Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Java Virus Throttling Internet


  • This topic is locked This topic is locked
21 replies to this topic

#1 McSpermie

McSpermie

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:54 AM

Posted 05 January 2012 - 05:35 PM

Hello, for the past couple of weeks I have experienced my internet dropping out every 5 or so minutes for about 30 seconds each time. When I would download mods for some games I play they would go much slower than usual and even stop for awhile. At first I thought it was my router or modem but my laptop was not experiencing this issue and my ISP said their connection to the modem has been completely stable. I was also receiving blue screens and completely random times. So I asked for some advice and was told to try Kaspersky Boot up program, and it found something. I thought the issues was addressed because my speeds were back to normal, and the blue screens have stopped, but my internet would still drop out every 5 minutes. So then I ran the AVG Boot up program and it found something as well. However, I didn't notice any difference after using AVG. Not sure what course of action to take, a friend of mine recommended Combofix. I'm aware I shouldn't have used it without being asked by on this forum, but did so anyways. I'm sorry about that. Anyways, it ran and found a few files, deleted them, and rebooted the comp. Afterwards, the computer is now going at the proper speeds that it used to before the virus, and is even dropping out less frequently, but I'm still experiencing web pages not loading for awhile and downloads halting.
I do not know if Combofix got rid of the virus and it left behind some nasty effects or if the virus is even still on my computer. Either way, I'm not too sure what to do. Any help would be appreciated. I am running Windows 7 Ultimate 64bit

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_30
Run by Persona at 14:11:12 on 2012-01-05
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4094.2475 [GMT -8:00]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\FolderSize\FolderSizeSvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
I:\Programs\Logitech\SetPointP\SetPoint.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
I:\Games\Steam\Steam.exe
C:\Users\Persona\AppData\Local\Akamai\netsession_win.exe
I:\Programs\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Users\Persona\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
I:\Programs\Logitech\SetPointG\SetPointII.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
I:\Programs\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Users\Persona\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Persona\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Persona\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Persona\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Persona\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Persona\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Persona\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Users\Persona\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = local;*.local
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - I:\Programs\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - I:\Programs\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - I:\Programs\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
uRun: [Steam] "I:\Games\Steam\steam.exe" -silent
uRun: [Akamai NetSession Interface] "C:\Users\Persona\AppData\Local\Akamai\netsession_win.exe"
uRun: [DAEMON Tools Lite] "I:\Programs\DAEMON Tools Lite\DTLite.exe" -autorun
mRun: [BCSSync] "I:\Programs\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [Malwarebytes' Anti-Malware] "I:\Programs\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - P:\WINDOW~1\Programs\MICROS~1\Office14\EXCEL.EXE/3000
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{80EF8BC1-294B-4651-9141-16858C7B3297} : DhcpNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
BHO-X64: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - I:\Programs\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - I:\Programs\Microsoft Office\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - I:\Programs\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll
TB-X64: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
mRun-x64: [BCSSync] "I:\Programs\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun-x64: [Malwarebytes' Anti-Malware] "I:\Programs\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Persona\AppData\Roaming\Mozilla\Firefox\Profiles\ypylqcfv.default\
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Users\Persona\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Users\Persona\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Persona\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - plugin: I:\Programs\Microsoft Office\Office14\NPAUTHZ.DLL
FF - plugin: I:\Programs\Microsoft Office\Office14\NPSPWRAP.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 20992]
R2 MBAMService;MBAMService;I:\Programs\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-29 652872]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-4-23 2253120]
R2 RtNdPt60;Realtek NDIS Protocol Driver;C:\Windows\system32\DRIVERS\RtNdPt60.sys --> C:\Windows\system32\DRIVERS\RtNdPt60.sys [?]
R3 HPFXBULKLEDM;HPFXBULKLEDM;C:\Windows\system32\drivers\hppdbulkio.sys --> C:\Windows\system32\drivers\hppdbulkio.sys [?]
R3 HPFXFAX;HPFXFAX;C:\Windows\system32\drivers\hppdfaxio.sys --> C:\Windows\system32\drivers\hppdfaxio.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 RTCore64;RTCore64;C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [2010-5-26 14648]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 HP LaserJet Service;HP LaserJet Service;C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [2010-10-25 145920]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\system32\DRIVERS\MijXfilt.sys --> C:\Windows\system32\DRIVERS\MijXfilt.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.0);C:\Windows\system32\DRIVERS\RtTeam60.sys --> C:\Windows\system32\DRIVERS\RtTeam60.sys [?]
S3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);C:\Windows\system32\DRIVERS\RtVlan60.sys --> C:\Windows\system32\DRIVERS\RtVlan60.sys [?]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.0);C:\Windows\system32\DRIVERS\RtTeam60.sys --> C:\Windows\system32\DRIVERS\RtTeam60.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 VLAN;Realtek Virtual Miniport Driver for VLAN (NDIS 6.2);C:\Windows\system32\DRIVERS\RtVLAN60.sys --> C:\Windows\system32\DRIVERS\RtVLAN60.sys [?]
.
=============== Created Last 30 ================
.
2012-01-05 07:17:36 -------- d-sh--w- C:\$RECYCLE.BIN
2012-01-05 07:13:15 98816 ----a-w- C:\Windows\sed.exe
2012-01-05 07:13:15 518144 ----a-w- C:\Windows\SWREG.exe
2012-01-05 07:13:15 256000 ----a-w- C:\Windows\PEV.exe
2012-01-05 07:13:15 208896 ----a-w- C:\Windows\MBR.exe
2012-01-05 07:13:11 -------- d-----w- C:\ComboFix
2012-01-05 05:40:26 525544 ----a-w- C:\Windows\System32\deployJava1.dll
2012-01-02 01:11:34 51712 ----a-w- C:\Windows\System32\drivers\RtTeam60.sys
2012-01-02 01:11:34 27136 ----a-w- C:\Windows\System32\drivers\RtNdPt60.sys
2012-01-02 01:11:34 24064 ----a-w- C:\Windows\System32\drivers\RtVlan60.sys
2012-01-02 01:11:34 -------- d-----w- C:\Program Files (x86)\Realtek
2012-01-02 01:06:19 21712 ----a-w- C:\Windows\SysWow64\drivers\DrvAgent64.SYS
2012-01-02 01:06:19 -------- d-----w- C:\Users\Persona\AppData\Local\eSupport.com
2011-12-28 10:01:42 -------- d-----w- C:\Users\Persona\AppData\Local\FNV_Save_Manager
2011-12-28 10:01:41 -------- d-----w- C:\Users\Persona\AppData\Roaming\New Vegas Save Manager
2011-12-27 08:33:01 -------- d-----w- C:\ProgramData\MediaMonkey
2011-12-27 08:32:59 -------- d-----w- C:\Users\Persona\AppData\Roaming\MediaMonkey
2011-12-26 05:39:02 -------- d-----w- C:\Users\Persona\AppData\Roaming\Ubisoft
2011-12-25 00:19:30 -------- d-----w- C:\Users\Persona\AppData\Local\Ubisoft Game Launcher
2011-12-25 00:18:52 3123272 ----a-w- C:\Windows\SysWow64\pbsvc.exe
2011-12-22 03:27:51 -------- d-----w- C:\Program Files (x86)\AMD
2011-12-22 03:27:50 77656 ----a-w- C:\Windows\System32\XAPOFX1_5.dll
2011-12-22 03:27:50 518488 ----a-w- C:\Windows\System32\XAudio2_7.dll
2011-12-22 03:27:50 2526056 ----a-w- C:\Windows\System32\D3DCompiler_43.dll
2011-12-22 03:27:50 1907552 ----a-w- C:\Windows\System32\d3dcsx_43.dll
2011-12-22 03:27:50 176984 ----a-w- C:\Windows\System32\xactengine3_7.dll
2011-12-22 03:27:49 511328 ----a-w- C:\Windows\System32\d3dx10_43.dll
2011-12-22 03:27:49 276832 ----a-w- C:\Windows\System32\d3dx11_43.dll
2011-12-22 03:27:49 2401112 ----a-w- C:\Windows\System32\D3DX9_43.dll
2011-12-21 05:15:07 -------- d-----w- C:\Users\Persona\AppData\Roaming\Stellarium
2011-12-21 00:01:50 -------- d-----w- C:\Users\Persona\AppData\Roaming\Doublefine
2011-12-21 00:00:57 74072 ----a-w- C:\Windows\SysWow64\XAPOFX1_5.dll
2011-12-21 00:00:57 527192 ----a-w- C:\Windows\SysWow64\XAudio2_7.dll
2011-12-21 00:00:57 248672 ----a-w- C:\Windows\SysWow64\d3dx11_43.dll
2011-12-21 00:00:57 239960 ----a-w- C:\Windows\SysWow64\xactengine3_7.dll
2011-12-21 00:00:57 2106216 ----a-w- C:\Windows\SysWow64\D3DCompiler_43.dll
2011-12-21 00:00:57 1868128 ----a-w- C:\Windows\SysWow64\d3dcsx_43.dll
2011-12-21 00:00:56 470880 ----a-w- C:\Windows\SysWow64\d3dx10_43.dll
2011-12-21 00:00:56 1998168 ----a-w- C:\Windows\SysWow64\D3DX9_43.dll
2011-12-19 20:17:44 -------- d-----w- C:\Users\Persona\AppData\Local\Fallout3
2011-12-17 11:59:40 -------- d-----w- C:\Users\Persona\AppData\Local\Black_Tree_Gaming
2011-12-17 05:55:39 1347344 ----a-w- C:\Windows\system\Msvbvm50.dll
2011-12-09 19:56:40 279616 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
2011-12-08 07:48:25 -------- d-----w- C:\GarrAT_Uninstall
2011-12-08 07:36:08 -------- d-----w- C:\Program Files (x86)\Thief - Deadly Shadows
.
==================== Find3M ====================
.
2012-01-05 05:39:45 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-01-04 20:55:24 151552 ----a-w- C:\Windows\KMSEmulator.exe_1325709414.arl
2011-12-26 07:46:04 280976 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2011-12-26 07:46:04 280976 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2011-12-26 06:54:00 280976 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2011-12-25 00:18:53 75136 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2011-12-10 23:24:08 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-11-18 18:18:49 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
.
============= FINISH: 14:11:25.17 ===============

Attached Files


Edited by McSpermie, 05 January 2012 - 05:38 PM.


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,600 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:54 AM

Posted 11 January 2012 - 05:40 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/436462 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 McSpermie

McSpermie
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:54 AM

Posted 11 January 2012 - 06:15 PM

As instructed, I haven't made any attempts to remove the virus myself once I made the post on this forum. In the past couple of days, the virus seems to have gotten worse and I am now getting blue screens again. I do have a copy of Windows 7 Ultimate 64bit available. However, I would really prefer to not reinstall windows. Again, I currently have Windows 7 Ultimate 64bit installed. Thanks in advance, I really appreciate the efforts by this site to help people and understand why it takes awhile to respond.


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_30
Run by Persona at 15:04:36 on 2012-01-11
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4094.2265 [GMT -8:00]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\FolderSize\FolderSizeSvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
I:\Programs\Logitech\SetPointP\SetPoint.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
I:\Games\Steam\Steam.exe
C:\Users\Persona\AppData\Local\Akamai\netsession_win.exe
I:\Programs\DAEMON Tools Lite\DTLite.exe
C:\Users\Persona\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
I:\Programs\Logitech\SetPointG\SetPointII.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
I:\Programs\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Users\Persona\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Persona\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Persona\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Persona\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Persona\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Persona\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Persona\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Persona\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Persona\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Persona\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Persona\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = local;*.local
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - I:\Programs\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - I:\Programs\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - I:\Programs\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
uRun: [Steam] "I:\Games\Steam\steam.exe" -silent
uRun: [Akamai NetSession Interface] "C:\Users\Persona\AppData\Local\Akamai\netsession_win.exe"
uRun: [DAEMON Tools Lite] "I:\Programs\DAEMON Tools Lite\DTLite.exe" -autorun
mRun: [BCSSync] "I:\Programs\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [Malwarebytes' Anti-Malware] "I:\Programs\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - P:\WINDOW~1\Programs\MICROS~1\Office14\EXCEL.EXE/3000
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{80EF8BC1-294B-4651-9141-16858C7B3297} : DhcpNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
BHO-X64: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - I:\Programs\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - I:\Programs\Microsoft Office\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - I:\Programs\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll
TB-X64: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
mRun-x64: [BCSSync] "I:\Programs\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun-x64: [Malwarebytes' Anti-Malware] "I:\Programs\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Persona\AppData\Roaming\Mozilla\Firefox\Profiles\ypylqcfv.default\
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Users\Persona\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Users\Persona\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Persona\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - plugin: I:\Programs\Microsoft Office\Office14\NPAUTHZ.DLL
FF - plugin: I:\Programs\Microsoft Office\Office14\NPSPWRAP.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 20992]
R2 MBAMService;MBAMService;I:\Programs\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-29 652872]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-4-23 2253120]
R2 RtNdPt60;Realtek NDIS Protocol Driver;C:\Windows\system32\DRIVERS\RtNdPt60.sys --> C:\Windows\system32\DRIVERS\RtNdPt60.sys [?]
R3 HPFXBULKLEDM;HPFXBULKLEDM;C:\Windows\system32\drivers\hppdbulkio.sys --> C:\Windows\system32\drivers\hppdbulkio.sys [?]
R3 HPFXFAX;HPFXFAX;C:\Windows\system32\drivers\hppdfaxio.sys --> C:\Windows\system32\drivers\hppdfaxio.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 RTCore64;RTCore64;C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [2010-5-26 14648]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 HP LaserJet Service;HP LaserJet Service;C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [2010-10-25 145920]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\system32\DRIVERS\MijXfilt.sys --> C:\Windows\system32\DRIVERS\MijXfilt.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.0);C:\Windows\system32\DRIVERS\RtTeam60.sys --> C:\Windows\system32\DRIVERS\RtTeam60.sys [?]
S3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);C:\Windows\system32\DRIVERS\RtVlan60.sys --> C:\Windows\system32\DRIVERS\RtVlan60.sys [?]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.0);C:\Windows\system32\DRIVERS\RtTeam60.sys --> C:\Windows\system32\DRIVERS\RtTeam60.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 VLAN;Realtek Virtual Miniport Driver for VLAN (NDIS 6.2);C:\Windows\system32\DRIVERS\RtVLAN60.sys --> C:\Windows\system32\DRIVERS\RtVLAN60.sys [?]
.
=============== Created Last 30 ================
.
2012-01-10 23:13:10 -------- d-----w- C:\Users\Persona\AppData\Local\Woutre
2012-01-05 07:17:36 -------- d-sh--w- C:\$RECYCLE.BIN
2012-01-05 07:13:15 98816 ----a-w- C:\Windows\sed.exe
2012-01-05 07:13:15 518144 ----a-w- C:\Windows\SWREG.exe
2012-01-05 07:13:15 256000 ----a-w- C:\Windows\PEV.exe
2012-01-05 07:13:15 208896 ----a-w- C:\Windows\MBR.exe
2012-01-05 07:13:11 -------- d-----w- C:\ComboFix
2012-01-05 05:40:26 525544 ----a-w- C:\Windows\System32\deployJava1.dll
2012-01-02 01:11:34 51712 ----a-w- C:\Windows\System32\drivers\RtTeam60.sys
2012-01-02 01:11:34 27136 ----a-w- C:\Windows\System32\drivers\RtNdPt60.sys
2012-01-02 01:11:34 24064 ----a-w- C:\Windows\System32\drivers\RtVlan60.sys
2012-01-02 01:11:34 -------- d-----w- C:\Program Files (x86)\Realtek
2012-01-02 01:06:19 21712 ----a-w- C:\Windows\SysWow64\drivers\DrvAgent64.SYS
2012-01-02 01:06:19 -------- d-----w- C:\Users\Persona\AppData\Local\eSupport.com
2011-12-28 10:01:42 -------- d-----w- C:\Users\Persona\AppData\Local\FNV_Save_Manager
2011-12-28 10:01:41 -------- d-----w- C:\Users\Persona\AppData\Roaming\New Vegas Save Manager
2011-12-27 08:33:01 -------- d-----w- C:\ProgramData\MediaMonkey
2011-12-27 08:32:59 -------- d-----w- C:\Users\Persona\AppData\Roaming\MediaMonkey
2011-12-26 05:39:02 -------- d-----w- C:\Users\Persona\AppData\Roaming\Ubisoft
2011-12-25 00:19:30 -------- d-----w- C:\Users\Persona\AppData\Local\Ubisoft Game Launcher
2011-12-25 00:18:52 3123272 ----a-w- C:\Windows\SysWow64\pbsvc.exe
2011-12-22 03:27:51 -------- d-----w- C:\Program Files (x86)\AMD
2011-12-22 03:27:50 77656 ----a-w- C:\Windows\System32\XAPOFX1_5.dll
2011-12-22 03:27:50 518488 ----a-w- C:\Windows\System32\XAudio2_7.dll
2011-12-22 03:27:50 2526056 ----a-w- C:\Windows\System32\D3DCompiler_43.dll
2011-12-22 03:27:50 1907552 ----a-w- C:\Windows\System32\d3dcsx_43.dll
2011-12-22 03:27:50 176984 ----a-w- C:\Windows\System32\xactengine3_7.dll
2011-12-22 03:27:49 511328 ----a-w- C:\Windows\System32\d3dx10_43.dll
2011-12-22 03:27:49 276832 ----a-w- C:\Windows\System32\d3dx11_43.dll
2011-12-22 03:27:49 2401112 ----a-w- C:\Windows\System32\D3DX9_43.dll
2011-12-21 05:15:07 -------- d-----w- C:\Users\Persona\AppData\Roaming\Stellarium
2011-12-21 00:01:50 -------- d-----w- C:\Users\Persona\AppData\Roaming\Doublefine
2011-12-21 00:00:57 74072 ----a-w- C:\Windows\SysWow64\XAPOFX1_5.dll
2011-12-21 00:00:57 527192 ----a-w- C:\Windows\SysWow64\XAudio2_7.dll
2011-12-21 00:00:57 248672 ----a-w- C:\Windows\SysWow64\d3dx11_43.dll
2011-12-21 00:00:57 239960 ----a-w- C:\Windows\SysWow64\xactengine3_7.dll
2011-12-21 00:00:57 2106216 ----a-w- C:\Windows\SysWow64\D3DCompiler_43.dll
2011-12-21 00:00:57 1868128 ----a-w- C:\Windows\SysWow64\d3dcsx_43.dll
2011-12-21 00:00:56 470880 ----a-w- C:\Windows\SysWow64\d3dx10_43.dll
2011-12-21 00:00:56 1998168 ----a-w- C:\Windows\SysWow64\D3DX9_43.dll
2011-12-19 20:17:44 -------- d-----w- C:\Users\Persona\AppData\Local\Fallout3
2011-12-17 11:59:40 -------- d-----w- C:\Users\Persona\AppData\Local\Black_Tree_Gaming
2011-12-17 05:55:39 1347344 ----a-w- C:\Windows\system\Msvbvm50.dll
.
==================== Find3M ====================
.
2012-01-05 05:39:45 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-01-04 20:55:24 151552 ----a-w- C:\Windows\KMSEmulator.exe_1325709414.arl
2011-12-26 07:46:04 280976 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2011-12-26 07:46:04 280976 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2011-12-26 06:54:00 280976 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2011-12-25 00:18:53 75136 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2011-12-10 23:24:08 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-12-09 19:56:40 279616 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
2011-11-18 18:18:49 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
.
============= FINISH: 15:04:48.62 ===============

Attached Files



#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:54 AM

Posted 12 January 2012 - 01:24 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 McSpermie

McSpermie
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:54 AM

Posted 12 January 2012 - 01:50 AM

Here is my log from Combofix:


ComboFix 12-01-11.01 - Persona 01/11/2012 22:41:16.2.4 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4094.2906 [GMT -8:00]
Running from: c:\users\Persona\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-12-12 to 2012-01-12 )))))))))))))))))))))))))))))))
.
.
2012-01-12 06:43 . 2012-01-12 06:43 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-01-12 06:43 . 2012-01-12 06:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-05 05:40 . 2012-01-05 05:40 525544 ----a-w- c:\windows\system32\deployJava1.dll
2012-01-05 05:40 . 2012-01-05 05:40 -------- d-----w- c:\program files\Java
2012-01-05 05:40 . 2012-01-05 05:40 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-01-02 01:11 . 2012-01-02 01:11 -------- d-----w- c:\program files (x86)\Realtek
2012-01-02 01:11 . 2009-12-21 15:39 51712 ----a-w- c:\windows\system32\drivers\RtTeam60.sys
2012-01-02 01:11 . 2009-07-20 02:27 27136 ----a-w- c:\windows\system32\drivers\RtNdPt60.sys
2012-01-02 01:11 . 2007-12-03 02:20 24064 ----a-w- c:\windows\system32\drivers\RtVlan60.sys
2012-01-02 01:06 . 2012-01-02 01:10 -------- d-----w- c:\users\Persona\AppData\Local\eSupport.com
2012-01-02 01:06 . 2012-01-02 01:06 21712 ----a-w- c:\windows\SysWow64\drivers\DrvAgent64.SYS
2011-12-28 10:01 . 2011-12-28 10:01 -------- d-----w- c:\users\Persona\AppData\Local\FNV_Save_Manager
2011-12-28 10:01 . 2011-12-28 10:01 -------- d-----w- c:\users\Persona\AppData\Roaming\New Vegas Save Manager
2011-12-27 08:33 . 2011-12-27 21:45 -------- d-----w- c:\programdata\MediaMonkey
2011-12-27 08:32 . 2012-01-06 04:02 -------- d-----w- c:\users\Persona\AppData\Roaming\MediaMonkey
2011-12-26 05:39 . 2011-12-26 05:39 -------- d-----w- c:\users\Persona\AppData\Roaming\Ubisoft
2011-12-25 00:19 . 2011-12-25 00:29 -------- d-----w- c:\users\Persona\AppData\Local\Ubisoft Game Launcher
2011-12-25 00:18 . 2011-12-25 00:18 -------- d-----w- c:\program files (x86)\Ubisoft
2011-12-25 00:18 . 2011-12-24 11:07 3123272 ----a-w- c:\windows\SysWow64\pbsvc.exe
2011-12-22 03:27 . 2011-12-22 03:27 -------- d-----w- c:\program files (x86)\AMD
2011-12-22 03:27 . 2010-06-02 12:55 77656 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2011-12-22 03:27 . 2010-06-02 12:55 518488 ----a-w- c:\windows\system32\XAudio2_7.dll
2011-12-22 03:27 . 2010-06-02 12:55 176984 ----a-w- c:\windows\system32\xactengine3_7.dll
2011-12-22 03:27 . 2010-05-26 19:41 2526056 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2011-12-22 03:27 . 2010-05-26 19:41 1907552 ----a-w- c:\windows\system32\d3dcsx_43.dll
2011-12-22 03:27 . 2010-05-26 19:41 511328 ----a-w- c:\windows\system32\d3dx10_43.dll
2011-12-22 03:27 . 2010-05-26 19:41 276832 ----a-w- c:\windows\system32\d3dx11_43.dll
2011-12-22 03:27 . 2010-05-26 19:41 2401112 ----a-w- c:\windows\system32\D3DX9_43.dll
2011-12-21 05:15 . 2011-12-21 05:15 -------- d-----w- c:\users\Persona\AppData\Roaming\Stellarium
2011-12-21 00:01 . 2011-12-21 00:01 -------- d-----w- c:\users\Persona\AppData\Roaming\Doublefine
2011-12-21 00:00 . 2010-06-02 12:55 74072 ----a-w- c:\windows\SysWow64\XAPOFX1_5.dll
2011-12-21 00:00 . 2010-06-02 12:55 527192 ----a-w- c:\windows\SysWow64\XAudio2_7.dll
2011-12-21 00:00 . 2010-06-02 12:55 239960 ----a-w- c:\windows\SysWow64\xactengine3_7.dll
2011-12-21 00:00 . 2010-05-26 19:41 248672 ----a-w- c:\windows\SysWow64\d3dx11_43.dll
2011-12-21 00:00 . 2010-05-26 19:41 2106216 ----a-w- c:\windows\SysWow64\D3DCompiler_43.dll
2011-12-21 00:00 . 2010-05-26 19:41 1868128 ----a-w- c:\windows\SysWow64\d3dcsx_43.dll
2011-12-21 00:00 . 2010-05-26 19:41 470880 ----a-w- c:\windows\SysWow64\d3dx10_43.dll
2011-12-21 00:00 . 2010-05-26 19:41 1998168 ----a-w- c:\windows\SysWow64\D3DX9_43.dll
2011-12-19 20:17 . 2011-12-23 04:06 -------- d-----w- c:\users\Persona\AppData\Local\Fallout3
2011-12-17 11:59 . 2012-01-05 08:47 -------- d-----w- c:\users\Persona\AppData\Local\Black_Tree_Gaming
2011-12-17 05:55 . 1997-07-20 00:55 1347344 ----a-w- c:\windows\system\Msvbvm50.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-05 05:39 . 2011-04-01 02:30 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-01-04 20:55 . 2011-04-22 02:25 151552 ----a-w- c:\windows\KMSEmulator.exe_1325709414.arl
2011-12-26 07:46 . 2011-03-30 00:41 280976 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2011-12-26 07:46 . 2011-03-29 21:08 280976 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-12-26 06:54 . 2011-03-29 21:08 280976 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2011-12-25 00:18 . 2011-03-29 21:08 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2011-12-10 23:24 . 2011-03-20 02:06 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-09 19:56 . 2011-12-09 19:56 279616 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-12-09 19:54 . 2011-03-20 03:52 530488 ----a-w- c:\windows\system32\drivers\sptd.sys
2011-11-18 18:18 . 2011-07-02 09:59 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-15 08:53 . 2011-11-10 20:01 7581504 ----a-w- c:\windows\system32\nvcuda.dll
2011-10-15 08:53 . 2011-11-10 20:01 7041856 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2011-10-15 08:53 . 2011-11-10 20:01 68928 ----a-w- c:\windows\system32\OpenCL.dll
2011-10-15 08:53 . 2011-11-10 20:01 61248 ----a-w- c:\windows\SysWow64\OpenCL.dll
2011-10-15 08:53 . 2011-11-10 20:01 5578560 ----a-w- c:\windows\SysWow64\nvcuda.dll
2011-10-15 08:53 . 2011-11-10 20:01 2542912 ----a-w- c:\windows\system32\nvcuvid.dll
2011-10-15 08:53 . 2011-11-10 20:01 24796992 ----a-w- c:\windows\system32\nvcompiler.dll
2011-10-15 08:53 . 2011-11-10 20:01 24742720 ----a-w- c:\windows\system32\nvoglv64.dll
2011-10-15 08:53 . 2011-11-10 20:01 2401088 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2011-10-15 08:53 . 2011-11-10 20:01 2232128 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-10-15 08:53 . 2011-11-10 20:01 2099520 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2011-10-15 08:53 . 2011-11-10 20:01 18871616 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2011-10-15 08:53 . 2011-11-10 20:01 17248576 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2011-10-15 08:53 . 2011-11-10 20:01 15693120 ----a-w- c:\windows\system32\nvd3dumx.dll
2011-10-15 08:53 . 2011-11-10 20:01 12971840 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2011-10-15 08:53 . 2011-08-10 01:45 1533248 ----a-w- c:\windows\system32\nvdispco64.dll
2011-10-15 08:53 . 2011-08-10 01:45 1454400 ----a-w- c:\windows\system32\nvgenco64.dll
2011-10-15 08:53 . 2011-08-10 01:45 13205312 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2011-10-15 08:53 . 2011-04-08 06:19 222528 ----a-w- c:\windows\system32\nvmctray.dll
2011-10-15 08:53 . 2011-04-08 06:19 837952 ----a-w- c:\windows\system32\easyupdatusapiu64.dll
2011-10-15 08:53 . 2011-04-08 06:19 1640768 ----a-w- c:\windows\system32\nvvsvc.exe
2011-10-15 08:53 . 2011-04-08 06:19 10406208 ----a-w- c:\windows\system32\nvcpl.dll
2011-10-15 08:53 . 2011-04-08 06:19 5067584 ----a-w- c:\windows\system32\nvsvc64.dll
2011-10-15 08:53 . 2011-03-19 22:45 8791360 ----a-w- c:\windows\system32\nvwgf2umx.dll
2011-10-15 08:53 . 2011-03-19 22:45 2808128 ----a-w- c:\windows\system32\nvapi64.dll
2011-10-15 08:53 . 2011-03-19 22:45 2458432 ----a-w- c:\windows\SysWow64\nvapi.dll
2011-10-15 08:53 . 2011-01-08 03:48 137536 ----a-w- c:\windows\system32\nvshext.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-01-05_07.17.36 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-03-19 22:49 . 2012-01-12 06:41 47348 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-01-12 06:41 32108 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-03-19 22:40 . 2012-01-12 06:41 15756 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1723812288-2571569341-1765413396-1001_UserData.bin
- 2009-07-14 05:30 . 2012-01-05 06:14 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2009-07-14 05:30 . 2012-01-05 07:49 86016 c:\windows\system32\DriverStore\infpub.dat
- 2011-03-19 22:32 . 2012-01-05 06:49 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-03-19 22:32 . 2012-01-11 22:23 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-03-19 22:32 . 2012-01-05 06:49 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-03-19 22:32 . 2012-01-11 22:23 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-01-11 22:23 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-01-05 06:49 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:46 . 2012-01-05 07:37 63936 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2011-03-19 22:40 . 2012-01-12 06:08 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-03-19 22:40 . 2012-01-05 07:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-03-19 22:40 . 2012-01-12 06:08 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-03-19 22:40 . 2012-01-05 07:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-01-10 11:16 . 2012-01-10 11:16 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
- 2012-01-01 23:45 . 2012-01-01 23:45 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
+ 2012-01-10 11:16 . 2012-01-10 11:16 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
- 2012-01-01 23:45 . 2012-01-01 23:45 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2012-01-05 07:56 . 2012-01-05 07:56 9560 c:\windows\system32\NetworkList\Icons\{BC843D01-8D18-43A6-96CD-300DC289997F}_48.bin
+ 2012-01-05 07:56 . 2012-01-05 07:56 4280 c:\windows\system32\NetworkList\Icons\{BC843D01-8D18-43A6-96CD-300DC289997F}_32.bin
+ 2012-01-05 07:56 . 2012-01-05 07:56 2456 c:\windows\system32\NetworkList\Icons\{BC843D01-8D18-43A6-96CD-300DC289997F}_24.bin
+ 2012-01-12 06:44 . 2012-01-12 06:44 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-01-05 07:17 . 2012-01-05 07:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-01-05 07:17 . 2012-01-05 07:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-01-12 06:44 . 2012-01-12 06:44 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 02:36 . 2012-01-11 21:40 662632 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-01-05 06:01 662632 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-01-05 06:01 121500 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-01-11 21:40 121500 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:30 . 2012-01-05 07:49 143360 c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2012-01-05 06:14 143360 c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:01 . 2012-01-05 07:16 407096 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-01-12 06:43 407096 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2012-01-01 23:45 . 2012-01-01 23:45 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2012-01-10 11:16 . 2012-01-10 11:16 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
- 2012-01-01 23:45 . 2012-01-01 23:45 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
+ 2012-01-10 11:16 . 2012-01-10 11:16 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
+ 2012-01-10 11:16 . 2012-01-10 11:16 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
- 2012-01-01 23:45 . 2012-01-01 23:45 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2012-01-10 11:16 . 2012-01-10 11:16 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
- 2012-01-01 23:45 . 2012-01-01 23:45 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
+ 2012-01-10 11:16 . 2012-01-10 11:16 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
- 2012-01-01 23:45 . 2012-01-01 23:45 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
+ 2012-01-10 11:16 . 2012-01-10 11:16 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2012-01-01 23:45 . 2012-01-01 23:45 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2012-01-10 11:16 . 2012-01-10 11:16 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2012-01-01 23:45 . 2012-01-01 23:45 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2012-01-01 23:45 . 2012-01-01 23:45 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2012-01-10 11:16 . 2012-01-10 11:16 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2012-01-01 23:45 . 2012-01-01 23:45 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2012-01-10 11:16 . 2012-01-10 11:16 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2012-01-01 23:45 . 2012-01-01 23:45 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2012-01-10 11:16 . 2012-01-10 11:16 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2012-01-10 11:16 . 2012-01-10 11:16 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2012-01-01 23:45 . 2012-01-01 23:45 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2012-01-01 23:45 . 2012-01-01 23:45 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2012-01-10 11:16 . 2012-01-10 11:16 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2012-01-01 23:45 . 2012-01-01 23:45 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2012-01-10 11:16 . 2012-01-10 11:16 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2012-01-01 23:45 . 2012-01-01 23:45 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2012-01-10 11:16 . 2012-01-10 11:16 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
- 2009-07-14 02:34 . 2012-01-05 06:13 9961472 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2012-01-11 22:38 9961472 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2009-07-14 04:45 . 2012-01-05 07:19 3606945 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-14 04:45 . 2011-10-16 19:27 3606945 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2012-01-01 23:45 . 2012-01-01 23:45 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2012-01-10 11:16 . 2012-01-10 11:16 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2012-01-01 23:45 . 2012-01-01 23:45 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2012-01-10 11:16 . 2012-01-10 11:16 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-03-21 04:43 . 2012-01-12 06:43 57738660 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1723812288-2571569341-1765413396-1001-12288.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2011-10-20 641400]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-06-25 3077528]
"Steam"="i:\games\Steam\steam.exe" [2011-09-23 1242448]
"Akamai NetSession Interface"="c:\users\Persona\AppData\Local\Akamai\netsession_win.exe" [2011-12-13 3305760]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"="i:\programs\Microsoft Office\Office14\BCSSync.exe" [2010-01-22 91520]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"Malwarebytes' Anti-Malware"="i:\programs\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-25 460872]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HP LaserJet Service;HP LaserJet Service;c:\program files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [2010-10-25 145920]
R2 MBAMService;MBAMService;i:\programs\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-25 652872]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.0);c:\windows\system32\DRIVERS\RtTeam60.sys [x]
R3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtVlan60.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.0);c:\windows\system32\DRIVERS\RtTeam60.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 VLAN;Realtek Virtual Miniport Driver for VLAN (NDIS 6.2);c:\windows\system32\DRIVERS\RtVLAN60.sys [x]
R4 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys [x]
S3 HPFXBULKLEDM;HPFXBULKLEDM;c:\windows\system32\drivers\hppdbulkio.sys [x]
S3 HPFXFAX;HPFXFAX;c:\windows\system32\drivers\hppdfaxio.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 RTCore64;RTCore64;c:\program files (x86)\MSI Afterburner\RTCore64.sys [2010-05-27 14648]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1723812288-2571569341-1765413396-1001Core.job
- c:\users\Persona\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-19 23:52]
.
2012-01-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1723812288-2571569341-1765413396-1001UA.job
- c:\users\Persona\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-19 23:52]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-10-01 825184]
"EvtMgr6"="i:\programs\Logitech\SetPointP\SetPoint.exe" [2011-06-23 1744152]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-30 499608]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = local;*.local
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - p:\window~1\Programs\MICROS~1\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Persona\AppData\Roaming\Mozilla\Firefox\Profiles\ypylqcfv.default\
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_b427739.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1723812288-2571569341-1765413396-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:ff,94,7e,33,a4,3b,2b,21,a5,80,83,61,05,24,0f,cb,8c,dc,2b,51,e8,38,fd,
11,66,0e,ff,c9,26,e2,ed,96,1c,9e,38,ce,98,ba,4d,00,a5,18,cb,8a,a7,42,25,39,\
"??"=hex:47,98,4b,31,af,12,06,c3,ea,cc,d5,9c,d0,0e,72,dc
.
[HKEY_USERS\S-1-5-21-1723812288-2571569341-1765413396-1001\Software\SecuROM\License information*]
"datasecu"=hex:e6,77,ec,fe,b1,33,9a,74,8b,9d,ad,af,c9,02,f8,bd,3b,c4,06,dc,ac,
03,06,a5,05,c4,a4,fa,39,2d,a0,d9,0e,fd,f8,bb,1b,d6,05,85,6b,35,84,fb,ef,0b,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\MSI Afterburner\MSIAfterburner.exe
c:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Completion time: 2012-01-11 22:45:49 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-12 06:45
ComboFix2.txt 2012-01-05 07:18
.
Pre-Run: 7,227,162,624 bytes free
Post-Run: 7,494,979,584 bytes free
.
- - End Of File - - 8EB7ABC88B575BC2043DB95C422DBD42


Combofix ran perfectly, after it finished scanning it rebooted the computer. I will have to use the computer for awhile to see if the internet is back to normal, but for now it seems pretty good. However, this happened the first time I ran combofix. So maybe the log can tell you something useful for a next course of action. Thank you Gringo, I really appreciate it.

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:54 AM

Posted 12 January 2012 - 01:59 AM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 McSpermie

McSpermie
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:54 AM

Posted 12 January 2012 - 02:07 AM

23:05:02.0673 5096 TDSS rootkit removing tool 2.7.0.0 Jan 10 2012 09:14:26
23:05:03.0113 5096 ============================================================
23:05:03.0113 5096 Current date / time: 2012/01/11 23:05:03.0113
23:05:03.0113 5096 SystemInfo:
23:05:03.0113 5096
23:05:03.0113 5096 OS Version: 6.1.7600 ServicePack: 0.0
23:05:03.0113 5096 Product type: Workstation
23:05:03.0113 5096 ComputerName: POWERTOWER
23:05:03.0113 5096 UserName: Persona
23:05:03.0113 5096 Windows directory: C:\Windows
23:05:03.0113 5096 System windows directory: C:\Windows
23:05:03.0113 5096 Running under WOW64
23:05:03.0113 5096 Processor architecture: Intel x64
23:05:03.0113 5096 Number of processors: 4
23:05:03.0113 5096 Page size: 0x1000
23:05:03.0113 5096 Boot type: Normal boot
23:05:03.0113 5096 ============================================================
23:05:03.0473 5096 Drive \Device\Harddisk0\DR0 - Size: 0x7745D6000, SectorSize: 0x200, Cylinders: 0xF34, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K', Flags 0x00000040
23:05:03.0473 5096 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0CADE00, SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K', Flags 0x00000040
23:05:03.0493 5096 Drive \Device\Harddisk2\DR2 - Size: 0xE8E0DB6000, SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K', Flags 0x00000040
23:05:03.0503 5096 Drive \Device\Harddisk3\DR3 - Size: 0xAEA8CDE000, SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K', Flags 0x00000040
23:05:03.0523 5096 Drive \Device\Harddisk4\DR4 - Size: 0x1DB1C1000, SectorSize: 0x1000, Cylinders: 0x79, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
23:05:03.0553 5096 Initialize success
23:05:12.0513 4728 ============================================================
23:05:12.0513 4728 Scan started
23:05:12.0513 4728 Mode: Manual;
23:05:12.0513 4728 ============================================================
23:05:12.0663 4728 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
23:05:12.0673 4728 1394ohci - ok
23:05:12.0683 4728 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
23:05:12.0683 4728 ACPI - ok
23:05:12.0693 4728 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
23:05:12.0693 4728 AcpiPmi - ok
23:05:12.0713 4728 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
23:05:12.0713 4728 adp94xx - ok
23:05:12.0723 4728 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
23:05:12.0733 4728 adpahci - ok
23:05:12.0743 4728 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
23:05:12.0743 4728 adpu320 - ok
23:05:12.0763 4728 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
23:05:12.0763 4728 AFD - ok
23:05:12.0773 4728 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
23:05:12.0773 4728 agp440 - ok
23:05:12.0783 4728 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
23:05:12.0783 4728 aliide - ok
23:05:12.0803 4728 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
23:05:12.0803 4728 amdide - ok
23:05:12.0813 4728 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
23:05:12.0813 4728 AmdK8 - ok
23:05:12.0823 4728 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
23:05:12.0823 4728 AmdPPM - ok
23:05:12.0833 4728 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
23:05:12.0833 4728 amdsata - ok
23:05:12.0843 4728 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
23:05:12.0853 4728 amdsbs - ok
23:05:12.0853 4728 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
23:05:12.0853 4728 amdxata - ok
23:05:12.0873 4728 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
23:05:12.0873 4728 AppID - ok
23:05:12.0883 4728 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
23:05:12.0883 4728 arc - ok
23:05:12.0893 4728 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
23:05:12.0893 4728 arcsas - ok
23:05:12.0923 4728 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
23:05:12.0923 4728 AsyncMac - ok
23:05:12.0933 4728 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
23:05:12.0933 4728 atapi - ok
23:05:12.0953 4728 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
23:05:12.0953 4728 b06bdrv - ok
23:05:12.0973 4728 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
23:05:12.0973 4728 b57nd60a - ok
23:05:12.0993 4728 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
23:05:12.0993 4728 Beep - ok
23:05:13.0003 4728 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
23:05:13.0003 4728 blbdrive - ok
23:05:13.0023 4728 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
23:05:13.0023 4728 bowser - ok
23:05:13.0023 4728 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
23:05:13.0033 4728 BrFiltLo - ok
23:05:13.0033 4728 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
23:05:13.0033 4728 BrFiltUp - ok
23:05:13.0053 4728 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
23:05:13.0053 4728 BridgeMP - ok
23:05:13.0063 4728 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
23:05:13.0073 4728 Brserid - ok
23:05:13.0073 4728 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
23:05:13.0073 4728 BrSerWdm - ok
23:05:13.0093 4728 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
23:05:13.0093 4728 BrUsbMdm - ok
23:05:13.0103 4728 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
23:05:13.0103 4728 BrUsbSer - ok
23:05:13.0113 4728 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
23:05:13.0113 4728 BTHMODEM - ok
23:05:13.0113 4728 catchme - ok
23:05:13.0133 4728 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
23:05:13.0133 4728 cdfs - ok
23:05:13.0143 4728 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
23:05:13.0143 4728 cdrom - ok
23:05:13.0153 4728 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
23:05:13.0153 4728 circlass - ok
23:05:13.0173 4728 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
23:05:13.0173 4728 CLFS - ok
23:05:13.0183 4728 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
23:05:13.0193 4728 CmBatt - ok
23:05:13.0193 4728 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
23:05:13.0193 4728 cmdide - ok
23:05:13.0323 4728 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
23:05:13.0333 4728 CNG - ok
23:05:13.0343 4728 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
23:05:13.0343 4728 Compbatt - ok
23:05:13.0353 4728 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
23:05:13.0353 4728 CompositeBus - ok
23:05:13.0373 4728 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
23:05:13.0373 4728 crcdisk - ok
23:05:13.0393 4728 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
23:05:13.0393 4728 CSC - ok
23:05:13.0413 4728 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
23:05:13.0413 4728 DfsC - ok
23:05:13.0423 4728 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
23:05:13.0423 4728 discache - ok
23:05:13.0433 4728 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
23:05:13.0433 4728 Disk - ok
23:05:13.0453 4728 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
23:05:13.0453 4728 drmkaud - ok
23:05:13.0463 4728 dtsoftbus01 (400582b09e0bb557d0ec28a945150eeb) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
23:05:13.0463 4728 dtsoftbus01 - ok
23:05:13.0483 4728 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
23:05:13.0493 4728 DXGKrnl - ok
23:05:13.0533 4728 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
23:05:13.0563 4728 ebdrv - ok
23:05:13.0583 4728 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
23:05:13.0593 4728 elxstor - ok
23:05:13.0593 4728 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
23:05:13.0593 4728 ErrDev - ok
23:05:13.0613 4728 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
23:05:13.0613 4728 exfat - ok
23:05:13.0633 4728 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
23:05:13.0633 4728 fastfat - ok
23:05:13.0643 4728 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
23:05:13.0643 4728 fdc - ok
23:05:13.0653 4728 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
23:05:13.0653 4728 FileInfo - ok
23:05:13.0673 4728 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
23:05:13.0673 4728 Filetrace - ok
23:05:13.0673 4728 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
23:05:13.0673 4728 flpydisk - ok
23:05:13.0693 4728 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
23:05:13.0693 4728 FltMgr - ok
23:05:13.0713 4728 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
23:05:13.0713 4728 FsDepends - ok
23:05:13.0723 4728 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
23:05:13.0723 4728 Fs_Rec - ok
23:05:13.0733 4728 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
23:05:13.0733 4728 fvevol - ok
23:05:13.0743 4728 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
23:05:13.0743 4728 gagp30kx - ok
23:05:13.0753 4728 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
23:05:13.0753 4728 GEARAspiWDM - ok
23:05:13.0763 4728 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
23:05:13.0763 4728 hcw85cir - ok
23:05:13.0783 4728 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
23:05:13.0783 4728 HdAudAddService - ok
23:05:13.0793 4728 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
23:05:13.0793 4728 HDAudBus - ok
23:05:13.0803 4728 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
23:05:13.0803 4728 HidBatt - ok
23:05:13.0813 4728 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
23:05:13.0823 4728 HidBth - ok
23:05:13.0823 4728 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
23:05:13.0823 4728 HidIr - ok
23:05:13.0843 4728 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
23:05:13.0843 4728 HidUsb - ok
23:05:13.0863 4728 HPFXBULKLEDM (e325f85012e793cee74b73c4f22ae311) C:\Windows\system32\drivers\hppdbulkio.sys
23:05:13.0863 4728 HPFXBULKLEDM - ok
23:05:13.0873 4728 HPFXFAX (aa2790dda5ebe22fe5aac11da1103e5b) C:\Windows\system32\drivers\hppdfaxio.sys
23:05:13.0873 4728 HPFXFAX - ok
23:05:13.0883 4728 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
23:05:13.0883 4728 HpSAMD - ok
23:05:13.0903 4728 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
23:05:13.0903 4728 HTTP - ok
23:05:13.0913 4728 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
23:05:13.0913 4728 hwpolicy - ok
23:05:13.0923 4728 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
23:05:13.0923 4728 i8042prt - ok
23:05:13.0943 4728 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
23:05:13.0953 4728 iaStorV - ok
23:05:13.0953 4728 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
23:05:13.0963 4728 iirsp - ok
23:05:13.0973 4728 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
23:05:13.0973 4728 intelide - ok
23:05:13.0983 4728 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
23:05:13.0983 4728 intelppm - ok
23:05:13.0993 4728 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:05:13.0993 4728 IpFilterDriver - ok
23:05:14.0003 4728 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
23:05:14.0003 4728 IPMIDRV - ok
23:05:14.0023 4728 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
23:05:14.0023 4728 IPNAT - ok
23:05:14.0033 4728 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
23:05:14.0033 4728 IRENUM - ok
23:05:14.0033 4728 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
23:05:14.0043 4728 isapnp - ok
23:05:14.0053 4728 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
23:05:14.0053 4728 iScsiPrt - ok
23:05:14.0063 4728 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
23:05:14.0063 4728 kbdclass - ok
23:05:14.0073 4728 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
23:05:14.0073 4728 kbdhid - ok
23:05:14.0083 4728 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
23:05:14.0093 4728 KSecDD - ok
23:05:14.0093 4728 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
23:05:14.0103 4728 KSecPkg - ok
23:05:14.0103 4728 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
23:05:14.0103 4728 ksthunk - ok
23:05:14.0133 4728 LHidFilt (1074c77a47835e03c15bf92452f9a750) C:\Windows\system32\DRIVERS\LHidFilt.Sys
23:05:14.0133 4728 LHidFilt - ok
23:05:14.0133 4728 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
23:05:14.0143 4728 lltdio - ok
23:05:14.0153 4728 LMouFilt (96999c364c649e2866a268f7420a304a) C:\Windows\system32\DRIVERS\LMouFilt.Sys
23:05:14.0153 4728 LMouFilt - ok
23:05:14.0163 4728 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
23:05:14.0163 4728 LSI_FC - ok
23:05:14.0173 4728 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
23:05:14.0173 4728 LSI_SAS - ok
23:05:14.0183 4728 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
23:05:14.0183 4728 LSI_SAS2 - ok
23:05:14.0203 4728 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
23:05:14.0203 4728 LSI_SCSI - ok
23:05:14.0213 4728 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
23:05:14.0213 4728 luafv - ok
23:05:14.0223 4728 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
23:05:14.0223 4728 MBAMProtector - ok
23:05:14.0233 4728 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
23:05:14.0233 4728 megasas - ok
23:05:14.0243 4728 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
23:05:14.0253 4728 MegaSR - ok
23:05:14.0263 4728 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
23:05:14.0263 4728 Modem - ok
23:05:14.0273 4728 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
23:05:14.0273 4728 monitor - ok
23:05:14.0283 4728 MotioninJoyXFilter (fc44ad48746ffa5fd640ef1260ab5ec2) C:\Windows\system32\DRIVERS\MijXfilt.sys
23:05:14.0283 4728 MotioninJoyXFilter - ok
23:05:14.0293 4728 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
23:05:14.0293 4728 mouclass - ok
23:05:14.0303 4728 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
23:05:14.0303 4728 mouhid - ok
23:05:14.0313 4728 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
23:05:14.0313 4728 mountmgr - ok
23:05:14.0323 4728 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
23:05:14.0333 4728 mpio - ok
23:05:14.0343 4728 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
23:05:14.0343 4728 mpsdrv - ok
23:05:14.0353 4728 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
23:05:14.0353 4728 MRxDAV - ok
23:05:14.0363 4728 mrxsmb (767a4c3bcf9410c286ced15a2db17108) C:\Windows\system32\DRIVERS\mrxsmb.sys
23:05:14.0363 4728 mrxsmb - ok
23:05:14.0383 4728 mrxsmb10 (920ee0ff995fcfdeb08c41605a959e1c) C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:05:14.0383 4728 mrxsmb10 - ok
23:05:14.0393 4728 mrxsmb20 (740d7ea9d72c981510a5292cf6adc941) C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:05:14.0393 4728 mrxsmb20 - ok
23:05:14.0403 4728 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
23:05:14.0403 4728 msahci - ok
23:05:14.0413 4728 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
23:05:14.0413 4728 msdsm - ok
23:05:14.0433 4728 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
23:05:14.0433 4728 Msfs - ok
23:05:14.0433 4728 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
23:05:14.0433 4728 mshidkmdf - ok
23:05:14.0453 4728 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
23:05:14.0453 4728 msisadrv - ok
23:05:14.0463 4728 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
23:05:14.0463 4728 MSKSSRV - ok
23:05:14.0473 4728 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
23:05:14.0473 4728 MSPCLOCK - ok
23:05:14.0483 4728 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
23:05:14.0483 4728 MSPQM - ok
23:05:14.0493 4728 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
23:05:14.0503 4728 MsRPC - ok
23:05:14.0513 4728 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
23:05:14.0513 4728 mssmbios - ok
23:05:14.0523 4728 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
23:05:14.0523 4728 MSTEE - ok
23:05:14.0533 4728 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
23:05:14.0533 4728 MTConfig - ok
23:05:14.0543 4728 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
23:05:14.0543 4728 Mup - ok
23:05:14.0563 4728 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
23:05:14.0563 4728 NativeWifiP - ok
23:05:14.0583 4728 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
23:05:14.0583 4728 NDIS - ok
23:05:14.0593 4728 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
23:05:14.0593 4728 NdisCap - ok
23:05:14.0603 4728 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
23:05:14.0603 4728 NdisTapi - ok
23:05:14.0613 4728 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
23:05:14.0613 4728 Ndisuio - ok
23:05:14.0623 4728 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
23:05:14.0623 4728 NdisWan - ok
23:05:14.0643 4728 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
23:05:14.0643 4728 NDProxy - ok
23:05:14.0653 4728 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
23:05:14.0653 4728 NetBIOS - ok
23:05:14.0663 4728 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
23:05:14.0663 4728 NetBT - ok
23:05:14.0693 4728 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
23:05:14.0693 4728 nfrd960 - ok
23:05:14.0703 4728 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
23:05:14.0703 4728 Npfs - ok
23:05:14.0713 4728 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
23:05:14.0713 4728 nsiproxy - ok
23:05:14.0743 4728 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
23:05:14.0753 4728 Ntfs - ok
23:05:14.0763 4728 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
23:05:14.0763 4728 Null - ok
23:05:14.0773 4728 NVHDA (10204955027011e08a9dc27737a48a54) C:\Windows\system32\drivers\nvhda64v.sys
23:05:14.0773 4728 NVHDA - ok
23:05:14.0943 4728 nvlddmkm (b15258b1f45f9571758ac6bb2f043b01) C:\Windows\system32\DRIVERS\nvlddmkm.sys
23:05:15.0003 4728 nvlddmkm - ok
23:05:15.0023 4728 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
23:05:15.0023 4728 nvraid - ok
23:05:15.0033 4728 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
23:05:15.0033 4728 nvstor - ok
23:05:15.0043 4728 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
23:05:15.0053 4728 nv_agp - ok
23:05:15.0063 4728 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
23:05:15.0063 4728 ohci1394 - ok
23:05:15.0083 4728 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
23:05:15.0083 4728 Parport - ok
23:05:15.0093 4728 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
23:05:15.0093 4728 partmgr - ok
23:05:15.0113 4728 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
23:05:15.0113 4728 pci - ok
23:05:15.0113 4728 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
23:05:15.0123 4728 pciide - ok
23:05:15.0133 4728 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
23:05:15.0133 4728 pcmcia - ok
23:05:15.0143 4728 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
23:05:15.0143 4728 pcw - ok
23:05:15.0163 4728 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
23:05:15.0163 4728 PEAUTH - ok
23:05:15.0203 4728 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
23:05:15.0203 4728 PptpMiniport - ok
23:05:15.0213 4728 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
23:05:15.0223 4728 Processor - ok
23:05:15.0233 4728 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
23:05:15.0233 4728 Psched - ok
23:05:15.0243 4728 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
23:05:15.0243 4728 PxHlpa64 - ok
23:05:15.0273 4728 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
23:05:15.0283 4728 ql2300 - ok
23:05:15.0293 4728 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
23:05:15.0293 4728 ql40xx - ok
23:05:15.0303 4728 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
23:05:15.0303 4728 QWAVEdrv - ok
23:05:15.0313 4728 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
23:05:15.0313 4728 RasAcd - ok
23:05:15.0323 4728 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
23:05:15.0323 4728 RasAgileVpn - ok
23:05:15.0343 4728 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
23:05:15.0343 4728 Rasl2tp - ok
23:05:15.0353 4728 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
23:05:15.0353 4728 RasPppoe - ok
23:05:15.0363 4728 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
23:05:15.0363 4728 RasSstp - ok
23:05:15.0373 4728 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
23:05:15.0383 4728 rdbss - ok
23:05:15.0393 4728 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
23:05:15.0393 4728 rdpbus - ok
23:05:15.0403 4728 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
23:05:15.0403 4728 RDPCDD - ok
23:05:15.0413 4728 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
23:05:15.0413 4728 RDPDR - ok
23:05:15.0433 4728 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
23:05:15.0433 4728 RDPENCDD - ok
23:05:15.0443 4728 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
23:05:15.0443 4728 RDPREFMP - ok
23:05:15.0453 4728 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
23:05:15.0453 4728 RDPWD - ok
23:05:15.0463 4728 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
23:05:15.0473 4728 rdyboost - ok
23:05:15.0483 4728 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
23:05:15.0483 4728 rspndr - ok
23:05:15.0493 4728 RTCore64 (2e887e52e45bba3c47ccd0e75fc5266f) C:\Program Files (x86)\MSI Afterburner\RTCore64.sys
23:05:15.0493 4728 RTCore64 - ok
23:05:15.0503 4728 RTL8167 (4b42bc58294e83a6a92ec8b88c14c4a3) C:\Windows\system32\DRIVERS\Rt64win7.sys
23:05:15.0503 4728 RTL8167 - ok
23:05:15.0523 4728 RtNdPt60 (2b38c905492f36fe42b59da52d6b4eb7) C:\Windows\system32\DRIVERS\RtNdPt60.sys
23:05:15.0523 4728 RtNdPt60 - ok
23:05:15.0533 4728 RTTEAMPT (3183388da27655085960a22b4b29caa9) C:\Windows\system32\DRIVERS\RtTeam60.sys
23:05:15.0533 4728 RTTEAMPT - ok
23:05:15.0533 4728 RTVLANPT (8b6b42d782202363a562f82b0e13b1c0) C:\Windows\system32\DRIVERS\RtVlan60.sys
23:05:15.0543 4728 RTVLANPT - ok
23:05:15.0553 4728 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys
23:05:15.0553 4728 s3cap - ok
23:05:15.0563 4728 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
23:05:15.0563 4728 sbp2port - ok
23:05:15.0573 4728 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
23:05:15.0573 4728 scfilter - ok
23:05:15.0593 4728 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
23:05:15.0593 4728 secdrv - ok
23:05:15.0603 4728 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
23:05:15.0603 4728 Serenum - ok
23:05:15.0613 4728 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
23:05:15.0613 4728 Serial - ok
23:05:15.0633 4728 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
23:05:15.0633 4728 sermouse - ok
23:05:15.0643 4728 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
23:05:15.0643 4728 sffdisk - ok
23:05:15.0653 4728 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
23:05:15.0653 4728 sffp_mmc - ok
23:05:15.0663 4728 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
23:05:15.0663 4728 sffp_sd - ok
23:05:15.0673 4728 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
23:05:15.0673 4728 sfloppy - ok
23:05:15.0693 4728 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
23:05:15.0693 4728 SiSRaid2 - ok
23:05:15.0703 4728 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
23:05:15.0703 4728 SiSRaid4 - ok
23:05:15.0713 4728 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
23:05:15.0713 4728 Smb - ok
23:05:15.0723 4728 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
23:05:15.0723 4728 spldr - ok
23:05:15.0733 4728 sptd - ok
23:05:15.0753 4728 srv (de6f5658da951c4bc8e498570b5b0d5f) C:\Windows\system32\DRIVERS\srv.sys
23:05:15.0763 4728 srv - ok
23:05:15.0773 4728 srv2 (4d33d59c0b930c523d29f9bd40cda9d2) C:\Windows\system32\DRIVERS\srv2.sys
23:05:15.0773 4728 srv2 - ok
23:05:15.0783 4728 srvnet (5a663fd67049267bc5c3f3279e631ffb) C:\Windows\system32\DRIVERS\srvnet.sys
23:05:15.0783 4728 srvnet - ok
23:05:15.0803 4728 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
23:05:15.0803 4728 stexstor - ok
23:05:15.0813 4728 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys
23:05:15.0813 4728 storflt - ok
23:05:15.0823 4728 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys
23:05:15.0823 4728 storvsc - ok
23:05:15.0833 4728 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
23:05:15.0833 4728 swenum - ok
23:05:15.0873 4728 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys
23:05:15.0883 4728 Tcpip - ok
23:05:15.0903 4728 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys
23:05:15.0913 4728 TCPIP6 - ok
23:05:15.0933 4728 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
23:05:15.0933 4728 tcpipreg - ok
23:05:15.0943 4728 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
23:05:15.0943 4728 TDPIPE - ok
23:05:15.0953 4728 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
23:05:15.0953 4728 TDTCP - ok
23:05:15.0963 4728 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
23:05:15.0963 4728 tdx - ok
23:05:15.0973 4728 TEAM (3183388da27655085960a22b4b29caa9) C:\Windows\system32\DRIVERS\RtTeam60.sys
23:05:15.0973 4728 TEAM - ok
23:05:15.0983 4728 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
23:05:15.0983 4728 TermDD - ok
23:05:16.0013 4728 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
23:05:16.0013 4728 tssecsrv - ok
23:05:16.0023 4728 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
23:05:16.0023 4728 tunnel - ok
23:05:16.0033 4728 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
23:05:16.0033 4728 uagp35 - ok
23:05:16.0043 4728 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
23:05:16.0053 4728 udfs - ok
23:05:16.0063 4728 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
23:05:16.0063 4728 uliagpkx - ok
23:05:16.0073 4728 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
23:05:16.0073 4728 umbus - ok
23:05:16.0083 4728 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
23:05:16.0083 4728 UmPass - ok
23:05:16.0103 4728 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
23:05:16.0103 4728 USBAAPL64 - ok
23:05:16.0113 4728 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
23:05:16.0113 4728 usbccgp - ok
23:05:16.0123 4728 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
23:05:16.0123 4728 usbcir - ok
23:05:16.0133 4728 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
23:05:16.0133 4728 usbehci - ok
23:05:16.0143 4728 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
23:05:16.0153 4728 usbhub - ok
23:05:16.0163 4728 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
23:05:16.0163 4728 usbohci - ok
23:05:16.0173 4728 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
23:05:16.0173 4728 usbprint - ok
23:05:16.0183 4728 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
23:05:16.0183 4728 usbscan - ok
23:05:16.0193 4728 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:05:16.0193 4728 USBSTOR - ok
23:05:16.0203 4728 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
23:05:16.0203 4728 usbuhci - ok
23:05:16.0213 4728 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
23:05:16.0223 4728 vdrvroot - ok
23:05:16.0233 4728 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
23:05:16.0233 4728 vga - ok
23:05:16.0243 4728 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
23:05:16.0243 4728 VgaSave - ok
23:05:16.0253 4728 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
23:05:16.0253 4728 vhdmp - ok
23:05:16.0273 4728 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
23:05:16.0273 4728 viaide - ok
23:05:16.0283 4728 VLAN (8b6b42d782202363a562f82b0e13b1c0) C:\Windows\system32\DRIVERS\RtVLAN60.sys
23:05:16.0283 4728 VLAN - ok
23:05:16.0293 4728 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys
23:05:16.0293 4728 vmbus - ok
23:05:16.0303 4728 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys
23:05:16.0303 4728 VMBusHID - ok
23:05:16.0313 4728 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
23:05:16.0313 4728 volmgr - ok
23:05:16.0323 4728 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
23:05:16.0333 4728 volmgrx - ok
23:05:16.0343 4728 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
23:05:16.0353 4728 volsnap - ok
23:05:16.0363 4728 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
23:05:16.0363 4728 vsmraid - ok
23:05:16.0373 4728 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
23:05:16.0373 4728 vwifibus - ok
23:05:16.0383 4728 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
23:05:16.0393 4728 WacomPen - ok
23:05:16.0403 4728 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
23:05:16.0403 4728 WANARP - ok
23:05:16.0403 4728 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
23:05:16.0403 4728 Wanarpv6 - ok
23:05:16.0413 4728 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
23:05:16.0423 4728 Wd - ok
23:05:16.0443 4728 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
23:05:16.0443 4728 Wdf01000 - ok
23:05:16.0463 4728 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
23:05:16.0463 4728 WfpLwf - ok
23:05:16.0473 4728 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
23:05:16.0473 4728 WIMMount - ok
23:05:16.0503 4728 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
23:05:16.0503 4728 WinUsb - ok
23:05:16.0513 4728 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
23:05:16.0513 4728 WmiAcpi - ok
23:05:16.0533 4728 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
23:05:16.0533 4728 ws2ifsl - ok
23:05:16.0553 4728 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
23:05:16.0553 4728 WudfPf - ok
23:05:16.0563 4728 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
23:05:16.0563 4728 WUDFRd - ok
23:05:16.0583 4728 xnacc (4a5ce13408945e525503b5f73d29b9c5) C:\Windows\system32\DRIVERS\xnacc.sys
23:05:16.0593 4728 xnacc - ok
23:05:16.0603 4728 xusb21 (9176c0822faa649e45121875be32f5d2) C:\Windows\system32\DRIVERS\xusb21.sys
23:05:16.0603 4728 xusb21 - ok
23:05:16.0613 4728 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
23:05:16.0613 4728 \Device\Harddisk0\DR0 - ok
23:05:16.0633 4728 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
23:05:16.0633 4728 \Device\Harddisk1\DR1 - ok
23:05:16.0643 4728 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR2
23:05:16.0643 4728 \Device\Harddisk2\DR2 - ok
23:05:16.0653 4728 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk3\DR3
23:05:16.0653 4728 \Device\Harddisk3\DR3 - ok
23:05:16.0673 4728 MBR (0x1B8) (d399d3958760ac3533a02a12228b6532) \Device\Harddisk4\DR4
23:05:30.0823 4728 \Device\Harddisk4\DR4 - ok
23:05:30.0833 4728 Boot (0x1200) (5a8ab746fcded38a52218e90082645b7) \Device\Harddisk0\DR0\Partition0
23:05:30.0833 4728 \Device\Harddisk0\DR0\Partition0 - ok
23:05:30.0833 4728 Boot (0x1200) (1005c1620396eca32f4c2089d72d4877) \Device\Harddisk3\DR3\Partition0
23:05:30.0833 4728 \Device\Harddisk3\DR3\Partition0 - ok
23:05:30.0833 4728 ============================================================
23:05:30.0833 4728 Scan finished
23:05:30.0833 4728 ============================================================
23:05:30.0843 3460 Detected object count: 0
23:05:30.0843 3460 Actual detected object count: 0

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:54 AM

Posted 12 January 2012 - 02:18 AM

Hello

This is the tool I would like you to try and run next.

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 McSpermie

McSpermie
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:54 AM

Posted 12 January 2012 - 02:28 AM

aswMBR version 0.9.9.1297 Copyright© 2011 AVAST Software
Run date: 2012-01-11 23:26:12
-----------------------------
23:26:12.041 OS Version: Windows x64 6.1.7600
23:26:12.041 Number of processors: 4 586 0x402
23:26:12.041 ComputerName: POWERTOWER UserName: Persona
23:26:12.211 Initialize success
23:26:53.302 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
23:26:53.312 Disk 0 Vendor: Corsair_CSSD-V32GB2 2.2 Size: 30533MB BusType: 3
23:26:53.322 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-1
23:26:53.322 Disk 1 Vendor: WDC_WD1001FALS-40U9B0 20.04F20 Size: 953868MB BusType: 3
23:26:53.332 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP1T0L0-2
23:26:53.332 Disk 2 Vendor: WDC_WD1001FALS-00U9B0 05.00K05 Size: 953869MB BusType: 3
23:26:53.342 Disk 3 \Device\Harddisk3\DR3 -> \Device\Ide\IdeDeviceP1T1L0-3
23:26:53.342 Disk 3 Vendor: WDC_WD7501AALS-00E3A0 05.01D05 Size: 715404MB BusType: 3
23:26:53.432 Disk 0 MBR read successfully
23:26:53.442 Disk 0 MBR scan
23:26:53.442 Disk 0 Windows 7 default MBR code
23:26:53.452 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 30531 MB offset 2048
23:26:53.462 Service scanning
23:26:55.002 Modules scanning
23:26:55.342 Disk 0 trace - called modules:
23:26:55.432 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
23:26:55.442 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004365060]
23:26:55.452 3 CLASSPNP.SYS[fffff8800103b43f] -> nt!IofCallDriver -> [0xfffffa8004156580]
23:26:55.462 5 ACPI.sys[fffff88000ecc781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004155060]
23:26:55.472 Scan finished successfully
23:27:11.642 Disk 0 MBR has been saved successfully to "C:\Users\Persona\Desktop\MBR.dat"
23:27:11.642 The log file has been saved successfully to "C:\Users\Persona\Desktop\aswMBR.txt"

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:54 AM

Posted 12 January 2012 - 02:30 AM

Greetings

All those reports look good


:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::


Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 McSpermie

McSpermie
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:54 AM

Posted 12 January 2012 - 02:43 AM

ComboFix 12-01-12.02 - Persona 01/11/2012 23:35:31.3.4 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4094.2761 [GMT -8:00]
Running from: c:\users\Persona\Desktop\ComboFix.exe
Command switches used :: c:\users\Persona\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2011-12-12 to 2012-01-12 )))))))))))))))))))))))))))))))
.
.
2012-01-12 07:38 . 2012-01-12 07:38 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-01-12 07:38 . 2012-01-12 07:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-10 23:13 . 2012-01-10 23:13 -------- d-----w- c:\users\Persona\AppData\Local\Woutre
2012-01-05 05:40 . 2012-01-05 05:40 525544 ----a-w- c:\windows\system32\deployJava1.dll
2012-01-05 05:40 . 2012-01-05 05:40 -------- d-----w- c:\program files\Java
2012-01-05 05:40 . 2012-01-05 05:40 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-01-02 01:11 . 2012-01-02 01:11 -------- d-----w- c:\program files (x86)\Realtek
2012-01-02 01:11 . 2009-12-21 15:39 51712 ----a-w- c:\windows\system32\drivers\RtTeam60.sys
2012-01-02 01:11 . 2009-07-20 02:27 27136 ----a-w- c:\windows\system32\drivers\RtNdPt60.sys
2012-01-02 01:11 . 2007-12-03 02:20 24064 ----a-w- c:\windows\system32\drivers\RtVlan60.sys
2012-01-02 01:06 . 2012-01-02 01:10 -------- d-----w- c:\users\Persona\AppData\Local\eSupport.com
2012-01-02 01:06 . 2012-01-02 01:06 21712 ----a-w- c:\windows\SysWow64\drivers\DrvAgent64.SYS
2011-12-28 10:01 . 2011-12-28 10:01 -------- d-----w- c:\users\Persona\AppData\Local\FNV_Save_Manager
2011-12-28 10:01 . 2011-12-28 10:01 -------- d-----w- c:\users\Persona\AppData\Roaming\New Vegas Save Manager
2011-12-27 08:33 . 2011-12-27 21:45 -------- d-----w- c:\programdata\MediaMonkey
2011-12-27 08:32 . 2012-01-06 04:02 -------- d-----w- c:\users\Persona\AppData\Roaming\MediaMonkey
2011-12-26 05:39 . 2011-12-26 05:39 -------- d-----w- c:\users\Persona\AppData\Roaming\Ubisoft
2011-12-25 00:19 . 2011-12-25 00:29 -------- d-----w- c:\users\Persona\AppData\Local\Ubisoft Game Launcher
2011-12-25 00:18 . 2011-12-25 00:18 -------- d-----w- c:\program files (x86)\Ubisoft
2011-12-25 00:18 . 2011-12-24 11:07 3123272 ----a-w- c:\windows\SysWow64\pbsvc.exe
2011-12-22 03:27 . 2011-12-22 03:27 -------- d-----w- c:\program files (x86)\AMD
2011-12-22 03:27 . 2010-06-02 12:55 77656 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2011-12-22 03:27 . 2010-06-02 12:55 518488 ----a-w- c:\windows\system32\XAudio2_7.dll
2011-12-22 03:27 . 2010-06-02 12:55 176984 ----a-w- c:\windows\system32\xactengine3_7.dll
2011-12-22 03:27 . 2010-05-26 19:41 2526056 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2011-12-22 03:27 . 2010-05-26 19:41 1907552 ----a-w- c:\windows\system32\d3dcsx_43.dll
2011-12-22 03:27 . 2010-05-26 19:41 511328 ----a-w- c:\windows\system32\d3dx10_43.dll
2011-12-22 03:27 . 2010-05-26 19:41 276832 ----a-w- c:\windows\system32\d3dx11_43.dll
2011-12-22 03:27 . 2010-05-26 19:41 2401112 ----a-w- c:\windows\system32\D3DX9_43.dll
2011-12-21 05:15 . 2011-12-21 05:15 -------- d-----w- c:\users\Persona\AppData\Roaming\Stellarium
2011-12-21 00:01 . 2011-12-21 00:01 -------- d-----w- c:\users\Persona\AppData\Roaming\Doublefine
2011-12-21 00:00 . 2010-06-02 12:55 74072 ----a-w- c:\windows\SysWow64\XAPOFX1_5.dll
2011-12-21 00:00 . 2010-06-02 12:55 527192 ----a-w- c:\windows\SysWow64\XAudio2_7.dll
2011-12-21 00:00 . 2010-06-02 12:55 239960 ----a-w- c:\windows\SysWow64\xactengine3_7.dll
2011-12-21 00:00 . 2010-05-26 19:41 248672 ----a-w- c:\windows\SysWow64\d3dx11_43.dll
2011-12-21 00:00 . 2010-05-26 19:41 2106216 ----a-w- c:\windows\SysWow64\D3DCompiler_43.dll
2011-12-21 00:00 . 2010-05-26 19:41 1868128 ----a-w- c:\windows\SysWow64\d3dcsx_43.dll
2011-12-21 00:00 . 2010-05-26 19:41 470880 ----a-w- c:\windows\SysWow64\d3dx10_43.dll
2011-12-21 00:00 . 2010-05-26 19:41 1998168 ----a-w- c:\windows\SysWow64\D3DX9_43.dll
2011-12-19 20:17 . 2011-12-23 04:06 -------- d-----w- c:\users\Persona\AppData\Local\Fallout3
2011-12-17 11:59 . 2012-01-05 08:47 -------- d-----w- c:\users\Persona\AppData\Local\Black_Tree_Gaming
2011-12-17 05:55 . 1997-07-20 00:55 1347344 ----a-w- c:\windows\system\Msvbvm50.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-05 05:39 . 2011-04-01 02:30 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-01-04 20:55 . 2011-04-22 02:25 151552 ----a-w- c:\windows\KMSEmulator.exe_1325709414.arl
2011-12-26 07:46 . 2011-03-30 00:41 280976 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2011-12-26 07:46 . 2011-03-29 21:08 280976 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-12-26 06:54 . 2011-03-29 21:08 280976 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2011-12-25 00:18 . 2011-03-29 21:08 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2011-12-10 23:24 . 2011-03-20 02:06 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-09 19:56 . 2011-12-09 19:56 279616 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-12-09 19:54 . 2011-03-20 03:52 530488 ----a-w- c:\windows\system32\drivers\sptd.sys
2011-11-18 18:18 . 2011-07-02 09:59 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-15 08:53 . 2011-11-10 20:01 7581504 ----a-w- c:\windows\system32\nvcuda.dll
2011-10-15 08:53 . 2011-11-10 20:01 7041856 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2011-10-15 08:53 . 2011-11-10 20:01 68928 ----a-w- c:\windows\system32\OpenCL.dll
2011-10-15 08:53 . 2011-11-10 20:01 61248 ----a-w- c:\windows\SysWow64\OpenCL.dll
2011-10-15 08:53 . 2011-11-10 20:01 5578560 ----a-w- c:\windows\SysWow64\nvcuda.dll
2011-10-15 08:53 . 2011-11-10 20:01 2542912 ----a-w- c:\windows\system32\nvcuvid.dll
2011-10-15 08:53 . 2011-11-10 20:01 24796992 ----a-w- c:\windows\system32\nvcompiler.dll
2011-10-15 08:53 . 2011-11-10 20:01 24742720 ----a-w- c:\windows\system32\nvoglv64.dll
2011-10-15 08:53 . 2011-11-10 20:01 2401088 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2011-10-15 08:53 . 2011-11-10 20:01 2232128 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-10-15 08:53 . 2011-11-10 20:01 2099520 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2011-10-15 08:53 . 2011-11-10 20:01 18871616 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2011-10-15 08:53 . 2011-11-10 20:01 17248576 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2011-10-15 08:53 . 2011-11-10 20:01 15693120 ----a-w- c:\windows\system32\nvd3dumx.dll
2011-10-15 08:53 . 2011-11-10 20:01 12971840 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2011-10-15 08:53 . 2011-08-10 01:45 1533248 ----a-w- c:\windows\system32\nvdispco64.dll
2011-10-15 08:53 . 2011-08-10 01:45 1454400 ----a-w- c:\windows\system32\nvgenco64.dll
2011-10-15 08:53 . 2011-08-10 01:45 13205312 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2011-10-15 08:53 . 2011-04-08 06:19 222528 ----a-w- c:\windows\system32\nvmctray.dll
2011-10-15 08:53 . 2011-04-08 06:19 837952 ----a-w- c:\windows\system32\easyupdatusapiu64.dll
2011-10-15 08:53 . 2011-04-08 06:19 1640768 ----a-w- c:\windows\system32\nvvsvc.exe
2011-10-15 08:53 . 2011-04-08 06:19 10406208 ----a-w- c:\windows\system32\nvcpl.dll
2011-10-15 08:53 . 2011-04-08 06:19 5067584 ----a-w- c:\windows\system32\nvsvc64.dll
2011-10-15 08:53 . 2011-03-19 22:45 8791360 ----a-w- c:\windows\system32\nvwgf2umx.dll
2011-10-15 08:53 . 2011-03-19 22:45 2808128 ----a-w- c:\windows\system32\nvapi64.dll
2011-10-15 08:53 . 2011-03-19 22:45 2458432 ----a-w- c:\windows\SysWow64\nvapi.dll
2011-10-15 08:53 . 2011-01-08 03:48 137536 ----a-w- c:\windows\system32\nvshext.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2012-01-12_06.44.38 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-03-19 22:49 . 2012-01-12 06:46 47538 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2012-01-12 06:41 32108 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-01-12 06:46 32108 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2011-03-19 22:40 . 2012-01-12 06:41 15756 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1723812288-2571569341-1765413396-1001_UserData.bin
+ 2011-03-19 22:40 . 2012-01-12 06:46 15756 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1723812288-2571569341-1765413396-1001_UserData.bin
+ 2011-03-19 22:40 . 2012-01-12 07:02 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-03-19 22:40 . 2012-01-12 06:08 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-03-19 22:40 . 2012-01-12 07:02 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-03-19 22:40 . 2012-01-12 06:08 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-01-12 06:44 . 2012-01-12 06:44 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-01-12 07:39 . 2012-01-12 07:39 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-01-12 06:44 . 2012-01-12 06:44 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-01-12 07:39 . 2012-01-12 07:39 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 02:36 . 2012-01-11 21:40 662632 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-01-12 06:48 662632 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-01-12 06:48 121500 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-01-11 21:40 121500 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2012-01-12 06:43 407096 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-01-12 07:38 407096 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2011-10-20 641400]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-06-25 3077528]
"Steam"="i:\games\Steam\steam.exe" [2011-09-23 1242448]
"Akamai NetSession Interface"="c:\users\Persona\AppData\Local\Akamai\netsession_win.exe" [2011-12-13 3305760]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"="i:\programs\Microsoft Office\Office14\BCSSync.exe" [2010-01-22 91520]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"Malwarebytes' Anti-Malware"="i:\programs\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-25 460872]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HP LaserJet Service;HP LaserJet Service;c:\program files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [2010-10-25 145920]
R2 MBAMService;MBAMService;i:\programs\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-25 652872]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.0);c:\windows\system32\DRIVERS\RtTeam60.sys [x]
R3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtVlan60.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.0);c:\windows\system32\DRIVERS\RtTeam60.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 VLAN;Realtek Virtual Miniport Driver for VLAN (NDIS 6.2);c:\windows\system32\DRIVERS\RtVLAN60.sys [x]
R4 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys [x]
S3 HPFXBULKLEDM;HPFXBULKLEDM;c:\windows\system32\drivers\hppdbulkio.sys [x]
S3 HPFXFAX;HPFXFAX;c:\windows\system32\drivers\hppdfaxio.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 RTCore64;RTCore64;c:\program files (x86)\MSI Afterburner\RTCore64.sys [2010-05-27 14648]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1723812288-2571569341-1765413396-1001Core.job
- c:\users\Persona\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-19 23:52]
.
2012-01-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1723812288-2571569341-1765413396-1001UA.job
- c:\users\Persona\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-19 23:52]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-10-01 825184]
"EvtMgr6"="i:\programs\Logitech\SetPointP\SetPoint.exe" [2011-06-23 1744152]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-30 499608]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = local;*.local
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - p:\window~1\Programs\MICROS~1\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Persona\AppData\Roaming\Mozilla\Firefox\Profiles\ypylqcfv.default\
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_b427739.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1723812288-2571569341-1765413396-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:ff,94,7e,33,a4,3b,2b,21,a5,80,83,61,05,24,0f,cb,8c,dc,2b,51,e8,38,fd,
11,66,0e,ff,c9,26,e2,ed,96,1c,9e,38,ce,98,ba,4d,00,a5,18,cb,8a,a7,42,25,39,\
"??"=hex:47,98,4b,31,af,12,06,c3,ea,cc,d5,9c,d0,0e,72,dc
.
[HKEY_USERS\S-1-5-21-1723812288-2571569341-1765413396-1001\Software\SecuROM\License information*]
"datasecu"=hex:e6,77,ec,fe,b1,33,9a,74,8b,9d,ad,af,c9,02,f8,bd,3b,c4,06,dc,ac,
03,06,a5,05,c4,a4,fa,39,2d,a0,d9,0e,fd,f8,bb,1b,d6,05,85,6b,35,84,fb,ef,0b,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\MSI Afterburner\MSIAfterburner.exe
c:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Completion time: 2012-01-11 23:40:23 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-12 07:40
ComboFix2.txt 2012-01-12 06:45
ComboFix3.txt 2012-01-05 07:18
.
Pre-Run: 7,145,570,304 bytes free
Post-Run: 7,098,843,136 bytes free
.
- - End Of File - - 0092006565ECAA4C396CD06D3B08F192


There were no issues, though I had to update combofix. So far I am not experiencing any issues, really awesome. How does the log look? Is it clean?

Edit: My internet stopped for about 15 seconds, could it be from settings I have on chrome?

Edited by McSpermie, 12 January 2012 - 02:46 AM.


#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:54 AM

Posted 12 January 2012 - 03:16 AM

TFC(Temp File Cleaner):

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 McSpermie

McSpermie
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:54 AM

Posted 12 January 2012 - 03:29 AM

Malwarebytes Log:

Malwarebytes Anti-Malware (PRO) 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.12.02

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Persona :: POWERTOWER [administrator]

Protection: Disabled

1/12/2012 12:20:57 AM
mbam-log-2012-01-12 (00-20-57).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 194536
Time elapsed: 1 minute(s), 6 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

HiJack This Log:


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:24:52 AM, on 1/12/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16722)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
C:\Users\Persona\AppData\Local\Akamai\netsession_win.exe
C:\Users\Persona\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Users\Persona\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Persona\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Persona\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Persona\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Persona\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Persona\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Persona\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Persona\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Persona\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - I:\Programs\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - I:\Programs\Microsoft Office\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - I:\Programs\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll
O4 - HKLM\..\Run: [BCSSync] "I:\Programs\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "I:\Programs\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
O4 - HKCU\..\Run: [Steam] "I:\Games\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Persona\AppData\Local\Akamai\netsession_win.exe"
O4 - HKUS\S-1-5-21-1723812288-2571569341-1765413396-1003\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-1723812288-2571569341-1765413396-1003\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://P:\WINDOW~1\Programs\MICROS~1\Office14\EXCEL.EXE/3000
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Folder Size (FolderSize) - Brio - C:\Program Files\FolderSize\FolderSizeSvc.exe
O23 - Service: HP LaserJet Service - HP - C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: MBAMService - Malwarebytes Corporation - I:\Programs\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

--
End of file - 8932 bytes


I had no issues with any of those programs, and I have not had any hangs like I did earlier. Could have it been a fluke?

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:54 AM

Posted 12 January 2012 - 03:32 AM

Greetings

I have not seen anything of concern in any of the reports


:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [BCSSync] "I:\Programs\Microsoft Office\Office14\BCSSync.exe" /DelayServices
      O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
      O4 - HKLM\..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
      O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
      O4 - HKCU\..\Run: [Steam] "I:\Games\Steam\steam.exe" -silent
      O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Persona\AppData\Local\Akamai\netsession_win.exe"
      O4 - HKUS\S-1-5-21-1723812288-2571569341-1765413396-1003\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
      O4 - HKUS\S-1-5-21-1723812288-2571569341-1765413396-1003\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the ActiveX control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard and paste the results here in this topic
  • you may also find here C:\Program Files\Eset\Eset Online Scanner\log.txt
Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 McSpermie

McSpermie
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:54 AM

Posted 12 January 2012 - 04:34 AM

I ran the program and it did pick something up in the C drive and was scanning my installation harddrive when I got a blue screen. No idea why. I am running the program again, and might stop it after it is done scanning my windows harddrive.

Edit: I changed the parameters to not scan my installation harddrive to get a quicker result for that infection it found.

Edited by McSpermie, 12 January 2012 - 04:37 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users