (A 2) (Everyone)@="IFlashBroker3".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).Completion time: 2011-11-16 20:15:39ComboFix-quarantined-files.txt 2011-11-16 19:15ComboFix2.txt 2011-11-16 16:38.Pre-Run: 27.189.235.712 bytes freePost-Run: 27.135.246.336 bytes free.- - End Of File - - CDDE4852EF39EA8D46E9E47A7033DF99 Link to post Share on other sites More sharing options...
Maniac Posted November 16, 2011 ID:495297 Share Posted November 16, 2011 Great! Some additional scans:Launch Malwarebytes' Anti-MalwareGo to Update" tab and select Check for Updates.Go to Scanner tab and select Perform Quick Scan, then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply.Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.Next:Please run a free online scan with the ESET Online ScannerNote: You will need to use Internet Explorer for this scanTick the box next to YES, I accept the Terms of UseClick StartWhen asked, allow the ActiveX control to installClick StartMake sure that the options Remove found threats and the option Scan unwanted applications is checkedClick Scan (This scan can take several hours, so please be patient)Once the scan is completed, you may close the windowUse Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txtCopy and paste that log as a reply to this topicIn your next reply, please post the both of log files. Link to post Share on other sites More sharing options...
Serascel Posted November 16, 2011 Author ID:495344 Share Posted November 16, 2011 Cool, Thanks Malwarebytes' Anti-Malware 1.51.2.1300www.malwarebytes.orgDatabase version: 8178Windows 6.1.7601 Service Pack 1Internet Explorer 9.0.8112.1642116/11/2011 21:42:20mbam-log-2011-11-16 (21-42-20).txtScan type: Quick scanObjects scanned: 189974Time elapsed: 32 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected)------ESETSmartInstaller@High as CAB hook log:OnlineScanner64.ocx - registred OKOnlineScanner.ocx - registred OK# version=7# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)# OnlineScanner.ocx=1.0.0.6583# api_version=3.0.2# EOSSerial=164169e869b3a94d80c69171d6d3b2cc# end=finished# remove_checked=true# archives_checked=true# unwanted_checked=true# unsafe_checked=false# antistealth_checked=true# utc_time=2011-11-16 10:25:51# local_time=2011-11-16 11:25:51 (+0100, Romance Standard Time)# country="Spain"# lang=1033# osver=6.1.7601 NT Service Pack 1# compatibility_mode=512 16777215 100 0 0 0 0 0# compatibility_mode=5893 16776573 100 94 141072 73106231 0 0# compatibility_mode=8192 67108863 100 0 3761 3761 0 0# scanned=167720# found=10# cleaned=10# scan_time=5970C:\Qoobox\Quarantine\C\Windows\System32\consrv.dll.vir Win64/Sirefef.D trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 CE:\Documents\BitLord\Downloads\Windows.7.HomePremium+Ultimate.SP1.32-64Bit.(2011-06-18)\Windows.7.HomePremium+Ultimate.SP1.32-64Bit.(2011-06-18).iso Win32/Adware.ADON application (deleted - quarantined) 00000000000000000000000000000000 CE:\My Documents\Downloads\SoftonicDownloader_para_daemon-tools.exe a variant of Win32/SoftonicDownloader.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 CE:\My Documents\Downloads\SoftonicDownloader_para_picaloader.exe a variant of Win32/SoftonicDownloader.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 CE:\Sony\Vegas Pro 9.0\Keygen.exe a variant of Win32/Keygen.AR application (cleaned by deleting - quarantined) 00000000000000000000000000000000 CF:\ASI\SEGUNDO ASI\Jorge- Sistemas\ISOS\MultiBoot CD o8o815.iso multiple threats (deleted - quarantined) 00000000000000000000000000000000 CF:\ASI\SEGUNDO ASI\Jorge- Sistemas\ISOS\Win Xp Sp3.iso Win32/Adware.ADON application (deleted - quarantined) 00000000000000000000000000000000 CF:\Programas\MAYA\Autodesk Maya 2011 64-Bits\Activador (Keygen X-Force)(64-Bits)\xf-a2011-64bits.exe a variant of Win32/Keygen.BL application (cleaned by deleting - quarantined) 00000000000000000000000000000000 CF:\Programas\MAYA\Autodesk Maya 2011 64-Bits\Instrucciones Maya 2010 x64Bits\Activador\xf-a2011-64bits.exe a variant of Win32/Keygen.BL application (cleaned by deleting - quarantined) 00000000000000000000000000000000 CF:\Programas\MAYA\Maya2010x32\Maya2010x32 Reloaded By_pipe109\Autodesk Maya 2010 32-Bits\Keygen\xf-maya2010x32.exe a variant of Win32/Keygen.BL application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C Link to post Share on other sites More sharing options...
Maniac Posted November 17, 2011 ID:495466 Share Posted November 17, 2011 How are things now? Link to post Share on other sites More sharing options...
Serascel Posted November 17, 2011 Author ID:495517 Share Posted November 17, 2011 Sorry for the late reply,Everythings running smooth again, 0 problems so far.Thanks a lot mate! Link to post Share on other sites More sharing options...
Maniac Posted November 17, 2011 ID:495583 Share Posted November 17, 2011 I have good news for you => You're system is clean! :thumbsup:Here are some tips to prevent future malware problems:You need to ensure that you have the latest versions of: Adobe Reader and Java. Before you download and install the latest versions is important to uninstall them, so for this purpose: Click Start => Control Panel => Add or Remove Programs highlight them and click on Remove button. Next, click on each of the programs to download it:Adobe ReaderJavaSlowly and carefully install applications and then restart your computer.Go to Start => Run... and copy & paste next command in the field:ComboFix /uninstallThen hit Enter button.This procedure will do the following:Uninstall ComboFixDelete its related folders and filesReset your clock settingsHide file extensionsHide the system/hidden filesResets System Restore againNote: Make sure there's a space between ComboFix and /uninstallAt this stage, you don't need the online scanner, so:To remove the ESET Online Scanner components from your computer, start the Add or Remove Programs applet from Control Panel, select the ESET Online Scanner entry and click Remove. A restart may be required to complete uninstallation.Please manually delete DDS.Some quick tips:Antivirus software - I see that you have no antivirus install on your system, so take a look here more closely. It's always necessary. Always updated antivirus program will save you many future problems. Here some good free antivirus solutions:avast! Free AntivirusAvira AntiVir PersonalMicrosoft Security Essentials[*]Alternative browser - Due to the large market share of Internet Explorer, it is a top target of the writers of malware, so we recommend using an alternative browser. There are many better alternatives to Internet Explorer regarding security, features and speed such as:Google ChromeOpera Browser[*]Program updates - Updating the software is really important for the productivity, but also for their security. Here is an application that will help in checking the new versions and updates for your programs. It is called FileHippo Update Checker and you can download it from here.[*]Clear old system restore points - Once your system is infected as a result there will be infected restore points that need to be cleaned.Open Start => All Programs => Accessories => System tools => Disk Cleanup.In the Drop down box that appears select your main drive e.g. C:\Click OK.The System will do some calculation and display a dialogue box with TABS. Select the More Options tab.At the bottom will be a system restore box with a CLEANUP button. Click on it. Accept the Warning and select OK again, the program will close and you are done.[*]Create a new system restore point - Now that everything is fine, it is necessary to create a new restore point to restore your system to an earlier stage in case you get a problem. Do the following:Click Start, point to All Programs, point to Accessories, point to System Tools, and then click System Restore.In the System Restore dialog box, click Create a restore point, and then click Next.Type a description for your restore point, such as "After Cleanup", then click Create.Safe surfing! Link to post Share on other sites More sharing options...
Serascel Posted November 17, 2011 Author ID:495590 Share Posted November 17, 2011 Cool, did most, not too fond of antiviruses .Thanks a lot, for the help and for your time. Link to post Share on other sites More sharing options...
Maniac Posted November 17, 2011 ID:495600 Share Posted November 17, 2011 You're welcome! Link to post Share on other sites More sharing options...
LDTate Posted November 17, 2011 ID:495650 Share Posted November 17, 2011 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts