Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possbile Malware - requested to post in here


  • This topic is locked This topic is locked
24 replies to this topic

#1 greenslam

greenslam

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:06:55 AM

Posted 28 February 2012 - 09:39 AM

Hi all, I attempted to run the DDS download but no file would download for me. DDS Is there an alternate site/link to download from? I was signed into BC at the time.

I was instructed to post as per instructions here by AustrAlien. He was helping with BSOD's.

I have MBAM(updated last on 2/27) and MSE (updating daily) running on my system. MSE scans daily. edit: I should add that I don't really have any signs of infection. I run MBAM roughly once a week as backup.

System info Speccy

if more info needed, here is my jcgriff tool most recent update.

Please let me know how to proceed.

MBAM Log (I don't know how to find MSE logs. I couldn't find an option for enabling logging)

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.27.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
owner :: LIVINGROOM [administrator]

2/27/2012 1:31:59 PM
mbam-log-2012-02-27 (13-31-59).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 442234
Time elapsed: 54 minute(s), 35 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Edited by greenslam, 28 February 2012 - 10:04 AM.


BC AdBot (Login to Remove)

 


#2 greenslam

greenslam
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:06:55 AM

Posted 28 February 2012 - 10:14 AM

DDS download worked in IE but not chrome. Odd.


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Run by owner at 9:07:39 on 2012-02-28
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4095.1870 [GMT -6:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\ProgramData\TVersity\Media Server\MediaServer.exe
C:\Program Files (x86)\TwonkyMedia\twonkymediaserverwatchdog.exe
C:\Program Files (x86)\TwonkyMedia\twonkywebdav.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\TwonkyMedia\TwonkyMediaServer.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\TwonkyMedia\twonkymediaserverconfig.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Binnerup Consult\My Movies for Windows Media Center\My Movies Tray.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files\NVIDIA Corporation\Display\NvTray.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Users\owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Users\owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\AUDIODG.EXE
C:\Users\owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
mDefault_Page_URL = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = local;*.local
uURLSearchHooks: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files (x86)\Softonic-Eng7\tbSoft.dll
uURLSearchHooks: TVersitybar Toolbar: {66bd2442-241b-44cd-8c7a-b51037053cdb} - C:\Program Files (x86)\TVersitybar\prxtbTVer.dll
mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
mURLSearchHooks: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files (x86)\Zynga\prxtbZyn0.dll
mURLSearchHooks: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files (x86)\Softonic-Eng7\tbSoft.dll
mURLSearchHooks: TVersitybar Toolbar: {66bd2442-241b-44cd-8c7a-b51037053cdb} - C:\Program Files (x86)\TVersitybar\prxtbTVer.dll
mWinlogon: Userinit=userinit.exe,
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: vShare Toolbar: {043c5167-00bb-4324-af7e-62013faedacf} - C:\Program Files (x86)\vShare\vshare_toolbar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files (x86)\Softonic-Eng7\tbSoft.dll
BHO: TVersitybar Toolbar: {66bd2442-241b-44cd-8c7a-b51037053cdb} - C:\Program Files (x86)\TVersitybar\prxtbTVer.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files (x86)\Zynga\prxtbZyn0.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: WinZip Courier BHO: {a8fb70fa-0fdf-4601-9dc4-bfa1b357204f} - C:\PROGRA~2\WINZIP~1\wzwmcie.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
TB: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files (x86)\Zynga\prxtbZyn0.dll
TB: vShare Toolbar: {043c5167-00bb-4324-af7e-62013faedacf} - C:\Program Files (x86)\vShare\vshare_toolbar.dll
TB: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files (x86)\Softonic-Eng7\tbSoft.dll
TB: TVersitybar Toolbar: {66bd2442-241b-44cd-8c7a-b51037053cdb} - C:\Program Files (x86)\TVersitybar\prxtbTVer.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Google Update] "C:\Users\owner\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [My Movies Tray] "C:\Program Files (x86)\Binnerup Consult\My Movies for Windows Media Center\My Movies Tray.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\TWONKY~1.LNK - C:\Program Files (x86)\TwonkyMedia\twonkymediaserverconfig.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://www.walmartphotocentre.ca/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/m3/photouploadcontrol/VistaMSNPUplden-ca.cab
TCP: DhcpNameServer = 192.168.100.254
TCP: Interfaces\{745D4148-0499-4FD8-AC4C-98FD61D1D669} : DhcpNameServer = 192.168.100.254
TCP: Interfaces\{C999E0B2-05E5-4CE2-878E-B755B1E98ED7} : DhcpNameServer = 192.168.100.254
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files (x86)\vShare\vshare_toolbar.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: vShare Toolbar: {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files (x86)\Softonic-Eng7\tbSoft.dll
BHO-X64: Softonic-Eng7 - No File
BHO-X64: TVersitybar Toolbar: {66bd2442-241b-44cd-8c7a-b51037053cdb} - C:\Program Files (x86)\TVersitybar\prxtbTVer.dll
BHO-X64: TVersitybar - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files (x86)\Zynga\prxtbZyn0.dll
BHO-X64: Zynga - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: WinZip Courier BHO: {A8FB70FA-0FDF-4601-9DC4-BFA1B357204F} - C:\PROGRA~2\WINZIP~1\wzwmcie.dll
BHO-X64: WinZip Courier BHO - No File
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
TB-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
TB-X64: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files (x86)\Zynga\prxtbZyn0.dll
TB-X64: vShare Toolbar: {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll
TB-X64: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files (x86)\Softonic-Eng7\tbSoft.dll
TB-X64: TVersitybar Toolbar: {66bd2442-241b-44cd-8c7a-b51037053cdb} - C:\Program Files (x86)\TVersitybar\prxtbTVer.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
mRun-x64: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [My Movies Tray] "C:\Program Files (x86)\Binnerup Consult\My Movies for Windows Media Center\My Movies Tray.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\9uq3tjx8.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2405280&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Softonic-Eng7 Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com/?l=dis&o=15784
FF - component: C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\9uq3tjx8.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\RadioWMPCoreGecko19.dll
FF - component: C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\9uq3tjx8.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\RadioWMPCoreGecko5.dll
FF - component: C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\9uq3tjx8.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\RadioWMPCoreGecko6.dll
FF - component: C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\9uq3tjx8.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\RadioWMPCoreGecko7.dll
FF - component: C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\9uq3tjx8.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\RadioWMPCoreGecko8.dll
FF - component: C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\9uq3tjx8.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\XPATLCOM.dll
FF - component: C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\9uq3tjx8.default\extensions\{66bd2442-241b-44cd-8c7a-b51037053cdb}\components\RadioWMPCoreGecko10.dll
FF - component: C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\9uq3tjx8.default\extensions\{66bd2442-241b-44cd-8c7a-b51037053cdb}\components\RadioWMPCoreGecko19.dll
FF - component: C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\9uq3tjx8.default\extensions\{66bd2442-241b-44cd-8c7a-b51037053cdb}\components\RadioWMPCoreGecko5.dll
FF - component: C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\9uq3tjx8.default\extensions\{66bd2442-241b-44cd-8c7a-b51037053cdb}\components\RadioWMPCoreGecko6.dll
FF - component: C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\9uq3tjx8.default\extensions\{66bd2442-241b-44cd-8c7a-b51037053cdb}\components\RadioWMPCoreGecko7.dll
FF - component: C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\9uq3tjx8.default\extensions\{66bd2442-241b-44cd-8c7a-b51037053cdb}\components\RadioWMPCoreGecko8.dll
FF - component: C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\9uq3tjx8.default\extensions\{66bd2442-241b-44cd-8c7a-b51037053cdb}\components\RadioWMPCoreGecko9.dll
FF - component: C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\9uq3tjx8.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\FFExternalAlert.dll
FF - component: C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\9uq3tjx8.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\RadioWMPCore.dll
FF - component: C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\9uq3tjx8.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npclntax_ClickPotatoLiteSA.dll
FF - plugin: C:\Program Files (x86)\NOS\bin\np_gp.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R0 DSFKSVCS;Kernel Services for DSF;C:\Windows\system32\DRIVERS\dsfksvcs.sys --> C:\Windows\system32\DRIVERS\dsfksvcs.sys [?]
R0 dsfroot;root enumerated bus driver;C:\Windows\system32\DRIVERS\dsfroot.sys --> C:\Windows\system32\DRIVERS\dsfroot.sys [?]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-9-30 136176]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-2-25 2348352]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-2-9 382272]
R2 TwonkyMedia;TwonkyMedia;C:\Program Files (x86)\TwonkyMedia\twonkymediaserverwatchdog.exe -serviceversion 0 --> C:\Program Files (x86)\TwonkyMedia\twonkymediaserverwatchdog.exe -serviceversion 0 [?]
R2 TwonkyWebDav;TwonkyWebDav;C:\Program Files (x86)\TwonkyMedia\twonkywebdav.exe -start --> C:\Program Files (x86)\TwonkyMedia\twonkywebdav.exe -start [?]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\system32\drivers\viahduaa.sys --> C:\Windows\system32\drivers\viahduaa.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-9-30 136176]
S3 HRMCFGSPC;DSF General Configuration Space Redirection Module;C:\Windows\system32\DRIVERS\HRMCFGSPC.SYS --> C:\Windows\system32\DRIVERS\HRMCFGSPC.SYS [?]
S3 HRMINTS;DSF Interrupt Redirection Module;C:\Windows\system32\DRIVERS\HRMINTS.SYS --> C:\Windows\system32\DRIVERS\HRMINTS.SYS [?]
S3 HRMPORTS;DSF IO Port Redirection Module;C:\Windows\system32\DRIVERS\HRMPORTS.SYS --> C:\Windows\system32\DRIVERS\HRMPORTS.SYS [?]
S3 MSSQL$MYMOVIES;SQL Server (MYMOVIES);C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
S3 rt70x64;Linksys Home Wireless-G USB Adaptor Driver;C:\Windows\system32\DRIVERS\netr7064.sys --> C:\Windows\system32\DRIVERS\netr7064.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-02-28 07:35:17 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C6241241-91FE-423F-AB63-546FE7174F12}\offreg.dll
2012-02-28 07:34:20 8643640 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C6241241-91FE-423F-AB63-546FE7174F12}\mpengine.dll
2012-02-28 05:12:49 -------- d-----w- C:\Users\owner\AppData\Local\{439470F3-98A2-48FA-97D8-870FB9D89043}
2012-02-27 17:12:21 -------- d-----w- C:\Users\owner\AppData\Local\{99928C7C-68D8-4A57-A01D-664C85B25ADE}
2012-02-27 05:11:53 -------- d-----w- C:\Users\owner\AppData\Local\{DBB98729-0E71-4FBC-B9FF-F516CB26F87A}
2012-02-27 05:11:35 -------- d-----w- C:\Users\owner\AppData\Local\{28EAB95B-255C-454C-AC95-4577A4C726D7}
2012-02-26 23:42:51 -------- d-----w- C:\ProgramData\WinZipEC
2012-02-26 23:42:49 -------- d-----w- C:\Program Files (x86)\WinZip Courier
2012-02-26 23:42:45 -------- d-----w- C:\Windows\CD95F661A5C411AFB2CCABCD21A325B8.TMP
2012-02-26 23:42:16 -------- d-----w- C:\Users\owner\AppData\Local\WinZip
2012-02-26 17:11:12 -------- d-----w- C:\Users\owner\AppData\Local\{A4CED943-351E-4FC0-864A-8A6ACBD8070F}
2012-02-26 05:10:44 -------- d-----w- C:\Users\owner\AppData\Local\{962875D7-9125-43E7-B7D6-7AC942BA74E5}
2012-02-26 05:10:25 -------- d-----w- C:\Users\owner\AppData\Local\{1B3299F1-B253-43A1-8AC4-9D7A380C1420}
2012-02-25 17:10:04 -------- d-----w- C:\Users\owner\AppData\Local\{D7B185B0-E64D-46D5-9646-4BA7BD6B61F2}
2012-02-25 05:09:15 -------- d-----w- C:\Users\owner\AppData\Local\{A6623407-9B6F-4744-9651-B10121001B4D}
2012-02-25 05:09:05 -------- d-----w- C:\Users\owner\AppData\Local\{6931EF34-4557-486D-B0DB-9F88517F11D9}
2012-02-25 01:21:41 -------- d-----w- C:\Program Files\Speccy
2012-02-24 17:02:56 -------- d-----w- C:\Users\owner\AppData\Local\{E802C566-F32B-4BD2-8D9B-F9B8A5BDD648}
2012-02-24 17:02:37 -------- d-----w- C:\Users\owner\AppData\Local\{C8F3E750-70ED-4743-AFB0-ACB9747C2158}
2012-02-24 16:02:19 -------- d-----w- C:\symcache
2012-02-24 15:46:39 -------- d-----w- C:\Program Files (x86)\Common Files\Microsoft KitSetup
2012-02-24 15:35:28 -------- d-----w- C:\Program Files\dsf
2012-02-24 15:35:12 -------- d-----w- C:\WinDDK
2012-02-24 05:02:14 -------- d-----w- C:\Users\owner\AppData\Local\{B43AD6A9-398B-4A29-BAD2-C746F113519E}
2012-02-23 17:01:46 -------- d-----w- C:\Users\owner\AppData\Local\{793C5A56-E71C-4610-ACBD-B580E97A94EA}
2012-02-22 17:04:19 -------- d-----w- C:\Users\owner\AppData\Local\{9E0F4F9F-BB7A-45AD-9546-43A94C865497}
2012-02-22 05:03:51 -------- d-----w- C:\Users\owner\AppData\Local\{25CA479E-D6B3-44EA-A65A-6C9E6629459B}
2012-02-22 05:03:33 -------- d-----w- C:\Users\owner\AppData\Local\{EE4A4F7A-62FF-40B5-BD95-D9B41F453C28}
2012-02-21 17:03:06 -------- d-----w- C:\Users\owner\AppData\Local\{A24E7A36-8262-4640-9CF8-09CE23A2BFD3}
2012-02-21 17:02:46 -------- d-----w- C:\Users\owner\AppData\Local\{52A9A6FC-83BA-4DB0-940D-F778DA52F514}
2012-02-21 05:02:36 -------- d-----w- C:\Users\owner\AppData\Local\{FD0D21D8-A737-41F7-B29C-58D1C74CD103}
2012-02-21 05:02:17 -------- d-----w- C:\Users\owner\AppData\Local\{2EDABB9F-3E3E-41E0-A1DD-10F97798FD55}
2012-02-20 17:02:08 -------- d-----w- C:\Users\owner\AppData\Local\{A9AB68B3-B5A9-42EE-973C-577BC3AD50D8}
2012-02-20 17:01:49 -------- d-----w- C:\Users\owner\AppData\Local\{FBC72F71-18FD-4703-8DD6-1EDF9AECA5A7}
2012-02-20 05:01:39 -------- d-----w- C:\Users\owner\AppData\Local\{9A4E0291-B05F-42F4-828F-49C127CB29C2}
2012-02-20 05:01:21 -------- d-----w- C:\Users\owner\AppData\Local\{41D881D8-692F-4894-8260-CF92D720963D}
2012-02-19 17:01:11 -------- d-----w- C:\Users\owner\AppData\Local\{F64511BB-CC66-4071-97C8-B9CC81B04567}
2012-02-19 05:00:42 -------- d-----w- C:\Users\owner\AppData\Local\{FC2BE389-AEDE-4517-9D36-BAEC51C160FA}
2012-02-18 17:00:14 -------- d-----w- C:\Users\owner\AppData\Local\{8EBA2037-4236-4DC8-88F1-72A9719D6090}
2012-02-18 04:59:56 -------- d-----w- C:\Users\owner\AppData\Local\{21648168-E0DA-40F6-B327-28AEE6E86976}
2012-02-17 16:59:28 -------- d-----w- C:\Users\owner\AppData\Local\{027B78DA-803F-4C2E-B857-03F47A495F1A}
2012-02-17 16:59:10 -------- d-----w- C:\Users\owner\AppData\Local\{A770507C-9710-45FB-BE15-884874E0F8F9}
2012-02-17 04:58:48 -------- d-----w- C:\Users\owner\AppData\Local\{59E00FD2-3D2A-45BB-BFB7-DC0B27B6F4FF}
2012-02-17 04:58:29 -------- d-----w- C:\Users\owner\AppData\Local\{75E88B66-BBD1-41E6-A650-3FE82D886FD4}
2012-02-16 16:58:19 -------- d-----w- C:\Users\owner\AppData\Local\{CBF84AA5-4AF0-424E-AE9A-7C3041756541}
2012-02-16 04:57:50 -------- d-----w- C:\Users\owner\AppData\Local\{9B99BCFA-3463-4E86-BA07-DDD449E606A2}
2012-02-16 04:57:32 -------- d-----w- C:\Users\owner\AppData\Local\{11D1C5CA-697E-45FF-95AE-604653D688C8}
2012-02-15 16:57:09 -------- d-----w- C:\Users\owner\AppData\Local\{9F4ED1A9-D2F5-4F0A-ADB8-91E1A01A8F6D}
2012-02-15 16:56:50 -------- d-----w- C:\Users\owner\AppData\Local\{B9D092C8-E841-41F3-804E-B63FC950FEAB}
2012-02-15 09:01:02 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-02-15 09:01:02 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-02-15 09:01:01 141112 ----a-w- C:\Program Files (x86)\Internet Explorer\sqmapi.dll
2012-02-15 09:01:00 304640 ----a-w- C:\Program Files\Internet Explorer\IEShims.dll
2012-02-15 09:01:00 2308096 ----a-w- C:\Windows\System32\jscript9.dll
2012-02-15 09:01:00 194048 ----a-w- C:\Program Files (x86)\Internet Explorer\IEShims.dll
2012-02-15 09:01:00 174392 ----a-w- C:\Program Files\Internet Explorer\sqmapi.dll
2012-02-15 04:56:41 -------- d-----w- C:\Users\owner\AppData\Local\{A2C1CC88-1F38-44AC-9744-C9AB3043164E}
2012-02-14 21:32:07 515584 ----a-w- C:\Windows\System32\timedate.cpl
2012-02-14 21:32:06 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl
2012-02-14 21:32:02 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2012-02-14 21:32:02 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
2012-02-14 21:32:00 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-02-14 21:31:58 498688 ----a-w- C:\Windows\System32\drivers\afd.sys
2012-02-14 21:31:54 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll
2012-02-14 21:31:54 634880 ----a-w- C:\Windows\System32\msvcrt.dll
2012-02-14 16:56:13 -------- d-----w- C:\Users\owner\AppData\Local\{365E500B-B227-4E09-B4B9-4F8E55B425E6}
2012-02-14 04:55:45 -------- d-----w- C:\Users\owner\AppData\Local\{0D8410D1-D937-4649-9B95-1D774B7376AD}
2012-02-13 16:55:17 -------- d-----w- C:\Users\owner\AppData\Local\{A81A31CE-B7EE-4D9C-A349-F48AEFED3CEC}
2012-02-13 04:54:48 -------- d-----w- C:\Users\owner\AppData\Local\{6C3BA66C-155E-4DE8-AD5C-A9E5497DC19D}
2012-02-12 16:54:19 -------- d-----w- C:\Users\owner\AppData\Local\{4C73B801-AB30-4841-8F73-44B4D210B6EA}
2012-02-12 04:53:50 -------- d-----w- C:\Users\owner\AppData\Local\{6DE2A98E-AA54-4280-B355-AEDB0E234F6C}
2012-02-12 04:53:42 -------- d-----w- C:\Users\owner\AppData\Local\{9D9CA64F-DF18-4301-AB3C-19A10FBE39BA}
2012-02-11 16:53:12 -------- d-----w- C:\Users\owner\AppData\Local\{CE2EDB64-CC83-4BBA-902D-80EFBB6A74F1}
2012-02-11 16:52:49 -------- d-----w- C:\Users\owner\AppData\Local\{29BDE39D-B8DA-41D8-93E9-581BC9FA8CE3}
2012-02-11 04:52:37 -------- d-----w- C:\Users\owner\AppData\Local\{87E96B92-3767-4F69-A05B-7D57438A4406}
2012-02-11 04:52:18 -------- d-----w- C:\Users\owner\AppData\Local\{B04EEB76-0AE4-4E2D-B3AC-63330B95845C}
2012-02-10 23:41:29 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E6755B17-25C5-4E4B-B889-A7B757F5B802}\gapaengine.dll
2012-02-10 16:51:48 -------- d-----w- C:\Users\owner\AppData\Local\{A21EA341-79ED-4F29-986C-9F08C8E41392}
2012-02-10 04:50:59 -------- d-----w- C:\Users\owner\AppData\Local\{4F79C9D1-0094-4D3D-8870-3EA361B01450}
2012-02-10 02:05:44 416064 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2012-02-09 16:50:20 -------- d-----w- C:\Users\owner\AppData\Local\{F01CBA00-35CA-44ED-B35F-BE0950AD56FD}
2012-02-09 16:49:59 -------- d-----w- C:\Users\owner\AppData\Local\{2A960EEF-6B61-4D2B-94CD-9AA992C89DD6}
2012-02-09 04:49:31 -------- d-----w- C:\Users\owner\AppData\Local\{C7287D08-06F8-4A4B-AD96-4BF9B520EBD1}
2012-02-09 04:49:12 -------- d-----w- C:\Users\owner\AppData\Local\{99874654-138E-4A6A-AD8D-6416EA388A60}
2012-02-08 16:48:44 -------- d-----w- C:\Users\owner\AppData\Local\{0BFC323C-FE31-4F29-8BD2-783EC2E97438}
2012-02-08 16:48:25 -------- d-----w- C:\Users\owner\AppData\Local\{04734E98-779C-4A25-95B3-9BA90298C38C}
2012-02-08 04:47:53 -------- d-----w- C:\Users\owner\AppData\Local\{4ACF8650-09D1-4692-A609-41ED19CA6530}
2012-02-08 04:47:32 -------- d-----w- C:\Users\owner\AppData\Local\{DA0D1D0A-C1A8-4DDA-84A6-14F6CAB425E1}
2012-02-08 01:57:04 -------- d-----w- C:\Program Files\iPod
2012-02-08 01:56:57 -------- d-----w- C:\Program Files (x86)\iTunes
2012-02-08 01:56:56 -------- d-----w- C:\Program Files\iTunes
2012-02-07 16:47:03 -------- d-----w- C:\Users\owner\AppData\Local\{BFDE0101-A03D-495D-AC52-3C2E0701AA9F}
2012-02-07 16:40:04 -------- d-----w- C:\Program Files (x86)\Binnerup Consult
2012-02-07 16:36:32 -------- d-----w- C:\Program Files\Microsoft SQL Server
2012-02-07 16:36:29 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server
2012-02-07 16:30:36 -------- d-----w- C:\ProgramData\My Movies
2012-02-07 14:38:24 -------- d-----w- C:\ProgramData\MediaBrowser
2012-02-07 04:46:32 -------- d-----w- C:\Users\owner\AppData\Local\{9C212E10-F7C6-4C33-80DA-A0388116DEEB}
2012-02-07 04:46:14 -------- d-----w- C:\Users\owner\AppData\Local\{05B10BF2-1DEC-4F0B-8723-7081A38548D4}
2012-02-07 03:17:29 -------- d-----w- C:\Video
2012-02-07 03:15:02 -------- d-----w- C:\Users\owner\.MakeMKV
2012-02-07 03:14:55 -------- d-----w- C:\Program Files (x86)\MakeMKV
2012-02-06 16:45:51 -------- d-----w- C:\Users\owner\AppData\Local\{53F71FC7-8774-4FE7-BCA7-C0B1548EE160}
2012-02-06 04:45:23 -------- d-----w- C:\Users\owner\AppData\Local\{56998FF6-1E3C-4B96-8D68-98C991E421A5}
2012-02-05 16:44:55 -------- d-----w- C:\Users\owner\AppData\Local\{F8433DC4-82FF-4465-8886-62C7F5966F0D}
2012-02-05 04:44:25 -------- d-----w- C:\Users\owner\AppData\Local\{31A82ACF-BF9B-4FCB-8E17-D390DE8AB6EE}
2012-02-05 04:44:17 -------- d-----w- C:\Users\owner\AppData\Local\{9014EF1D-4BAA-4377-AB5B-FD351863BB45}
2012-02-04 16:44:05 -------- d-----w- C:\Users\owner\AppData\Local\{0529D4A1-1634-401D-B008-C436052DA4E5}
2012-02-04 16:43:46 -------- d-----w- C:\Users\owner\AppData\Local\{140EBEE7-14B3-43BB-8260-804E21DF1194}
2012-02-04 04:43:28 -------- d-----w- C:\Users\owner\AppData\Local\{6FA456C5-C6DD-40F8-8D91-92711C9702FD}
2012-02-04 04:43:19 -------- d-----w- C:\Users\owner\AppData\Local\{4A74BAA7-B85C-4D8E-96B8-1482803B6440}
2012-02-04 00:33:11 16856 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
2012-02-04 00:33:10 719832 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozcpp19.dll
2012-02-03 04:47:53 -------- d-----w- C:\Users\owner\AppData\Local\{B3F2480D-3706-4DFC-B660-2D1D288A0483}
2012-02-03 04:47:24 -------- d-----w- C:\Users\owner\AppData\Local\{DD8DF901-20DE-4262-8097-F08BC14D8DFA}
2012-02-02 16:46:58 -------- d-----w- C:\Users\owner\AppData\Local\{447684B8-78C5-481C-8851-5A6CA46250FD}
2012-02-02 16:46:21 -------- d-----w- C:\Users\owner\AppData\Local\{D36343E3-59F3-46FA-897C-7AA389D30290}
2012-02-02 04:46:02 -------- d-----w- C:\Users\owner\AppData\Local\{E808AE6F-1B46-4781-885A-55B19B9AD83F}
2012-02-01 18:28:11 -------- d-----w- C:\ProgramData\twonkyserver
2012-02-01 18:27:57 -------- d-----w- C:\ProgramData\TwonkyMedia
2012-02-01 18:27:41 -------- d-----w- C:\Program Files (x86)\TwonkyMedia
2012-02-01 16:45:32 -------- d-----w- C:\Users\owner\AppData\Local\{BB23D32C-CE90-41E7-8887-D5965ECF3F78}
2012-02-01 16:45:14 -------- d-----w- C:\Users\owner\AppData\Local\{BA65050D-0D49-4FB6-A68D-73269B15ABEB}
2012-02-01 15:00:12 -------- d-----w- C:\Program Files (x86)\Xiph.Org
2012-02-01 15:00:08 -------- d-----w- C:\Program Files (x86)\TVersity Codec Pack
2012-02-01 14:58:46 -------- d-----w- C:\Program Files (x86)\TVersitybar
2012-02-01 14:58:28 -------- d-----w- C:\ProgramData\TVersity
2012-02-01 04:44:49 -------- d-----w- C:\Users\owner\AppData\Local\{361E2CA3-36ED-4630-A7EB-6210A292A8F9}
2012-02-01 04:44:29 -------- d-----w- C:\Users\owner\AppData\Local\{3D6F390D-4677-413F-933E-FFEF295E61AF}
2012-01-31 16:44:05 -------- d-----w- C:\Users\owner\AppData\Local\{5AA22064-6F06-4F32-B38F-12A81BB12AF9}
2012-01-31 04:43:36 -------- d-----w- C:\Users\owner\AppData\Local\{C6D17E43-FEE9-4817-A9DA-A391C0679FB1}
2012-01-30 16:43:07 -------- d-----w- C:\Users\owner\AppData\Local\{2E99FC19-C73D-4152-B155-E304206E4747}
2012-01-30 16:43:00 -------- d-----w- C:\Users\owner\AppData\Local\{E6BD74C6-AEBD-4BDB-B29D-6F37FB4490C0}
2012-01-30 14:44:05 -------- d-----w- C:\Program Files (x86)\Convert DVD to AVI
2012-01-30 04:23:33 -------- d-----w- C:\Users\owner\AppData\Local\{07D2CB4E-67C4-4049-8D9A-141F31170F1A}
2012-01-30 04:23:14 -------- d-----w- C:\Users\owner\AppData\Local\{4070E5AD-5A36-433E-8B34-456B0585D974}
2012-01-30 00:06:22 839680 ----a-w- C:\Windows\SysWow64\lameACM.acm
2012-01-30 00:06:18 151552 ----a-w- C:\Windows\SysWow64\ac3acm.acm
2012-01-30 00:06:16 79360 ----a-w- C:\Windows\SysWow64\ff_vfw.dll
2012-01-29 22:26:39 -------- d-----w- C:\Users\owner\AppData\Roaming\NVIDIA
2012-01-29 21:23:01 -------- d-----w- C:\Program Files (x86)\bitRipper
2012-01-29 21:12:09 -------- d-----w- C:\Program Files (x86)\XviD
2012-01-29 21:11:56 -------- d-----w- C:\Program Files (x86)\AviSynth 2.5
2012-01-29 21:11:27 -------- d-----w- C:\Program Files (x86)\AutoGK
2012-01-29 20:44:00 9717568 ----a-w- C:\Windows\System32\nvwgf2umx.dll
2012-01-29 20:44:00 7713088 ----a-w- C:\Windows\SysWow64\nvwgf2um.dll
2012-01-29 20:44:00 1737536 ----a-w- C:\Windows\System32\nvdispco64.dll
2012-01-29 20:44:00 1466176 ----a-w- C:\Windows\System32\nvgenco64.dll
2012-01-29 20:43:59 2660160 ----a-w- C:\Windows\System32\nvapi64.dll
2012-01-29 20:43:22 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation
2012-01-29 20:43:16 889664 ----a-w- C:\Windows\System32\nvvsvc.exe
2012-01-29 20:43:16 63296 ----a-w- C:\Windows\System32\nvshext.dll
2012-01-29 20:43:16 6074176 ----a-w- C:\Windows\System32\nvcpl.dll
2012-01-29 20:43:16 3089728 ----a-w- C:\Windows\System32\nvsvc64.dll
2012-01-29 20:43:16 2560616 ----a-w- C:\Windows\System32\nvsvcr.dll
2012-01-29 20:43:16 118080 ----a-w- C:\Windows\System32\nvmctray.dll
2012-01-29 20:42:25 -------- d-----w- C:\Program Files\NVIDIA Corporation
2012-01-29 20:26:17 -------- d-----w- C:\NVIDIA
2012-01-29 16:22:50 -------- d-----w- C:\Users\owner\AppData\Local\{0B84674E-62E2-4A83-A9C8-D399E3A38AC3}
2012-01-29 16:22:32 -------- d-----w- C:\Users\owner\AppData\Local\{D321881F-DAFC-4327-93EA-273331A6926D}
.
==================== Find3M ====================
.
2012-02-04 00:36:30 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-31 12:44:20 279656 ------w- C:\Windows\System32\MpSigStub.exe
2011-12-29 18:00:00 92160 ----a-w- C:\Windows\System32\ff_vfw.dll
2011-12-14 07:04:30 1390080 ----a-w- C:\Windows\System32\wininet.dll
2011-12-14 07:03:38 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2011-12-14 03:04:54 1798656 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-12-14 02:57:18 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-12-14 02:56:58 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2011-12-10 21:24:08 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
.
============= FINISH: 9:08:19.58 ===============

Attached Files

  • Attached File  DDS.txt   38.34KB   0 downloads


#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:55 AM

Posted 28 February 2012 - 01:11 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 greenslam

greenslam
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:06:55 AM

Posted 28 February 2012 - 02:10 PM

Here is the the combo log.

I had two issues. Attached the jpg of it. "\??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver." I also had an issue when at start up with the my movies program on the reboot.

Now I am noticing that windows defender can't run. Edit: This is by design as per MS MSE FAQ

ComboFix 12-02-27.02 - owner 02/28/2012 12:25:29.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4095.2303 [GMT -6:00]
Running from: c:\users\owner\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\windows\SysWow64\.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-01-28 to 2012-02-28 )))))))))))))))))))))))))))))))
.
.
2012-02-28 18:49 . 2012-02-28 18:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-28 07:34 . 2012-02-08 07:13 8643640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C6241241-91FE-423F-AB63-546FE7174F12}\mpengine.dll
2012-02-27 15:34 . 2012-02-27 15:34 -------- d-----w- c:\windows\LastGood.Tmp
2012-02-26 23:42 . 2012-02-26 23:42 -------- d-----w- c:\program files (x86)\WinZip Courier
2012-02-26 23:42 . 2012-02-26 23:42 -------- d-----w- c:\windows\CD95F661A5C411AFB2CCABCD21A325B8.TMP
2012-02-26 23:42 . 2012-02-26 23:42 -------- d-----w- c:\users\owner\AppData\Local\WinZip
2012-02-26 23:42 . 2012-02-26 23:42 -------- d-----w- c:\programdata\WinZip
2012-02-25 21:28 . 2012-02-27 15:35 -------- d-----w- c:\users\UpdatusUser
2012-02-25 01:21 . 2012-02-25 01:21 -------- d-----w- c:\program files\Speccy
2012-02-24 16:02 . 2012-02-24 16:02 -------- d-----w- C:\symcache
2012-02-24 15:46 . 2012-02-24 15:46 -------- d-----w- c:\program files (x86)\Common Files\Microsoft KitSetup
2012-02-24 15:35 . 2012-02-24 15:35 -------- d-----w- c:\program files\dsf
2012-02-24 15:35 . 2012-02-24 15:35 -------- d-----w- C:\WinDDK
2012-02-15 09:01 . 2011-12-14 06:57 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-15 09:01 . 2011-12-14 02:50 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-02-15 09:01 . 2011-12-14 03:32 141112 ----a-w- c:\program files (x86)\Internet Explorer\sqmapi.dll
2012-02-15 09:01 . 2011-12-14 07:47 174392 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2012-02-15 09:01 . 2011-12-14 07:11 2308096 ----a-w- c:\windows\system32\jscript9.dll
2012-02-15 09:01 . 2011-12-14 07:01 304640 ----a-w- c:\program files\Internet Explorer\IEShims.dll
2012-02-15 09:01 . 2011-12-14 02:54 194048 ----a-w- c:\program files (x86)\Internet Explorer\IEShims.dll
2012-02-14 21:32 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-02-14 21:32 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-02-14 21:32 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-14 21:32 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-02-14 21:32 . 2012-01-14 04:06 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-02-14 21:31 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-14 21:31 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-14 21:31 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-02-10 23:41 . 2012-02-10 23:41 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E6755B17-25C5-4E4B-B889-A7B757F5B802}\gapaengine.dll
2012-02-10 02:05 . 2012-02-10 02:05 416064 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2012-02-08 01:57 . 2012-02-08 01:57 -------- d-----w- c:\program files\iPod
2012-02-08 01:56 . 2012-02-08 01:58 -------- d-----w- c:\program files (x86)\iTunes
2012-02-08 01:56 . 2012-02-08 01:58 -------- d-----w- c:\program files\iTunes
2012-02-07 16:40 . 2012-02-07 16:40 -------- d-----w- c:\program files (x86)\Binnerup Consult
2012-02-07 16:36 . 2012-02-07 16:37 -------- d-----w- c:\program files\Microsoft SQL Server
2012-02-07 16:36 . 2012-02-11 18:47 -------- d-----w- c:\program files (x86)\Microsoft SQL Server
2012-02-07 16:30 . 2012-02-28 18:51 -------- d-----w- c:\programdata\My Movies
2012-02-07 14:38 . 2012-02-12 04:29 -------- d-----w- c:\programdata\MediaBrowser
2012-02-07 03:17 . 2012-02-07 03:17 -------- d-----w- C:\Video
2012-02-07 03:15 . 2012-02-07 03:15 -------- d-----w- c:\users\owner\.MakeMKV
2012-02-07 03:14 . 2012-02-07 03:14 -------- d-----w- c:\program files (x86)\MakeMKV
2012-02-04 00:33 . 2012-02-04 00:33 16856 ----a-w- c:\program files (x86)\Mozilla Firefox\plugin-container.exe
2012-02-04 00:33 . 2012-02-04 00:33 719832 ----a-w- c:\program files (x86)\Mozilla Firefox\mozcpp19.dll
2012-02-01 18:28 . 2012-02-28 18:51 -------- d-----w- c:\programdata\twonkyserver
2012-02-01 18:27 . 2012-02-28 18:50 -------- d-----w- c:\programdata\TwonkyMedia
2012-02-01 18:27 . 2012-02-26 22:11 -------- d-----w- c:\program files (x86)\TwonkyMedia
2012-02-01 15:00 . 2012-02-01 15:00 -------- d-----w- c:\program files (x86)\Xiph.Org
2012-02-01 15:00 . 2012-02-01 15:00 -------- d-----w- c:\program files (x86)\TVersity Codec Pack
2012-02-01 14:58 . 2012-02-01 14:58 -------- d-----w- c:\program files (x86)\TVersitybar
2012-02-01 14:58 . 2012-02-01 14:58 -------- d-----w- c:\programdata\TVersity
2012-01-30 01:21 . 2012-01-30 01:21 -------- d-----w- c:\users\owner\AppData\Roaming\Media Player Classic
2012-01-30 00:06 . 2008-09-24 19:41 839680 ----a-w- c:\windows\SysWow64\lameACM.acm
2012-01-30 00:06 . 2011-12-21 18:14 151552 ----a-w- c:\windows\SysWow64\ac3acm.acm
2012-01-30 00:06 . 2012-01-25 18:00 79360 ----a-w- c:\windows\SysWow64\ff_vfw.dll
2012-01-29 22:26 . 2012-01-29 22:26 -------- d-----w- c:\users\owner\AppData\Roaming\NVIDIA
2012-01-29 21:17 . 2012-01-29 21:17 -------- d-----w- c:\users\Public\agk_tmp
2012-01-29 21:12 . 2012-01-29 21:12 -------- d-----w- c:\program files (x86)\XviD
2012-01-29 21:11 . 2012-02-28 16:47 -------- d-----w- c:\program files (x86)\AviSynth 2.5
2012-01-29 21:11 . 2012-01-29 21:11 -------- d-----w- c:\program files (x86)\Gabest
2012-01-29 20:44 . 2012-02-10 04:13 9717568 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-01-29 20:44 . 2012-02-10 04:13 7713088 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-01-29 20:44 . 2012-02-10 04:13 1737536 ----a-w- c:\windows\system32\nvdispco64.dll
2012-01-29 20:44 . 2012-02-10 04:13 1466176 ----a-w- c:\windows\system32\nvgenco64.dll
2012-01-29 20:43 . 2012-02-10 04:13 2660160 ----a-w- c:\windows\system32\nvapi64.dll
2012-01-29 20:43 . 2012-02-27 15:35 -------- d-----w- c:\program files (x86)\NVIDIA Corporation
2012-01-29 20:43 . 2012-02-10 03:14 6074176 ----a-w- c:\windows\system32\nvcpl.dll
2012-01-29 20:43 . 2012-02-10 03:14 3089728 ----a-w- c:\windows\system32\nvsvc64.dll
2012-01-29 20:43 . 2012-02-10 03:07 889664 ----a-w- c:\windows\system32\nvvsvc.exe
2012-01-29 20:43 . 2012-02-10 03:07 63296 ----a-w- c:\windows\system32\nvshext.dll
2012-01-29 20:43 . 2012-02-10 03:07 118080 ----a-w- c:\windows\system32\nvmctray.dll
2012-01-29 20:43 . 2011-05-21 12:01 2560616 ----a-w- c:\windows\system32\nvsvcr.dll
2012-01-29 20:42 . 2012-02-25 21:28 -------- d-----w- c:\program files\NVIDIA Corporation
2012-01-29 20:26 . 2012-01-29 20:26 -------- d-----w- C:\NVIDIA
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-08 07:13 . 2010-09-27 16:03 8643640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-02-04 00:36 . 2011-10-14 13:37 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-31 12:44 . 2010-05-14 20:55 279656 ------w- c:\windows\system32\MpSigStub.exe
2011-12-29 18:00 . 2012-01-14 13:41 92160 ----a-w- c:\windows\system32\ff_vfw.dll
2011-12-22 13:32 . 2010-10-22 02:54 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-12-10 21:24 . 2010-10-01 02:31 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{66bd2442-241b-44cd-8c7a-b51037053cdb}"= "c:\program files (x86)\TVersitybar\prxtbTVer.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{66bd2442-241b-44cd-8c7a-b51037053cdb}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-09-12 20:02 3863136 ----a-w- c:\program files (x86)\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{66bd2442-241b-44cd-8c7a-b51037053cdb}]
2011-05-09 08:49 176936 ----a-w- c:\program files (x86)\TVersitybar\prxtbTVer.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2010-09-12 20:02 3863136 ----a-w- c:\program files (x86)\Vuze_Remote\tbVuze.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\tbVuze.dll" [2010-09-12 3863136]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\ConduitEngine.dll" [2010-09-12 3863136]
"{66bd2442-241b-44cd-8c7a-b51037053cdb}"= "c:\program files (x86)\TVersitybar\prxtbTVer.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{66bd2442-241b-44cd-8c7a-b51037053cdb}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-10-01 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-05-18 2157056]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"My Movies Tray"="c:\program files (x86)\Binnerup Consult\My Movies for Windows Media Center\My Movies Tray.exe" [2011-12-15 477392]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Twonky Tray Control.lnk - c:\program files (x86)\TwonkyMedia\twonkymediaserverconfig.exe [2012-1-13 611144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 aaobcpmd;aaobcpmd;c:\windows\system32\drivers\aaobcpmd.sys [x]
R1 culghyjg;culghyjg;c:\windows\system32\drivers\culghyjg.sys [x]
R1 jrcrljna;jrcrljna;c:\windows\system32\drivers\jrcrljna.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-01 136176]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-01 136176]
R3 HRMACPI;DSF ACPI Redirection Module;c:\windows\system32\DRIVERS\HRMACPI.SYS [x]
R3 HRMCFGSPC;DSF General Configuration Space Redirection Module;c:\windows\system32\DRIVERS\HRMCFGSPC.SYS [x]
R3 HRMINTS;DSF Interrupt Redirection Module;c:\windows\system32\DRIVERS\HRMINTS.SYS [x]
R3 HRMPORTS;DSF IO Port Redirection Module;c:\windows\system32\DRIVERS\HRMPORTS.SYS [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 MSSQL$MYMOVIES;SQL Server (MYMOVIES);c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-11 29293408]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 rt70x64;Linksys Home Wireless-G USB Adaptor Driver;c:\windows\system32\DRIVERS\netr7064.sys [x]
R3 SOFTHIDUSBK;USB HID Layer;c:\windows\system32\DRIVERS\SOFTHIDUSBK.SYS [x]
R3 SOFTUSBK;Generic USB device;c:\windows\system32\DRIVERS\SOFTUSBK.SYS [x]
R3 SOFTUSBTESTHUB;Generic USB Test Hub;c:\windows\system32\DRIVERS\SOFTUSBTESTHUB.SYS [x]
R3 SOFTWADP;Wireless adapter devices;c:\windows\system32\DRIVERS\SOFTWADP.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WPRO_40_1340;WinPcap Packet Driver (WPRO_40_1340);c:\windows\system32\drivers\WPRO_40_1340.sys [x]
R3 WSOFTUSBK;Generic wireless USB device;c:\windows\system32\DRIVERS\WSOFTUSBK.SYS [x]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 DSFKSVCS;Kernel Services for DSF;c:\windows\system32\DRIVERS\dsfksvcs.sys [x]
S0 dsfroot;root enumerated bus driver;c:\windows\system32\DRIVERS\dsfroot.sys [x]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-02-10 2348352]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-10 382272]
S2 TwonkyMedia;TwonkyMedia;c:\program files (x86)\TwonkyMedia\twonkymediaserverwatchdog.exe [2012-01-13 512840]
S2 TwonkyWebDav;TwonkyWebDav;c:\program files (x86)\TwonkyMedia\twonkywebdav.exe [2012-01-13 250696]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-01 02:19]
.
2012-02-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-01 02:19]
.
2012-02-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2180302528-1211826313-2783988840-1000Core.job
- c:\users\owner\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-27 20:54]
.
2012-02-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2180302528-1211826313-2783988840-1000UA.job
- c:\users\owner\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-27 20:54]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.yahoo.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = local;*.local
TCP: DhcpNameServer = 192.168.100.254
FF - ProfilePath - c:\users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\9uq3tjx8.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2405280&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Softonic-Eng7 Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com/?l=dis&o=15784
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - (no file)
WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
WebBrowser-{7B13EC3E-999A-4B70-B9CB-2617B8323822} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
WebBrowser-{66BD2442-241B-44CD-8C7A-B51037053CDB} - (no file)
AddRemove-Oracle Live Help On Demand - Agent Console - Andrew G (82631324) - c:\windows\system32\javaws.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DSFKSVCS\MofImagePath]
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2180302528-1211826313-2783988840-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2180302528-1211826313-2783988840-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\0a\01\0a\0f\1a\16?"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\programdata\TVersity\Media Server\MediaServer.exe
.
**************************************************************************
.
Completion time: 2012-02-28 12:56:49 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-28 18:56
.
Pre-Run: 471,799,332,864 bytes free
Post-Run: 474,655,105,024 bytes free
.
- - End Of File - - 19CF8AE9CFCC76C1C9CC8139A179A885

Attached Files


Edited by greenslam, 28 February 2012 - 02:20 PM.


#5 greenslam

greenslam
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:06:55 AM

Posted 28 February 2012 - 10:37 PM

FYI, I had another hang. It looks like I had loose SATA cables connecting my DVD drive and the drive was not being seen. I reconnected them and now my dvd drive is showing again. I was playing Civ 4 at the time.

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:55 AM

Posted 29 February 2012 - 08:57 AM

Greetings

Lets hope that was the problem

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 greenslam

greenslam
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:06:55 AM

Posted 29 February 2012 - 10:39 AM

TDSSKiller report


08:32:01.0714 0812 TDSS rootkit removing tool 2.7.17.0 Feb 29 2012 14:02:24
08:32:02.0042 0812 ============================================================
08:32:02.0042 0812 Current date / time: 2012/02/29 08:32:02.0042
08:32:02.0042 0812 SystemInfo:
08:32:02.0042 0812
08:32:02.0042 0812 OS Version: 6.1.7601 ServicePack: 1.0
08:32:02.0042 0812 Product type: Workstation
08:32:02.0042 0812 ComputerName: LIVINGROOM
08:32:02.0042 0812 UserName: owner
08:32:02.0042 0812 Windows directory: C:\Windows
08:32:02.0042 0812 System windows directory: C:\Windows
08:32:02.0042 0812 Running under WOW64
08:32:02.0042 0812 Processor architecture: Intel x64
08:32:02.0042 0812 Number of processors: 2
08:32:02.0042 0812 Page size: 0x1000
08:32:02.0042 0812 Boot type: Normal boot
08:32:02.0042 0812 ============================================================
08:32:02.0777 0812 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x700FC, SectorsPerTrack: 0x13, TracksPerCylinder: 0xE0, Type 'K0', Flags 0x00000040
08:32:02.0792 0812 \Device\Harddisk0\DR0:
08:32:02.0792 0812 MBR used
08:32:02.0792 0812 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
08:32:02.0792 0812 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3000
08:32:02.0824 0812 Initialize success
08:32:02.0824 0812 ============================================================

Aswmbr report for quick scan. I tried scanning c: and it crashed.


aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software
Run date: 2012-02-29 08:34:02
-----------------------------
08:34:02.196 OS Version: Windows x64 6.1.7601 Service Pack 1
08:34:02.196 Number of processors: 2 586 0x602
08:34:02.196 ComputerName: LIVINGROOM UserName: owner
08:34:04.243 Initialize success
08:35:14.526 AVAST engine defs: 12022900
08:38:02.304 The log file has been saved successfully to "C:\Users\owner\Desktop\aswMBR.txt"

aswmbr scan crash info

Faulting application name: aswMBR.exe, version: 0.9.9.1649, time stamp: 0x4f43d3d5
Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec49b8f
Exception code: 0xc0000005
Fault offset: 0x0002e41b
Faulting process id: 0xa44
Faulting application start time: 0x01ccf6ef2e5217d6
Faulting application path: C:\Users\owner\Downloads\aswMBR.exe
Faulting module path: C:\Windows\SysWOW64\ntdll.dll
Report Id: e6a0f882-62ea-11e1-973f-002522462d25

xml view
- <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
- <System>
<Provider Name="Application Error" />
<EventID Qualifiers="0">1000</EventID>
<Level>2</Level>
<Task>100</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2012-02-29T15:34:43.000000000Z" />
<EventRecordID>75455</EventRecordID>
<Channel>Application</Channel>
<Computer>LivingRoom</Computer>
<Security />
</System>
- <EventData>
<Data>aswMBR.exe</Data>
<Data>0.9.9.1649</Data>
<Data>4f43d3d5</Data>
<Data>ntdll.dll</Data>
<Data>6.1.7601.17725</Data>
<Data>4ec49b8f</Data>
<Data>c0000005</Data>
<Data>0002e41b</Data>
<Data>a44</Data>
<Data>01ccf6ef2e5217d6</Data>
<Data>C:\Users\owner\Downloads\aswMBR.exe</Data>
<Data>C:\Windows\SysWOW64\ntdll.dll</Data>
<Data>e6a0f882-62ea-11e1-973f-002522462d25</Data>
</EventData>
</Event>

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:55 AM

Posted 29 February 2012 - 10:58 AM

are these run in normal mode or safe mode


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 greenslam

greenslam
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:06:55 AM

Posted 29 February 2012 - 11:40 AM

normal mode

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:55 AM

Posted 29 February 2012 - 11:46 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 greenslam

greenslam
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:06:55 AM

Posted 29 February 2012 - 12:46 PM

Combo fix report

I had Java pop up with a security risk ( I said no to it) due to the java cache clearing.


ComboFix 12-02-27.02 - owner 02/29/2012 11:29:50.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4095.1311 [GMT -6:00]
Running from: c:\users\owner\Desktop\ComboFix.exe
Command switches used :: c:\users\owner\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\21fb4014-3fe94809
c:\users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\58800f15-4599f7dc
c:\users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\63044d56-304a2ca5
c:\users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\6b5793d9-67302f4e
c:\users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\5603969d-3f3cdd12
c:\users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\298f355f-15da9bf0
c:\users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\1c1e6166-31d702e0-n\NativeHttp.dll
c:\users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\1c1e6166-31d702e0
c:\users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\4082aaac-1dbbe96c
c:\users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\47d915ae-6f726d78-n\NativeFlashFrame.dll
c:\users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\47d915ae-6f726d78
c:\users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\705f9675-1093940a
c:\users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\48c57b3c-47f1bd43
.
.
((((((((((((((((((((((((( Files Created from 2012-01-28 to 2012-02-29 )))))))))))))))))))))))))))))))
.
.
2012-02-29 17:38 . 2012-02-29 17:38 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4DB671AE-389C-4C9A-9FF0-2726E57AC723}\offreg.dll
2012-02-29 17:36 . 2012-02-29 17:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-29 08:28 . 2012-02-08 07:13 8643640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4DB671AE-389C-4C9A-9FF0-2726E57AC723}\mpengine.dll
2012-02-29 02:47 . 2012-02-29 02:47 -------- d-----w- c:\programdata\Symantec
2012-02-29 02:47 . 2012-02-29 02:48 -------- d-----w- c:\programdata\Norton
2012-02-26 23:42 . 2012-02-26 23:42 -------- d-----w- c:\program files (x86)\WinZip Courier
2012-02-26 23:42 . 2012-02-26 23:42 -------- d-----w- c:\windows\CD95F661A5C411AFB2CCABCD21A325B8.TMP
2012-02-26 23:42 . 2012-02-26 23:42 -------- d-----w- c:\users\owner\AppData\Local\WinZip
2012-02-26 23:42 . 2012-02-26 23:42 -------- d-----w- c:\programdata\WinZip
2012-02-25 21:28 . 2012-02-29 01:05 -------- d-----w- c:\users\UpdatusUser
2012-02-25 01:21 . 2012-02-25 01:21 -------- d-----w- c:\program files\Speccy
2012-02-24 16:02 . 2012-02-24 16:02 -------- d-----w- C:\symcache
2012-02-24 15:46 . 2012-02-24 15:46 -------- d-----w- c:\program files (x86)\Common Files\Microsoft KitSetup
2012-02-24 15:35 . 2012-02-24 15:35 -------- d-----w- c:\program files\dsf
2012-02-24 15:35 . 2012-02-24 15:35 -------- d-----w- C:\WinDDK
2012-02-15 09:01 . 2011-12-14 06:57 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-15 09:01 . 2011-12-14 02:50 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-02-15 09:01 . 2011-12-14 03:32 141112 ----a-w- c:\program files (x86)\Internet Explorer\sqmapi.dll
2012-02-15 09:01 . 2011-12-14 07:47 174392 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2012-02-15 09:01 . 2011-12-14 07:11 2308096 ----a-w- c:\windows\system32\jscript9.dll
2012-02-15 09:01 . 2011-12-14 07:01 304640 ----a-w- c:\program files\Internet Explorer\IEShims.dll
2012-02-15 09:01 . 2011-12-14 02:54 194048 ----a-w- c:\program files (x86)\Internet Explorer\IEShims.dll
2012-02-14 21:32 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-02-14 21:32 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-02-14 21:32 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-14 21:32 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-02-14 21:32 . 2012-01-14 04:06 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-02-14 21:31 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-14 21:31 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-14 21:31 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-02-10 23:41 . 2012-02-10 23:41 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E6755B17-25C5-4E4B-B889-A7B757F5B802}\gapaengine.dll
2012-02-10 02:05 . 2012-02-10 02:05 416064 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2012-02-08 01:57 . 2012-02-08 01:57 -------- d-----w- c:\program files\iPod
2012-02-08 01:56 . 2012-02-08 01:58 -------- d-----w- c:\program files (x86)\iTunes
2012-02-08 01:56 . 2012-02-08 01:58 -------- d-----w- c:\program files\iTunes
2012-02-07 16:36 . 2012-02-07 16:37 -------- d-----w- c:\program files\Microsoft SQL Server
2012-02-07 16:36 . 2012-02-11 18:47 -------- d-----w- c:\program files (x86)\Microsoft SQL Server
2012-02-07 16:30 . 2012-02-28 20:21 -------- d-----w- c:\programdata\My Movies
2012-02-07 14:38 . 2012-02-12 04:29 -------- d-----w- c:\programdata\MediaBrowser
2012-02-07 03:17 . 2012-02-07 03:17 -------- d-----w- C:\Video
2012-02-07 03:15 . 2012-02-07 03:15 -------- d-----w- c:\users\owner\.MakeMKV
2012-02-07 03:14 . 2012-02-07 03:14 -------- d-----w- c:\program files (x86)\MakeMKV
2012-02-04 00:33 . 2012-02-04 00:33 16856 ----a-w- c:\program files (x86)\Mozilla Firefox\plugin-container.exe
2012-02-04 00:33 . 2012-02-04 00:33 719832 ----a-w- c:\program files (x86)\Mozilla Firefox\mozcpp19.dll
2012-02-01 18:28 . 2012-02-29 17:37 -------- d-----w- c:\programdata\twonkyserver
2012-02-01 18:27 . 2012-02-29 17:37 -------- d-----w- c:\programdata\TwonkyMedia
2012-02-01 18:27 . 2012-02-29 17:37 -------- d-----w- c:\program files (x86)\TwonkyMedia
2012-02-01 15:00 . 2012-02-01 15:00 -------- d-----w- c:\program files (x86)\Xiph.Org
2012-02-01 15:00 . 2012-02-01 15:00 -------- d-----w- c:\program files (x86)\TVersity Codec Pack
2012-02-01 14:58 . 2012-02-01 14:58 -------- d-----w- c:\program files (x86)\TVersitybar
2012-02-01 14:58 . 2012-02-01 14:58 -------- d-----w- c:\programdata\TVersity
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-10 04:13 . 2012-01-29 20:44 9717568 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-02-10 04:13 . 2012-01-29 20:44 7713088 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-02-10 04:13 . 2012-01-29 20:44 1737536 ----a-w- c:\windows\system32\nvdispco64.dll
2012-02-10 04:13 . 2012-01-29 20:44 1466176 ----a-w- c:\windows\system32\nvgenco64.dll
2012-02-10 04:13 . 2012-01-29 20:43 2660160 ----a-w- c:\windows\system32\nvapi64.dll
2012-02-10 03:14 . 2012-01-29 20:43 6074176 ----a-w- c:\windows\system32\nvcpl.dll
2012-02-10 03:14 . 2012-01-29 20:43 3089728 ----a-w- c:\windows\system32\nvsvc64.dll
2012-02-10 03:07 . 2012-01-29 20:43 889664 ----a-w- c:\windows\system32\nvvsvc.exe
2012-02-10 03:07 . 2012-01-29 20:43 63296 ----a-w- c:\windows\system32\nvshext.dll
2012-02-10 03:07 . 2012-01-29 20:43 118080 ----a-w- c:\windows\system32\nvmctray.dll
2012-02-08 07:13 . 2010-09-27 16:03 8643640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-02-04 00:36 . 2011-10-14 13:37 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-31 12:44 . 2010-05-14 20:55 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-01-25 18:00 . 2012-01-30 00:06 79360 ----a-w- c:\windows\SysWow64\ff_vfw.dll
2012-01-04 00:48 . 2012-01-04 00:48 354176 ----a-w- c:\windows\SysWow64\DivXControlPanelApplet.cpl
2011-12-29 18:00 . 2012-01-14 13:41 92160 ----a-w- c:\windows\system32\ff_vfw.dll
2011-12-22 13:32 . 2010-10-22 02:54 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-12-21 18:14 . 2012-01-30 00:06 151552 ----a-w- c:\windows\SysWow64\ac3acm.acm
2011-12-10 21:24 . 2010-10-01 02:31 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-02-28_18.51.53 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-05-17 14:56 . 2012-02-29 03:11 43720 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-02-29 03:11 50104 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-05-17 14:56 . 2012-02-29 03:11 14952 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2180302528-1211826313-2783988840-1000_UserData.bin
+ 2010-05-14 22:41 . 2012-02-29 12:40 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-05-14 22:41 . 2012-02-27 13:02 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-05-14 22:41 . 2012-02-27 13:02 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-05-14 22:41 . 2012-02-29 12:40 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-02-27 13:02 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-02-29 12:40 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-05-14 20:48 . 2012-02-29 06:27 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-05-14 20:48 . 2012-02-28 18:30 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:46 . 2012-02-28 18:54 99912 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2010-05-14 20:48 . 2012-02-29 06:27 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-05-14 20:48 . 2012-02-28 18:30 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-05-14 20:48 . 2012-02-29 06:27 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-05-14 20:48 . 2012-02-28 18:30 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-02-07 16:40 . 2012-02-07 16:40 17920 c:\windows\assembly\temp\PDBL3XNCNU\MyMoviesMSAS.dll
- 2012-02-28 18:51 . 2012-02-28 18:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-02-29 17:36 . 2012-02-29 17:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-02-28 18:51 . 2012-02-28 18:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-02-29 17:36 . 2012-02-29 17:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-02-07 16:40 . 2012-02-07 16:40 7680 c:\windows\assembly\temp\WJBBOTOG6I\MyMoviesMSASInterop.dll
- 2009-07-14 05:01 . 2012-02-28 18:50 474352 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-02-29 17:36 474352 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-05-23 13:18 . 2012-02-29 17:36 11388912 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2180302528-1211826313-2783988840-1000-12288.dat
- 2011-05-23 13:18 . 2012-02-28 18:50 11388912 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2180302528-1211826313-2783988840-1000-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{66bd2442-241b-44cd-8c7a-b51037053cdb}"= "c:\program files (x86)\TVersitybar\prxtbTVer.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{66bd2442-241b-44cd-8c7a-b51037053cdb}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-09-12 20:02 3863136 ----a-w- c:\program files (x86)\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{66bd2442-241b-44cd-8c7a-b51037053cdb}]
2011-05-09 08:49 176936 ----a-w- c:\program files (x86)\TVersitybar\prxtbTVer.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2010-09-12 20:02 3863136 ----a-w- c:\program files (x86)\Vuze_Remote\tbVuze.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\tbVuze.dll" [2010-09-12 3863136]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\ConduitEngine.dll" [2010-09-12 3863136]
"{66bd2442-241b-44cd-8c7a-b51037053cdb}"= "c:\program files (x86)\TVersitybar\prxtbTVer.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{66bd2442-241b-44cd-8c7a-b51037053cdb}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-10-01 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-05-18 2157056]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Twonky Tray Control.lnk - c:\program files (x86)\TwonkyMedia\twonkymediaserverconfig.exe [2012-1-13 611144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 aaobcpmd;aaobcpmd;c:\windows\system32\drivers\aaobcpmd.sys [x]
R1 culghyjg;culghyjg;c:\windows\system32\drivers\culghyjg.sys [x]
R1 jrcrljna;jrcrljna;c:\windows\system32\drivers\jrcrljna.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-01 136176]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-01 136176]
R3 HRMACPI;DSF ACPI Redirection Module;c:\windows\system32\DRIVERS\HRMACPI.SYS [x]
R3 HRMCFGSPC;DSF General Configuration Space Redirection Module;c:\windows\system32\DRIVERS\HRMCFGSPC.SYS [x]
R3 HRMINTS;DSF Interrupt Redirection Module;c:\windows\system32\DRIVERS\HRMINTS.SYS [x]
R3 HRMPORTS;DSF IO Port Redirection Module;c:\windows\system32\DRIVERS\HRMPORTS.SYS [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 MSSQL$MYMOVIES;SQL Server (MYMOVIES);c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-11 29293408]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 rt70x64;Linksys Home Wireless-G USB Adaptor Driver;c:\windows\system32\DRIVERS\netr7064.sys [x]
R3 SOFTHIDUSBK;USB HID Layer;c:\windows\system32\DRIVERS\SOFTHIDUSBK.SYS [x]
R3 SOFTUSBK;Generic USB device;c:\windows\system32\DRIVERS\SOFTUSBK.SYS [x]
R3 SOFTUSBTESTHUB;Generic USB Test Hub;c:\windows\system32\DRIVERS\SOFTUSBTESTHUB.SYS [x]
R3 SOFTWADP;Wireless adapter devices;c:\windows\system32\DRIVERS\SOFTWADP.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WPRO_40_1340;WinPcap Packet Driver (WPRO_40_1340);c:\windows\system32\drivers\WPRO_40_1340.sys [x]
R3 WSOFTUSBK;Generic wireless USB device;c:\windows\system32\DRIVERS\WSOFTUSBK.SYS [x]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 DSFKSVCS;Kernel Services for DSF;c:\windows\system32\DRIVERS\dsfksvcs.sys [x]
S0 dsfroot;root enumerated bus driver;c:\windows\system32\DRIVERS\dsfroot.sys [x]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-02-10 2348352]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-10 382272]
S2 TwonkyMedia;TwonkyMedia;c:\program files (x86)\TwonkyMedia\twonkymediaserverwatchdog.exe [2012-01-13 512840]
S2 TwonkyWebDav;TwonkyWebDav;c:\program files (x86)\TwonkyMedia\twonkywebdav.exe [2012-01-13 250696]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-01 02:19]
.
2012-02-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-01 02:19]
.
2012-02-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2180302528-1211826313-2783988840-1000Core.job
- c:\users\owner\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-27 20:54]
.
2012-02-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2180302528-1211826313-2783988840-1000UA.job
- c:\users\owner\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-27 20:54]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.yahoo.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = local;*.local
TCP: DhcpNameServer = 192.168.100.254
FF - ProfilePath - c:\users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\9uq3tjx8.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2405280&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Softonic-Eng7 Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com/?l=dis&o=15784
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
WebBrowser-{7B13EC3E-999A-4B70-B9CB-2617B8323822} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
WebBrowser-{66BD2442-241B-44CD-8C7A-B51037053CDB} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DSFKSVCS\MofImagePath]
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2180302528-1211826313-2783988840-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2180302528-1211826313-2783988840-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\0a\01\0a\0f\1a\16?"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\programdata\TVersity\Media Server\MediaServer.exe
c:\program files (x86)\TwonkyMedia\TwonkyMediaServer.exe
.
**************************************************************************
.
Completion time: 2012-02-29 11:42:24 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-29 17:42
ComboFix2.txt 2012-02-28 18:56
.
Pre-Run: 466,060,910,592 bytes free
Post-Run: 465,959,325,696 bytes free
.
- - End Of File - - 97053835C6ACEC2A01833E2BE9AD8B06

#12 greenslam

greenslam
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:06:55 AM

Posted 29 February 2012 - 12:55 PM

Got a piece of malware pop up from a bad torrent. "Hacktool:win32/keydump" MSE detected on reboot caused by combo fix and it is now removed.

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:55 AM

Posted 29 February 2012 - 04:32 PM

How have the blue screens been have they stopped

MBRCheck

Please also download MBRCheck to your desktop
  • Double click MBRCheck.exe to run (vista and Win 7 right click and select Run as Administrator)
  • It will show a Black screen with some data on it
  • a report called MBRcheck will be on your desktop
  • open this report
  • Right click on the screen and select > Select All
  • Press Control+C
  • now please copy that report to this thread



gringo

Edited by gringo_pr, 29 February 2012 - 04:32 PM.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 greenslam

greenslam
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:06:55 AM

Posted 29 February 2012 - 07:30 PM

No BSOD's but I haven't played any games to stress the system lately.

MBR log
MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: Service Pack 1 (build 7601), 64-bit
Base Board Manufacturer: ASRock
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: To Be Filled By O.E.M.
System Product Name: To Be Filled By O.E.M.
Logical Drives Mask: 0x000005ec

Kernel Drivers (total 162):
0x02C65000 \SystemRoot\system32\ntoskrnl.exe
0x02C1C000 \SystemRoot\system32\hal.dll
0x00BCA000 \SystemRoot\system32\kdcom.dll
0x00CFE000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
0x00D0B000 \SystemRoot\system32\PSHED.dll
0x00D1F000 \SystemRoot\system32\CLFS.SYS
0x00C00000 \SystemRoot\system32\CI.dll
0x00E99000 \SystemRoot\system32\DRIVERS\dsfksvcs.sys
0x00F41000 \SystemRoot\system32\DRIVERS\DSFOleaut32.sys
0x01021000 \SystemRoot\system32\drivers\Wdf01000.sys
0x010C5000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x010D4000 \SystemRoot\system32\drivers\ACPI.sys
0x0112B000 \SystemRoot\system32\drivers\WMILIB.SYS
0x01134000 \SystemRoot\system32\drivers\msisadrv.sys
0x0113E000 \SystemRoot\system32\drivers\vdrvroot.sys
0x0114B000 \SystemRoot\system32\drivers\pci.sys
0x0117E000 \SystemRoot\System32\drivers\partmgr.sys
0x01193000 \SystemRoot\system32\drivers\volmgr.sys
0x00F9C000 \SystemRoot\System32\drivers\volmgrx.sys
0x011A8000 \SystemRoot\system32\drivers\pciide.sys
0x011AF000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x011BF000 \SystemRoot\System32\drivers\mountmgr.sys
0x011D9000 \SystemRoot\system32\drivers\atapi.sys
0x00E00000 \SystemRoot\system32\drivers\ataport.SYS
0x00E2A000 \SystemRoot\system32\drivers\nvstor.sys
0x00D7D000 \SystemRoot\system32\drivers\storport.sys
0x011E2000 \SystemRoot\system32\drivers\amdxata.sys
0x012E3000 \SystemRoot\system32\drivers\fltmgr.sys
0x0132F000 \SystemRoot\system32\drivers\fileinfo.sys
0x01439000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01343000 \SystemRoot\System32\Drivers\msrpc.sys
0x015DC000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01200000 \SystemRoot\System32\Drivers\cng.sys
0x01400000 \SystemRoot\System32\drivers\pcw.sys
0x01411000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x01602000 \SystemRoot\system32\drivers\ndis.sys
0x016F5000 \SystemRoot\system32\drivers\NETIO.SYS
0x01755000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01815000 \SystemRoot\System32\drivers\tcpip.sys
0x01A19000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01A63000 \SystemRoot\system32\DRIVERS\dsfroot.sys
0x01A6E000 \SystemRoot\system32\drivers\volsnap.sys
0x01ABA000 \SystemRoot\System32\Drivers\spldr.sys
0x01AC2000 \SystemRoot\System32\drivers\rdyboost.sys
0x01AFC000 \SystemRoot\System32\Drivers\mup.sys
0x01B0E000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01B17000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01B51000 \SystemRoot\system32\DRIVERS\disk.sys
0x01B67000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x01780000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x017AA000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0x01BED000 \SystemRoot\System32\Drivers\Null.SYS
0x01BF6000 \SystemRoot\System32\Drivers\Beep.SYS
0x01800000 \SystemRoot\System32\drivers\vga.sys
0x017DB000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x0141B000 \SystemRoot\System32\drivers\watchdog.sys
0x0142B000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x015F7000 \SystemRoot\system32\drivers\rdpencdd.sys
0x01272000 \SystemRoot\system32\drivers\rdprefmp.sys
0x0127B000 \SystemRoot\System32\Drivers\Msfs.SYS
0x01286000 \SystemRoot\System32\Drivers\Npfs.SYS
0x01297000 \SystemRoot\system32\DRIVERS\tdx.sys
0x012B9000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x04275000 \SystemRoot\system32\drivers\afd.sys
0x042FE000 \SystemRoot\System32\DRIVERS\netbt.sys
0x04343000 \SystemRoot\system32\drivers\ws2ifsl.sys
0x0434E000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x04357000 \SystemRoot\system32\DRIVERS\pacer.sys
0x0437D000 \SystemRoot\system32\DRIVERS\netbios.sys
0x0438C000 \SystemRoot\system32\DRIVERS\serial.sys
0x043A9000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x043C4000 \SystemRoot\system32\drivers\termdd.sys
0x04200000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x04251000 \SystemRoot\system32\drivers\nsiproxy.sys
0x0425D000 \SystemRoot\system32\drivers\mssmbios.sys
0x043D8000 \SystemRoot\System32\drivers\discache.sys
0x013A1000 \SystemRoot\System32\Drivers\dfsc.sys
0x043E7000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x013BF000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x013E5000 \SystemRoot\system32\DRIVERS\amdppm.sys
0x012C6000 \SystemRoot\system32\DRIVERS\parport.sys
0x01000000 \SystemRoot\system32\drivers\i8042prt.sys
0x011ED000 \SystemRoot\system32\drivers\kbdclass.sys
0x04268000 \SystemRoot\system32\DRIVERS\serenum.sys
0x00E55000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x040FF000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x04155000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x04166000 \SystemRoot\system32\drivers\HDAudBus.sys
0x0418A000 \SystemRoot\system32\DRIVERS\nvmf6264.sys
0x041DF000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x0F245000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x0FF63000 \SystemRoot\System32\Drivers\nvBridge.kmd
0x04000000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x0FF68000 \SystemRoot\System32\drivers\dxgmms1.sys
0x0FFAE000 \SystemRoot\system32\drivers\CompositeBus.sys
0x0FFBE000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x0FFD4000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x0F200000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x0F20C000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x00E60000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x00CC0000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x00E7B000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x041EC000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x0F23B000 \SystemRoot\system32\drivers\swenum.sys
0x044F7000 \SystemRoot\system32\drivers\ks.sys
0x0453A000 \SystemRoot\system32\DRIVERS\umbus.sys
0x0454C000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x045A6000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x04A3C000 \SystemRoot\system32\drivers\viahduaa.sys
0x045BB000 \SystemRoot\system32\drivers\portcls.sys
0x04BC7000 \SystemRoot\system32\drivers\drmk.sys
0x04BE9000 \SystemRoot\system32\drivers\ksthunk.sys
0x04BEF000 \SystemRoot\System32\Drivers\crashdmp.sys
0x04A00000 \SystemRoot\System32\Drivers\dump_diskdump.sys
0x04A0A000 \SystemRoot\System32\Drivers\dump_nvstor.sys
0x04400000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x04413000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x04421000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x0443A000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x04A35000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x04443000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x04450000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x00010000 \SystemRoot\System32\win32k.sys
0x0446B000 \SystemRoot\System32\drivers\Dxapi.sys
0x04477000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00480000 \SystemRoot\System32\TSDDD.dll
0x00720000 \SystemRoot\System32\cdd.dll
0x04485000 \SystemRoot\system32\drivers\luafv.sys
0x044A8000 \SystemRoot\system32\drivers\WudfPf.sys
0x044C9000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x01B97000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x044DE000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x00CE1000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x050AE000 \SystemRoot\system32\drivers\HTTP.sys
0x05177000 \SystemRoot\system32\DRIVERS\bowser.sys
0x05195000 \SystemRoot\System32\drivers\mpsdrv.sys
0x051AD000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x05000000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x0504E000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x0545A000 \SystemRoot\system32\drivers\peauth.sys
0x05500000 \SystemRoot\System32\Drivers\secdrv.SYS
0x0550B000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x0553C000 \SystemRoot\System32\drivers\tcpipreg.sys
0x0554E000 \SystemRoot\System32\DRIVERS\srv2.sys
0x060AB000 \SystemRoot\System32\DRIVERS\srv.sys
0x06143000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x06174000 \SystemRoot\system32\DRIVERS\umpass.sys
0x061EF000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x06000000 \??\C:\Windows\system32\Drivers\PROCEXP113.SYS
0x06008000 \SystemRoot\system32\DRIVERS\MpNWMon.sys
0x06018000 \SystemRoot\system32\DRIVERS\NisDrvWFP.sys
0x06030000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x774B0000 \Windows\System32\ntdll.dll
0x47B00000 \Windows\System32\smss.exe
0xFF7D0000 \Windows\System32\apisetschema.dll
0xFFF00000 \Windows\System32\autochk.exe
0xFF770000 \Windows\System32\ws2_32.dll
0x773B0000 \Windows\System32\user32.dll
0xFF710000 \Windows\System32\Wldap32.dll
0xFF670000 \Windows\System32\clbcatq.dll
0xFF600000 \Windows\System32\gdi32.dll
0xFF5D0000 \Windows\System32\imm32.dll

Processes (total 63):
0 System Idle Process
4 System
288 C:\Windows\System32\smss.exe
368 csrss.exe
432 csrss.exe
440 C:\Windows\System32\wininit.exe
508 C:\Windows\System32\services.exe
516 C:\Windows\System32\lsass.exe
528 C:\Windows\System32\lsm.exe
544 C:\Windows\System32\winlogon.exe
652 C:\Windows\System32\svchost.exe
716 C:\Windows\System32\nvvsvc.exe
740 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
784 C:\Windows\System32\svchost.exe
840 C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
948 C:\Windows\System32\svchost.exe
980 C:\Windows\System32\svchost.exe
1008 C:\Windows\System32\svchost.exe
1036 C:\Windows\System32\svchost.exe
1136 C:\Windows\System32\svchost.exe
1268 C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
1280 C:\Windows\System32\nvvsvc.exe
1548 C:\Windows\System32\spoolsv.exe
1588 C:\Windows\System32\svchost.exe
1680 C:\Windows\System32\taskhost.exe
1784 C:\Windows\System32\dwm.exe
1908 C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
1948 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
1984 C:\Windows\System32\svchost.exe
600 C:\Windows\explorer.exe
1432 C:\ProgramData\TVersity\Media Server\MediaServer.exe
1620 C:\Program Files (x86)\TwonkyMedia\twonkymediaserverwatchdog.exe
1860 C:\Program Files (x86)\TwonkyMedia\twonkywebdav.exe
2080 C:\Program Files (x86)\TwonkyMedia\twonkymediaserver.exe
2088 C:\Windows\System32\conhost.exe
2332 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
2716 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
2988 C:\Program Files\Microsoft Security Client\msseces.exe
2996 C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
3024 C:\Program Files (x86)\TwonkyMedia\twonkymediaserverconfig.exe
2176 C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
2264 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
2252 C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
2556 C:\Program Files (x86)\iTunes\iTunesHelper.exe
1324 C:\Windows\System32\svchost.exe
3368 WUDFHost.exe
2120 C:\Program Files\Windows Media Player\wmpnetwk.exe
3588 C:\Program Files\iPod\bin\iPodService.exe
2936 C:\Windows\System32\svchost.exe
3236 C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
3180 C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
924 C:\Program Files (x86)\Vuze\Azureus.exe
8016 C:\Windows\System32\SearchIndexer.exe
1160 C:\Users\owner\AppData\Local\Google\Chrome\Application\chrome.exe
5148 C:\Users\owner\AppData\Local\Google\Chrome\Application\chrome.exe
6056 C:\Users\owner\AppData\Local\Google\Chrome\Application\chrome.exe
7540 C:\Users\owner\AppData\Local\Google\Chrome\Application\chrome.exe
3464 C:\Windows\System32\SearchProtocolHost.exe
1936 C:\Windows\System32\SearchFilterHost.exe
5244 C:\Users\owner\AppData\Local\Google\Chrome\Application\chrome.exe
7748 C:\Users\owner\Desktop\MBRCheck.exe
7944 C:\Windows\System32\conhost.exe
5968 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS)

PhysicalDrive0 Model Number: HitachiHDS721010CLA, Rev: JP4O

Size Device Name MBR Status
--------------------------------------------
931 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


Done!

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:55 AM

Posted 01 March 2012 - 12:57 PM

Hello


Go ahead and check it out - from what I can see there has not been much as far as malware to cause the blue screens


I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users