Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I got infectled by a torjan/rootkit.


  • This topic is locked This topic is locked
37 replies to this topic

#1 Slayer90

Slayer90

  • Members
  • 216 posts
  • OFFLINE
  •  
  • Local time:12:08 AM

Posted 16 May 2013 - 10:04 PM

I''m not sure if is a trojan or rootkit. I am using windows 7. My computer performance start to slow down excessively. When I open folder files on my desktop as well as everything else. There are many times my computer becomes completely unresponsive, such as when I try to open folder file, notepad or play MP3 it won't open at all no matter how long I wait and how many times I double click It. slow on both my desktop and internet. I'm using cable so I am connected to the internet at all times. My computer would freeze for couple of miniutes. I tried scanning with the most updated anti software such as Eset, Avast!. Malwarebytes, SUPERAntiSpyware F-secure, Rkill,  TDSSkiller, ADW Cleaner. They found nothing say the computer is clean however the symptoms still continues seems to have gotten worst. My infection is mostly a popup with drive by download trojan and possibly rootkit. I never click on any popups. I exit them. I don't have many addons aside important ones. What ever this trojan rootkit is its sophisticated and seems to evade detection from all updated anti malware program I scanned with. I also keep getting DDOS.

 

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 10.0.9200.16576  BrowserJavaVersion: 10.21.2
Run by Alfred at 19:54:46 on 2013-05-16
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.2935.2100 [GMT -7:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\system32\atieclxx.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k secsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ca/
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [BitTorrent] "c:\users\alfred\appdata\roaming\bittorrent\BitTorrent.exe"  /MINIMIZED
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5.5ServiceManager] "c:\program files\common files\adobe\cs5.5servicemanager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE -startup
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{3E06D39C-22A2-47C8-8B09-3047A290ADEE} : DHCPNameServer = 192.168.0.1
SSODL: WebCheck - <orphaned>
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} -
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\alfred\appdata\roaming\mozilla\firefox\profiles\kmo4j686.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - plugin: c:\program files\google\update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_202.dll
FF - ExtSQL: 2013-03-18 09:29; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\alfred\appdata\roaming\mozilla\firefox\profiles\kmo4j686.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-04-30 19:45; wrc@avast.com; c:\program files\avast software\avast\webrep\FF
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;c:\windows\system32\drivers\amd_sata.sys [2012-12-28 70824]
R0 amd_xata;amd_xata;c:\windows\system32\drivers\amd_xata.sys [2012-12-28 34984]
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2013-4-30 49376]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2013-4-30 174664]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-4-30 765736]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-4-30 368944]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-12-6 163328]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-4-30 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-4-30 66336]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-5-16 46808]
R3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\drivers\L1C62x86.sys [2011-12-23 90736]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-3-5 418376]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-3-5 701512]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-3-5 22856]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2013-3-6 14848]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2013-3-6 49664]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2013-3-6 27136]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2013-3-5 1343400]
.
=============== Created Last 30 ================
.
2013-05-16 01:55:02    2706432    ----a-w-    c:\windows\system32\mshtml.tlb
2013-05-16 01:55:01    217600    ----a-w-    c:\program files\internet explorer\sqmapi.dll
2013-05-16 01:55:00    2877440    ----a-w-    c:\windows\system32\jscript9.dll
2013-05-15 23:55:50    2347520    ----a-w-    c:\windows\system32\win32k.sys
2013-05-15 23:55:49    728424    ----a-w-    c:\windows\system32\drivers\dxgkrnl.sys
2013-05-15 23:55:49    218984    ----a-w-    c:\windows\system32\drivers\dxgmms1.sys
2013-05-15 23:55:41    47104    ----a-w-    c:\windows\system32\appinfo.dll
2013-05-15 23:55:41    1796096    ----a-w-    c:\windows\system32\authui.dll
2013-05-15 23:55:41    101720    ----a-w-    c:\windows\system32\consent.exe
2013-05-08 00:08:44    --------    d-----w-    c:\users\alfred\appdata\roaming\SUPERAntiSpyware.com
2013-05-01 02:45:49    61680    ----a-w-    c:\windows\system32\drivers\aswRdr2.sys
2013-05-01 02:45:48    765736    ----a-w-    c:\windows\system32\drivers\aswSnx.sys
2013-05-01 02:45:47    49376    ----a-w-    c:\windows\system32\drivers\aswRvrt.sys
2013-05-01 02:45:47    174664    ----a-w-    c:\windows\system32\drivers\aswVmm.sys
2013-05-01 02:45:46    66336    ----a-w-    c:\windows\system32\drivers\aswMonFlt.sys
2013-05-01 02:45:15    41664    ----a-w-    c:\windows\avastSS.scr
2013-04-24 16:51:00    1211752    ----a-w-    c:\windows\system32\drivers\ntfs.sys
2013-04-21 22:18:50    94112    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2013-04-18 03:59:17    --------    d-----w-    c:\program files\AVAST Software
.
==================== Find3M  ====================
.
2013-05-14 18:10:16    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-14 18:10:16    692104    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-04-05 05:28:24    1767424    ----a-w-    c:\windows\system32\wininet.dll
2013-04-05 05:26:21    61440    ----a-w-    c:\windows\system32\iesetup.dll
2013-04-05 05:26:21    109056    ----a-w-    c:\windows\system32\iesysprep.dll
2013-04-05 03:38:25    71680    ----a-w-    c:\windows\system32\RegisterIEPKEYs.exe
2013-04-04 21:50:32    22856    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-03-19 05:04:13    3968856    ----a-w-    c:\windows\system32\ntkrnlpa.exe
2013-03-19 05:04:10    3913560    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-03-19 04:48:45    38912    ----a-w-    c:\windows\system32\csrsrv.dll
2013-03-19 02:49:16    69632    ----a-w-    c:\windows\system32\smss.exe
2013-03-18 19:20:32    861088    ----a-w-    c:\windows\system32\npDeployJava1.dll
2013-03-18 19:20:32    782240    ----a-w-    c:\windows\system32\deployJava1.dll
2013-03-06 06:17:28    0    ----a-w-    c:\windows\ativpsrm.bin
.
============= FINISH: 19:55:20.24 ===============
 


Edited by Slayer90, 16 May 2013 - 10:40 PM.


BC AdBot (Login to Remove)

 


#2 Slayer90

Slayer90
  • Topic Starter

  • Members
  • 216 posts
  • OFFLINE
  •  
  • Local time:12:08 AM

Posted 16 May 2013 - 10:07 PM

Sorry for the double post. I can't attach the attach txt. When I tried to attach it says the file is too large and when I zip it says I don't have permission to attach those types of files.

 

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 3/5/2013 8:36:53 PM
System Uptime: 5/16/2013 5:12:53 PM (2 hours ago)
.
Motherboard: PEGATRON CORPORATION |  | 2AD1
Processor: AMD E-450 APU with Radeon™ HD Graphics | CPU 1 | 1650/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 203 GiB total, 107.383 GiB free.
E: is CDROM (UDF)
F: is Removable
G: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP93: 4/27/2013 11:06:39 AM - ComboFix created restore point
RP94: 4/29/2013 12:37:49 PM - ComboFix created restore point
RP96: 4/30/2013 10:26:27 AM - Before uninstalling Google Chrome
RP98: 4/30/2013 10:30:39 AM - Before uninstalling SUPERAntiSpyware
RP100: 4/30/2013 7:39:40 PM - Before uninstalling avast! Free Antivirus
RP101: 4/30/2013 7:40:14 PM - avast! Free Antivirus Setup
RP102: 4/30/2013 7:44:30 PM - avast! Free Antivirus Setup
RP104: 4/30/2013 7:49:37 PM - Before uninstalling Google Chrome
RP105: 5/6/2013 9:08:36 PM - ComboFix created restore point
RP107: 5/7/2013 12:24:50 PM - Before uninstalling SUPERAntiSpyware
RP109: 5/7/2013 7:46:13 PM - Before uninstalling SUPERAntiSpyware
RP110: 5/10/2013 10:25:32 AM - ComboFix created restore point
RP112: 5/10/2013 6:14:13 PM - Before uninstalling SUPERAntiSpyware
RP113: 5/13/2013 2:12:06 PM - ComboFix created restore point
RP114: 5/15/2013 6:48:21 PM - Windows Update
RP116: 5/16/2013 11:25:57 AM - Before uninstalling SUPERAntiSpyware
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Community Help
Adobe Flash Player 11 Plugin
Adobe Photoshop CS5.1
avast! Free Antivirus
BitTorrent
Google Update Helper
GPGNet
IsoBuster 2.8.5
Java 7 Update 21
Java Auto Updater
Java SE Development Kit 7 Update 17
Lernout & Hauspie TruVoice American English TTS Engine
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 4 Client Profile
Microsoft Mouse and Keyboard Center
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
Mozilla Firefox 20.0.1 (x86 en-US)
Mozilla Maintenance Service
PDF Settings CS5
PowerISO
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Speakonia
Supreme Commander
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
VLC media player 2.0.6
WinRAR 4.11 (32-bit)
Your Uninstaller! 2010
.
==== Event Viewer Messages From Past Week ========
.
5/16/2013 5:01:01 PM, Error: Service Control Manager [7023]  - The Windows Update service terminated with the following error:  %%-2147467243
5/13/2013 2:22:42 PM, Error: Service Control Manager [7030]  - The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
.
==== End Of File ===========================
 



#3 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:03:08 AM

Posted 17 May 2013 - 09:00 AM

Please download Farbar Recovery Scan Tool and save it to your desktop.
Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#4 Slayer90

Slayer90
  • Topic Starter

  • Members
  • 216 posts
  • OFFLINE
  •  
  • Local time:12:08 AM

Posted 17 May 2013 - 11:01 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 16-05-2013
Ran by Alfred (administrator) on 17-05-2013 08:56:50
Running from C:\Users\Alfred\Desktop
Windows 7 Home Premium Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) ===================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Power Software Ltd) C:\Program Files\PowerISO\PWRISOVM.EXE
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(BitTorrent Inc.) C:\Users\Alfred\AppData\Roaming\BitTorrent\BitTorrent.exe
(Farbar) C:\Users\Alfred\Desktop\FRST.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\setup\avast.setup

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [499608 2011-03-15] (Adobe Systems Incorporated)
HKLM\...\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCS5.5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM\...\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE -startup [312376 2012-02-08] (Power Software Ltd)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4858968 2013-05-09] (AVAST Software)
HKLM\...\Winlogon: [System]
HKCU\...\Run: [BitTorrent] "C:\Users\Alfred\AppData\Roaming\BitTorrent\BitTorrent.exe"  /MINIMIZED [882520 2013-05-02] (BitTorrent Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL No File [ ]
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Alfred\AppData\Roaming\Mozilla\Firefox\Profiles\kmo4j686.default
FF Homepage: hxxp://www.google.ca/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Extension: No Name - C:\Users\Alfred\AppData\Roaming\Mozilla\Firefox\Profiles\kmo4j686.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://www.google.com"
CHR Extension: (Docs) - C:\Users\Alfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0

========================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

==================== Drivers (Whitelisted) ====================

R0 amd_sata; C:\Windows\System32\DRIVERS\amd_sata.sys [70824 2012-12-28] (Advanced Micro Devices)
R0 amd_xata; C:\Windows\System32\DRIVERS\amd_xata.sys [34984 2012-12-28] (Advanced Micro Devices)
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [29816 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [66336 2013-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [61680 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49376 2013-05-09] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [765736 2013-05-09] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [368944 2013-05-09] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [56080 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [174664 2013-05-09] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R1 SCDEmu; C:\Windows\System32\Drivers\SCDEmu.sys [112096 2012-02-08] (Power Software Ltd)
S3 catchme; \??\C:\Users\Alfred\AppData\Local\Temp\catchme.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-05-17 08:56 - 2013-05-17 08:56 - 00000000 ____D C:\FRST
2013-05-17 08:55 - 2013-05-17 08:55 - 01317419 ____A (Farbar) C:\Users\Alfred\Desktop\FRST.exe
2013-05-16 22:39 - 2013-05-16 22:39 - 00001067 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-05-16 22:39 - 2013-04-04 14:50 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-05-16 22:26 - 2013-05-16 22:26 - 00002075 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-05-16 22:26 - 2013-05-09 01:59 - 00765736 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2013-05-16 22:26 - 2013-05-09 01:59 - 00368944 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2013-05-16 22:26 - 2013-05-09 01:59 - 00174664 ____A C:\Windows\System32\Drivers\aswVmm.sys
2013-05-16 22:26 - 2013-05-09 01:59 - 00066336 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2013-05-16 22:26 - 2013-05-09 01:59 - 00061680 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
2013-05-16 22:26 - 2013-05-09 01:59 - 00056080 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2013-05-16 22:26 - 2013-05-09 01:59 - 00049376 ____A C:\Windows\System32\Drivers\aswRvrt.sys
2013-05-16 22:26 - 2013-05-09 01:59 - 00029816 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
2013-05-16 22:26 - 2013-05-09 01:58 - 00041664 ____A (AVAST Software) C:\Windows\avastSS.scr
2013-05-16 22:17 - 2013-05-16 22:24 - 117478104 ____A C:\Users\Alfred\Desktop\avast_free_antivirus_setup.exe
2013-05-16 21:30 - 2013-05-16 21:30 - 00003711 ____A C:\Users\Alfred\Desktop\hijackthis.log
2013-05-16 21:06 - 2013-05-16 21:06 - 02358368 ____A C:\Users\Alfred\Desktop\Whatsthis.dib
2013-05-16 20:45 - 2013-05-16 20:45 - 00000000 ____D C:\Users\Public\Desktop\CC Support
2013-05-16 12:57 - 2013-05-16 12:57 - 00031664 ____A C:\Users\Public\Documents\Backup Memory Cards.rar
2013-05-15 18:55 - 2013-04-04 22:26 - 02877440 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-05-15 18:55 - 2013-04-04 22:26 - 00690688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-05-15 18:55 - 2013-04-04 21:29 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-05-15 18:54 - 2013-04-04 22:28 - 01767424 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-05-15 18:54 - 2013-04-04 22:28 - 01130496 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-05-15 18:54 - 2013-04-04 22:28 - 00042496 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-05-15 18:54 - 2013-04-04 22:26 - 14323712 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-05-15 18:54 - 2013-04-04 22:26 - 13760512 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-05-15 18:54 - 2013-04-04 22:26 - 02046976 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-05-15 18:54 - 2013-04-04 22:26 - 00493056 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-05-15 18:54 - 2013-04-04 22:26 - 00391168 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-05-15 18:54 - 2013-04-04 22:26 - 00109056 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-05-15 18:54 - 2013-04-04 22:26 - 00061440 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-05-15 18:54 - 2013-04-04 22:26 - 00039424 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-05-15 18:54 - 2013-04-04 22:26 - 00033280 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-05-15 18:54 - 2013-04-04 20:38 - 00071680 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-05-15 16:55 - 2013-04-09 22:18 - 00728424 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-05-15 16:55 - 2013-04-09 22:18 - 00218984 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys
2013-05-15 16:55 - 2013-04-09 20:14 - 02347520 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-05-15 16:55 - 2013-02-26 22:05 - 00101720 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe
2013-05-15 16:55 - 2013-02-26 21:55 - 12872704 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2013-05-15 16:55 - 2013-02-26 21:55 - 00180224 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll
2013-05-15 16:55 - 2013-02-26 21:49 - 01796096 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll
2013-05-15 16:55 - 2013-02-26 21:49 - 00047104 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll
2013-05-10 11:25 - 2013-05-10 11:25 - 00024964 ____A C:\Users\Alfred\Desktop\epsxe000.rar
2013-05-07 17:08 - 2013-05-07 17:08 - 00000000 ____D C:\Users\Alfred\AppData\Roaming\SUPERAntiSpyware.com
2013-04-30 19:45 - 2013-05-17 08:53 - 00000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-04-30 19:45 - 2013-05-16 23:01 - 00000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-04-29 10:02 - 2013-04-29 10:04 - 00000000 ____D C:\Users\Alfred\Downloads\[AHQ] Star Ocean EX 01-26
2013-04-24 09:51 - 2013-04-12 06:45 - 01211752 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2013-04-21 15:19 - 2013-04-21 15:19 - 00000000 ____D C:\Program Files\Common Files\Java
2013-04-21 15:18 - 2013-04-21 15:18 - 00003874 ____A C:\Windows\System32\jupdate-1.7.0_21-b11.log
2013-04-21 15:18 - 2013-04-04 05:35 - 00094112 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll
2013-04-21 15:18 - 2013-04-04 05:30 - 00174496 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2013-04-21 15:18 - 2013-04-04 05:29 - 00174496 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2013-04-21 15:17 - 2013-04-21 15:17 - 00000000 ____D C:\ProgramData\McAfee
2013-04-21 11:07 - 2013-04-21 11:07 - 00001024 ____A C:\Users\Public\Desktop\VLC media player.lnk
2013-04-17 20:59 - 2013-05-16 22:25 - 00000000 ____D C:\Program Files\AVAST Software

==================== One Month Modified Files and Folders ========

2013-05-17 08:56 - 2013-05-17 08:56 - 00000000 ____D C:\FRST
2013-05-17 08:56 - 2013-03-05 22:49 - 00000000 ____D C:\Users\Alfred\AppData\Roaming\BitTorrent
2013-05-17 08:55 - 2013-05-17 08:55 - 01317419 ____A (Farbar) C:\Users\Alfred\Desktop\FRST.exe
2013-05-17 08:53 - 2013-04-30 19:45 - 00000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-05-17 08:53 - 2009-07-13 21:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-05-17 08:53 - 2009-07-13 21:39 - 00038124 ____A C:\Windows\setupact.log
2013-05-16 23:08 - 2013-03-05 21:24 - 02049214 ____A C:\Windows\WindowsUpdate.log
2013-05-16 23:08 - 2009-07-13 21:34 - 00016864 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-05-16 23:08 - 2009-07-13 21:34 - 00016864 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-05-16 23:03 - 2010-11-20 14:01 - 00726316 ____A C:\Windows\System32\PerfStringBackup.INI
2013-05-16 23:01 - 2013-04-30 19:45 - 00000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-05-16 22:39 - 2013-05-16 22:39 - 00001067 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-05-16 22:39 - 2013-03-05 23:39 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-05-16 22:38 - 2013-03-05 23:38 - 00000000 ____D C:\Users\Alfred\Desktop\PC Stuff
2013-05-16 22:28 - 2013-03-15 17:58 - 00000000 ____D C:\Users\Alfred\AppData\Local\Google
2013-05-16 22:28 - 2013-03-09 22:09 - 00000000 ____D C:\Program Files\Google
2013-05-16 22:26 - 2013-05-16 22:26 - 00002075 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-05-16 22:26 - 2009-07-13 19:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2013-05-16 22:26 - 2009-07-13 19:04 - 00002577 ____A C:\Windows\System32\config.nt
2013-05-16 22:25 - 2013-04-17 20:59 - 00000000 ____D C:\Program Files\AVAST Software
2013-05-16 22:25 - 2013-03-05 23:48 - 00000000 ____D C:\ProgramData\AVAST Software
2013-05-16 22:24 - 2013-05-16 22:17 - 117478104 ____A C:\Users\Alfred\Desktop\avast_free_antivirus_setup.exe
2013-05-16 22:16 - 2010-11-20 14:48 - 00052074 ____A C:\Windows\PFRO.log
2013-05-16 22:10 - 2013-03-05 22:39 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-05-16 22:09 - 2013-03-13 12:53 - 00000000 ____D C:\Users\Alfred\Desktop\CombofixLogFolder
2013-05-16 22:04 - 2013-02-16 13:45 - 00000000 ____D C:\Qoobox
2013-05-16 22:01 - 2009-07-13 19:04 - 00000215 ____A C:\Windows\system.ini
2013-05-16 21:30 - 2013-05-16 21:30 - 00003711 ____A C:\Users\Alfred\Desktop\hijackthis.log
2013-05-16 21:06 - 2013-05-16 21:06 - 02358368 ____A C:\Users\Alfred\Desktop\Whatsthis.dib
2013-05-16 20:45 - 2013-05-16 20:45 - 00000000 ____D C:\Users\Public\Desktop\CC Support
2013-05-16 20:39 - 2013-03-05 23:40 - 00000196 ____A C:\Users\Alfred\Desktop\Bleeping Computer.txt
2013-05-16 12:58 - 2013-03-15 15:17 - 00000000 ____D C:\Users\Alfred\Desktop\PowerIso
2013-05-16 12:57 - 2013-05-16 12:57 - 00031664 ____A C:\Users\Public\Documents\Backup Memory Cards.rar
2013-05-16 10:01 - 2009-07-13 19:37 - 00000000 ____D C:\Windows\rescache
2013-05-15 21:53 - 2009-07-13 19:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-05-15 19:19 - 2009-07-13 21:33 - 03624128 ____A C:\Windows\System32\FNTCACHE.DAT
2013-05-15 18:49 - 2013-03-05 23:12 - 72607752 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-05-14 11:10 - 2013-03-05 22:39 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-05-14 11:10 - 2013-03-05 22:39 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-05-13 21:43 - 2013-03-06 12:20 - 00000000 ____D C:\Users\Alfred\AppData\Roaming\vlc
2013-05-13 14:35 - 2009-07-13 19:37 - 00000000 ____D C:\Windows\System32\NDF
2013-05-12 11:59 - 2013-03-05 23:37 - 00000155 ____A C:\Users\Alfred\Desktop\Stuff.txt
2013-05-10 11:25 - 2013-05-10 11:25 - 00024964 ____A C:\Users\Alfred\Desktop\epsxe000.rar
2013-05-09 01:59 - 2013-05-16 22:26 - 00765736 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2013-05-09 01:59 - 2013-05-16 22:26 - 00368944 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2013-05-09 01:59 - 2013-05-16 22:26 - 00174664 ____A C:\Windows\System32\Drivers\aswVmm.sys
2013-05-09 01:59 - 2013-05-16 22:26 - 00066336 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2013-05-09 01:59 - 2013-05-16 22:26 - 00061680 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
2013-05-09 01:59 - 2013-05-16 22:26 - 00056080 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2013-05-09 01:59 - 2013-05-16 22:26 - 00049376 ____A C:\Windows\System32\Drivers\aswRvrt.sys
2013-05-09 01:59 - 2013-05-16 22:26 - 00029816 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
2013-05-09 01:58 - 2013-05-16 22:26 - 00041664 ____A (AVAST Software) C:\Windows\avastSS.scr
2013-05-09 01:58 - 2013-03-05 23:51 - 00229648 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
2013-05-07 17:08 - 2013-05-07 17:08 - 00000000 ____D C:\Users\Alfred\AppData\Roaming\SUPERAntiSpyware.com
2013-04-30 20:00 - 2013-03-06 10:02 - 00000000 ____D C:\Program Files\WinRAR
2013-04-29 10:04 - 2013-04-29 10:02 - 00000000 ____D C:\Users\Alfred\Downloads\[AHQ] Star Ocean EX 01-26
2013-04-21 15:19 - 2013-04-21 15:19 - 00000000 ____D C:\Program Files\Common Files\Java
2013-04-21 15:18 - 2013-04-21 15:18 - 00003874 ____A C:\Windows\System32\jupdate-1.7.0_21-b11.log
2013-04-21 15:18 - 2013-03-18 12:19 - 00000000 ____D C:\Program Files\Java
2013-04-21 15:17 - 2013-04-21 15:17 - 00000000 ____D C:\ProgramData\McAfee
2013-04-21 11:07 - 2013-04-21 11:07 - 00001024 ____A C:\Users\Public\Desktop\VLC media player.lnk

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


Last Boot: 2013-05-14 10:16

==================== End Of Log ============================

 



#5 Slayer90

Slayer90
  • Topic Starter

  • Members
  • 216 posts
  • OFFLINE
  •  
  • Local time:12:08 AM

Posted 17 May 2013 - 11:06 AM

Sorry for posting the attachment log. But when I try to upload as a attachment it won't let me and said the file is too big. It can only upload 312bytes.

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 16-05-2013
Ran by Alfred at 2013-05-17 08:57:37 Run:
Running from C:\Users\Alfred\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

Adobe AIR (Version: 2.5.1.17730)
Adobe Community Help (Version: 3.4.980)
Adobe Flash Player 11 Plugin (Version: 11.7.700.202)
Adobe Photoshop CS5.1 (Version: 12.1)
avast! Free Antivirus (Version: 8.0.1489.0)
BitTorrent (Version: 7.8.0.29343)
Google Drive (Version: 1.9.4536.8202)
Google Update Helper (Version: 1.3.21.145)
GPGNet (Version: 1.0.0)
IsoBuster 2.8.5 (Version: 2.8.5)
Java 7 Update 21 (Version: 7.0.210)
Java Auto Updater (Version: 2.1.9.5)
Java SE Development Kit 7 Update 17 (Version: 1.7.0.170)
Lernout & Hauspie TruVoice American English TTS Engine
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Mouse and Keyboard Center (Version: 2.1.177.0)
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053)
Microsoft_VC90_ATL_x86 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (Version: 1.00.0000)
Microsoft_VC90_MFCLOC_x86 (Version: 1.00.0000)
Mozilla Firefox 20.0.1 (x86 en-US) (Version: 20.0.1)
Mozilla Maintenance Service (Version: 20.0.1)
PDF Settings CS5 (Version: 10.0)
PowerISO (Version: 5.0)
Realtek High Definition Audio Driver (Version: 6.0.1.6531)
Speakonia (Version: 1.0.3.5)
Supreme Commander (Version: 1.00.0000)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
VLC media player 2.0.6 (Version: 2.0.6)
WinRAR 4.11 (32-bit) (Version: 4.11.0)
Your Uninstaller! 2010 (Version: 7.0)

==================== Restore Points  =========================

27-04-2013 18:06:39 ComboFix created restore point
29-04-2013 19:37:49 ComboFix created restore point
30-04-2013 17:26:27 Before uninstalling Google Chrome
30-04-2013 17:30:39 Before uninstalling SUPERAntiSpyware
01-05-2013 02:39:40 Before uninstalling avast! Free Antivirus
01-05-2013 02:40:14 avast! Free Antivirus Setup
01-05-2013 02:44:30 avast! Free Antivirus Setup
01-05-2013 02:49:37 Before uninstalling Google Chrome
07-05-2013 04:08:36 ComboFix created restore point
07-05-2013 19:24:50 Before uninstalling SUPERAntiSpyware
08-05-2013 02:46:13 Before uninstalling SUPERAntiSpyware
10-05-2013 17:25:32 ComboFix created restore point
11-05-2013 01:14:13 Before uninstalling SUPERAntiSpyware
13-05-2013 21:12:06 ComboFix created restore point
16-05-2013 01:48:21 Windows Update
16-05-2013 18:25:57 Before uninstalling SUPERAntiSpyware
17-05-2013 05:13:39 Before uninstalling avast! Free Antivirus
17-05-2013 05:14:17 avast! Free Antivirus Setup
17-05-2013 05:25:19 avast! Free Antivirus Setup

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/17/2013 08:55:21 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/16/2013 11:01:02 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/16/2013 10:35:50 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/16/2013 10:18:18 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/16/2013 10:13:38 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {38b655cc-a4a7-4c3e-9cb3-c2003b99f875}

Error: (05/16/2013 10:09:47 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/16/2013 09:10:21 PM) (Source: Application Hang) (User: )
Description: The program Explorer.exe version 6.1.7601.17567 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 680

Start Time: 01ce52b41df8008f

Termination Time: 23806

Application Path: C:\Windows\Explorer.exe

Report Id: 9f8aded2-bea7-11e2-8e35-386077835b4f

Error: (05/16/2013 09:07:59 PM) (Source: Application Hang) (User: )
Description: The program Explorer.EXE version 6.1.7601.17567 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: c0c

Start Time: 01ce52b11b4832f8

Termination Time: 14700

Application Path: C:\Windows\Explorer.EXE

Report Id: 4fcdba71-bea7-11e2-8e35-386077835b4f

Error: (05/16/2013 08:47:52 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/16/2013 05:14:52 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (05/16/2013 10:01:52 PM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (05/16/2013 09:56:52 PM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (05/16/2013 09:52:41 PM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (05/16/2013 09:10:21 PM) (Source: cdrom) (User: )
Description: The device, \Device\CdRom0, has a bad block.

Error: (05/16/2013 09:10:13 PM) (Source: cdrom) (User: )
Description: The device, \Device\CdRom0, has a bad block.

Error: (05/16/2013 09:10:05 PM) (Source: cdrom) (User: )
Description: The device, \Device\CdRom0, has a bad block.

Error: (05/16/2013 09:09:57 PM) (Source: cdrom) (User: )
Description: The device, \Device\CdRom0, has a bad block.

Error: (05/16/2013 09:09:49 PM) (Source: cdrom) (User: )
Description: The device, \Device\CdRom0, has a bad block.

Error: (05/16/2013 09:09:41 PM) (Source: cdrom) (User: )
Description: The device, \Device\CdRom0, has a bad block.

Error: (05/16/2013 09:09:33 PM) (Source: cdrom) (User: )
Description: The device, \Device\CdRom0, has a bad block.


Microsoft Office Sessions:
=========================
Error: (05/17/2013 08:55:21 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/16/2013 11:01:02 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/16/2013 10:35:50 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/16/2013 10:18:18 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/16/2013 10:13:38 PM) (Source: VSS)(User: )
Description: 0x80070005, Access is denied.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {38b655cc-a4a7-4c3e-9cb3-c2003b99f875}

Error: (05/16/2013 10:09:47 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/16/2013 09:10:21 PM) (Source: Application Hang)(User: )
Description: Explorer.exe6.1.7601.1756768001ce52b41df8008f23806C:\Windows\Explorer.exe9f8aded2-bea7-11e2-8e35-386077835b4f

Error: (05/16/2013 09:07:59 PM) (Source: Application Hang)(User: )
Description: Explorer.EXE6.1.7601.17567c0c01ce52b11b4832f814700C:\Windows\Explorer.EXE4fcdba71-bea7-11e2-8e35-386077835b4f

Error: (05/16/2013 08:47:52 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/16/2013 05:14:52 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info ===========================

Percentage of memory in use: 27%
Total physical RAM: 2934.55 MB
Available physical RAM: 2115.32 MB
Total Pagefile: 5867.38 MB
Available Pagefile: 4946.55 MB
Total Virtual: 2047.88 MB
Available Virtual: 1904.62 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:203.49 GB) (Free:106.17 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: 8CDB91AE)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=203 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=29 GB) - (Type=06)

==================== End Of Log ============================



#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:03:08 AM

Posted 17 May 2013 - 12:20 PM

Please run the following:

Please create a new system restore point before running Malwarebytes Anti-Rootkit if you can.

MBAR tutorial

Download Malwarebytes Anti-Rootkit from HERE
  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txt
~~~~~~~~~~~~~~~~~~~~~~~

Note:
If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:
Internet access
Windows Update
Windows Firewall

If there are additional problems with your system, such as any of those listed above or other system issues, then run the fixdamage tool included with Malwarebytes Anti-Rootkit and reboot.
Verify that your system is now functioning normally.


NEXT


Refer to the ComboFix User's Guide
  • Download ComboFix from the following location:

    Link

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------
  • NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.



Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 Slayer90

Slayer90
  • Topic Starter

  • Members
  • 216 posts
  • OFFLINE
  •  
  • Local time:12:08 AM

Posted 17 May 2013 - 01:20 PM

Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org

Database version: v2013.05.17.05

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16576
Alfred :: ALFRED-PC [administrator]

5/17/2013 10:50:06 AM
mbar-log-2013-05-17 (10-50-06).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 27169
Time elapsed: 13 minute(s), 23 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.05.0.1001

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x86

Account is Administrative

Internet Explorer version: 10.0.9200.16576

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 1.646000 GHz
Memory total: 3077095424, free: 1999691776

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.05.0.1001

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x86

Account is Administrative

Internet Explorer version: 10.0.9200.16576

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 1.646000 GHz
Memory total: 3077095424, free: 2022109184

DDA driver unhooking procedure failed
Downloaded database version: v2013.05.17.05
Downloaded database version: v2013.05.14.03
------------ Kernel report ------------
     05/17/2013 10:34:29
------------ Loaded modules -----------
\SystemRoot\system32\ntkrnlpa.exe
\SystemRoot\system32\halmacpi.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_AuthenticAMD.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\DRIVERS\amd_sata.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\DRIVERS\amd_xata.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\aswVmm.sys
\SystemRoot\System32\Drivers\aswRvrt.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\aswSnx.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\Drivers\aswTdi.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\Drivers\aswrdr2.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\System32\Drivers\SCDEmu.SYS
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\System32\Drivers\aswSP.SYS
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\L1C62x86.sys
\SystemRoot\system32\DRIVERS\amdppm.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHDA.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\SystemRoot\system32\drivers\USBSTOR.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_amd_sata.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\aswMonFlt.sys
\SystemRoot\System32\Drivers\aswFsBlk.SYS
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\spsys.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xffffffff861d0ac8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000006d\
Lower Device Object: 0xffffffff86170998
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
Initialization returned 0x0
Load Function returned 0x0
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff85e96070
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000005d\
Lower Device Object: 0xffffffff85dc3030
Lower Device Driver Name: \Driver\amd_sata\
Driver name found: amd_sata
Initialization returned 0x0
Port sub-driver loaded: \??\C:\Windows\System32\drivers\storport.sys (0x0)
Load Function returned 0x0
=======================================


Initializing...
Done!
Can't access volume using primary device, the volume might be encrypted.
The system volume seems inaccessible or encrypted. Scan can't continue.
=======================================


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.05.0.1001

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x86

Account is Administrative

Internet Explorer version: 10.0.9200.16576

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 1.646000 GHz
Memory total: 3077095424, free: 2204573696

------------ Kernel report ------------
     05/17/2013 10:36:11
------------ Loaded modules -----------
\SystemRoot\system32\ntkrnlpa.exe
\SystemRoot\system32\halmacpi.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_AuthenticAMD.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\DRIVERS\amd_sata.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\DRIVERS\amd_xata.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\aswVmm.sys
\SystemRoot\System32\Drivers\aswRvrt.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\aswSnx.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\Drivers\aswTdi.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\Drivers\aswrdr2.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\System32\Drivers\SCDEmu.SYS
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\System32\Drivers\aswSP.SYS
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\L1C62x86.sys
\SystemRoot\system32\DRIVERS\amdppm.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHDA.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\SystemRoot\system32\drivers\USBSTOR.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_amd_sata.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\aswMonFlt.sys
\SystemRoot\System32\Drivers\aswFsBlk.SYS
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\spsys.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xffffffff861d0ac8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000006d\
Lower Device Object: 0xffffffff86170998
Lower Device Driver Name: \Driver\USBSTOR\
Device already Exists: 0xffffffff855d44c0
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff85e96070
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000005d\
Lower Device Object: 0xffffffff85dc3030
Lower Device Driver Name: \Driver\amd_sata\
Device already Exists: 0xffffffff85237cb8
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 2
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff85e96070, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff85e97cc8, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff85e96070, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff85dc6c08, DeviceName: Unknown, DriverName: \Driver\amd_xata\
DevicePointer: 0xffffffff85dc3030, DeviceName: \Device\0000005d\, DriverName: \Driver\amd_sata\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0xffffffffaf154280, 0xffffffff85e96070, 0xffffffff855473c0
Lower DeviceData: 0xffffffffa5c9be10, 0xffffffff85dc3030, 0xffffffff85237cb8
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 8CDB91AE

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 204800
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 206848  Numsec = 426749952

    Partition 2 type is Other (0x6)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 426956800  Numsec = 61437952

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 250059350016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-488377168-488397168)...
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xffffffff861d0ac8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff861d07a8, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff861d0ac8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff86170998, DeviceName: \Device\0000006d\, DriverName: \Driver\USBSTOR\
------------ End ----------
Done!
Performing system, memory and registry scan...
Done!
Scan finished
=======================================


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.05.0.1001

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x86

Account is Administrative

Internet Explorer version: 10.0.9200.16576

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 1.646000 GHz
Memory total: 3077095424, free: 2203648000

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.05.0.1001

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x86

Account is Administrative

Internet Explorer version: 10.0.9200.16576

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 1.646000 GHz
Memory total: 3077095424, free: 2204860416

DDA driver unhooking procedure failed
Initializing...
Done!
Can't access volume using primary device, the volume might be encrypted.
The system volume seems inaccessible or encrypted. Scan can't continue.
------------ Kernel report ------------
     05/17/2013 11:00:39
------------ Loaded modules -----------
\SystemRoot\system32\ntkrnlpa.exe
\SystemRoot\system32\halmacpi.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_AuthenticAMD.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\DRIVERS\amd_sata.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\DRIVERS\amd_xata.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\aswVmm.sys
\SystemRoot\System32\Drivers\aswRvrt.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\aswSnx.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\Drivers\aswTdi.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\Drivers\aswrdr2.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\System32\Drivers\SCDEmu.SYS
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\System32\Drivers\aswSP.SYS
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\L1C62x86.sys
\SystemRoot\system32\DRIVERS\amdppm.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHDA.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\SystemRoot\system32\drivers\USBSTOR.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_amd_sata.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\aswMonFlt.sys
\SystemRoot\System32\Drivers\aswFsBlk.SYS
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\spsys.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xffffffff861d0ac8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000006d\
Lower Device Object: 0xffffffff86170998
Lower Device Driver Name: \Driver\USBSTOR\
Device already Exists: 0xffffffff855d44c0
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff85e96070
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000005d\
Lower Device Object: 0xffffffff85dc3030
Lower Device Driver Name: \Driver\amd_sata\
Device already Exists: 0xffffffff85237cb8
=======================================


=======================================


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.05.0.1001

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x86

Account is Administrative

Internet Explorer version: 10.0.9200.16576

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 1.646000 GHz
Memory total: 3077095424, free: 2206441472

------------ Kernel report ------------
     05/17/2013 11:02:03
------------ Loaded modules -----------
\SystemRoot\system32\ntkrnlpa.exe
\SystemRoot\system32\halmacpi.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_AuthenticAMD.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\DRIVERS\amd_sata.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\DRIVERS\amd_xata.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\aswVmm.sys
\SystemRoot\System32\Drivers\aswRvrt.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\aswSnx.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\Drivers\aswTdi.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\Drivers\aswrdr2.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\System32\Drivers\SCDEmu.SYS
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\System32\Drivers\aswSP.SYS
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\L1C62x86.sys
\SystemRoot\system32\DRIVERS\amdppm.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHDA.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\SystemRoot\system32\drivers\USBSTOR.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_amd_sata.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\aswMonFlt.sys
\SystemRoot\System32\Drivers\aswFsBlk.SYS
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\spsys.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xffffffff861d0ac8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000006d\
Lower Device Object: 0xffffffff86170998
Lower Device Driver Name: \Driver\USBSTOR\
Device already Exists: 0xffffffff855d44c0
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff85e96070
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000005d\
Lower Device Object: 0xffffffff85dc3030
Lower Device Driver Name: \Driver\amd_sata\
Device already Exists: 0xffffffff85237cb8
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 2
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff85e96070, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff85e97cc8, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff85e96070, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff85dc6c08, DeviceName: Unknown, DriverName: \Driver\amd_xata\
DevicePointer: 0xffffffff85dc3030, DeviceName: \Device\0000005d\, DriverName: \Driver\amd_sata\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0xffffffff8898c0a0, 0xffffffff85e96070, 0xffffffff855473c0
Lower DeviceData: 0xffffffff8823e740, 0xffffffff85dc3030, 0xffffffff85237cb8
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 8CDB91AE

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 204800
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 206848  Numsec = 426749952

    Partition 2 type is Other (0x6)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 426956800  Numsec = 61437952

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 250059350016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-488377168-488397168)...
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xffffffff861d0ac8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff861d07a8, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff861d0ac8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff86170998, DeviceName: \Device\0000006d\, DriverName: \Driver\USBSTOR\
------------ End ----------
Done!
Performing system, memory and registry scan...
Done!
Scan finished
=======================================


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.05.0.1001

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x86

Account is Administrative

Internet Explorer version: 10.0.9200.16576

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 1.646000 GHz
Memory total: 3077095424, free: 2158288896

=======================================
 

 

 

 

 



#8 Slayer90

Slayer90
  • Topic Starter

  • Members
  • 216 posts
  • OFFLINE
  •  
  • Local time:12:08 AM

Posted 17 May 2013 - 01:50 PM

ComboFix 13-05-16.02 - Alfred 05/17/2013  11:28:58.17.2 - x86
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.2935.2024 [GMT -7:00]
Running from: c:\users\Alfred\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Alfred\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk
c:\users\Alfred\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk\rasphone.pbk
.
.
(((((((((((((((((((((((((   Files Created from 2013-04-17 to 2013-05-17  )))))))))))))))))))))))))))))))
.
.
2013-05-17 18:37 . 2013-05-17 18:38    --------    d-----w-    c:\users\Alfred\AppData\Local\temp
2013-05-17 18:37 . 2013-05-17 18:37    --------    d-----w-    c:\users\Public\AppData\Local\temp
2013-05-17 18:37 . 2013-05-17 18:37    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-05-17 15:56 . 2013-05-17 15:56    --------    d-----w-    C:\FRST
2013-05-17 05:39 . 2013-04-04 21:50    22856    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-05-17 05:26 . 2013-05-09 08:59    368944    ----a-w-    c:\windows\system32\drivers\aswSP.sys
2013-05-17 05:26 . 2013-05-09 08:59    29816    ----a-w-    c:\windows\system32\drivers\aswFsBlk.sys
2013-05-17 05:26 . 2013-05-09 08:59    765736    ----a-w-    c:\windows\system32\drivers\aswSnx.sys
2013-05-17 05:26 . 2013-05-09 08:59    61680    ----a-w-    c:\windows\system32\drivers\aswRdr2.sys
2013-05-17 05:26 . 2013-05-09 08:59    56080    ----a-w-    c:\windows\system32\drivers\aswTdi.sys
2013-05-17 05:26 . 2013-05-09 08:59    174664    ----a-w-    c:\windows\system32\drivers\aswVmm.sys
2013-05-17 05:26 . 2013-05-09 08:59    49376    ----a-w-    c:\windows\system32\drivers\aswRvrt.sys
2013-05-17 05:26 . 2013-05-09 08:59    66336    ----a-w-    c:\windows\system32\drivers\aswMonFlt.sys
2013-05-17 05:26 . 2013-05-09 08:58    41664    ----a-w-    c:\windows\avastSS.scr
2013-05-16 01:55 . 2013-04-05 04:29    2706432    ----a-w-    c:\windows\system32\mshtml.tlb
2013-05-16 01:55 . 2013-04-05 05:27    217600    ----a-w-    c:\program files\Internet Explorer\sqmapi.dll
2013-05-16 01:55 . 2013-04-05 05:26    2877440    ----a-w-    c:\windows\system32\jscript9.dll
2013-05-15 23:55 . 2013-04-10 03:14    2347520    ----a-w-    c:\windows\system32\win32k.sys
2013-05-15 23:55 . 2013-04-10 05:18    728424    ----a-w-    c:\windows\system32\drivers\dxgkrnl.sys
2013-05-15 23:55 . 2013-04-10 05:18    218984    ----a-w-    c:\windows\system32\drivers\dxgmms1.sys
2013-05-15 23:55 . 2013-02-27 05:05    101720    ----a-w-    c:\windows\system32\consent.exe
2013-05-15 23:55 . 2013-02-27 04:49    1796096    ----a-w-    c:\windows\system32\authui.dll
2013-05-15 23:55 . 2013-02-27 04:49    47104    ----a-w-    c:\windows\system32\appinfo.dll
2013-05-08 00:08 . 2013-05-08 00:08    --------    d-----w-    c:\users\Alfred\AppData\Roaming\SUPERAntiSpyware.com
2013-04-24 16:51 . 2013-04-12 13:45    1211752    ----a-w-    c:\windows\system32\drivers\ntfs.sys
2013-04-21 22:19 . 2013-04-21 22:19    --------    d-----w-    c:\program files\Common Files\Java
2013-04-21 22:18 . 2013-04-04 12:35    94112    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2013-04-21 22:17 . 2013-04-21 22:17    --------    d-----w-    c:\programdata\McAfee
2013-04-18 03:59 . 2013-05-17 05:25    --------    d-----w-    c:\program files\AVAST Software
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-14 18:10 . 2013-03-06 05:39    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-14 18:10 . 2013-03-06 05:39    692104    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-05-09 08:58 . 2013-03-06 06:51    229648    ----a-w-    c:\windows\system32\aswBoot.exe
2013-03-19 05:04 . 2013-04-10 21:09    3968856    ----a-w-    c:\windows\system32\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-10 21:09    3913560    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-03-19 04:48 . 2013-04-10 21:09    38912    ----a-w-    c:\windows\system32\csrsrv.dll
2013-03-19 02:49 . 2013-04-10 21:09    69632    ----a-w-    c:\windows\system32\smss.exe
2013-03-18 19:20 . 2013-03-08 22:24    861088    ----a-w-    c:\windows\system32\npDeployJava1.dll
2013-03-18 19:20 . 2013-03-08 22:24    782240    ----a-w-    c:\windows\system32\deployJava1.dll
2013-03-15 07:21 . 2013-04-02 18:02    7108640    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{30093C01-31F0-4AAA-9400-80342071578B}\mpengine.dll
2013-03-13 03:32 . 2013-03-13 03:32    745472    ----a-w-    c:\windows\system32\MsSpellCheckingFacility.exe
2013-03-13 03:32 . 2013-03-13 03:32    73728    ----a-w-    c:\windows\system32\SetIEInstalledDate.exe
2013-03-13 03:32 . 2013-03-13 03:32    61952    ----a-w-    c:\windows\system32\tdc.ocx
2013-03-13 03:32 . 2013-03-13 03:32    523264    ----a-w-    c:\windows\system32\vbscript.dll
2013-03-13 03:32 . 2013-03-13 03:32    48640    ----a-w-    c:\windows\system32\mshtmler.dll
2013-03-13 03:32 . 2013-03-13 03:32    38400    ----a-w-    c:\windows\system32\imgutil.dll
2013-03-13 03:32 . 2013-03-13 03:32    361984    ----a-w-    c:\windows\system32\html.iec
2013-03-13 03:32 . 2013-03-13 03:32    185344    ----a-w-    c:\windows\system32\elshyph.dll
2013-03-13 03:32 . 2013-03-13 03:32    158720    ----a-w-    c:\windows\system32\msls31.dll
2013-03-13 03:32 . 2013-03-13 03:32    150528    ----a-w-    c:\windows\system32\iexpress.exe
2013-03-13 03:32 . 2013-03-13 03:32    138752    ----a-w-    c:\windows\system32\wextract.exe
2013-03-13 03:32 . 2013-03-13 03:32    137216    ----a-w-    c:\windows\system32\ieUnatt.exe
2013-03-13 03:32 . 2013-03-13 03:32    12800    ----a-w-    c:\windows\system32\mshta.exe
2013-03-13 03:32 . 2013-03-13 03:32    110592    ----a-w-    c:\windows\system32\IEAdvpack.dll
2013-03-13 03:32 . 2013-03-13 03:32    719360    ----a-w-    c:\windows\system32\mshtmlmedia.dll
2013-03-13 03:32 . 2013-03-13 03:32    23040    ----a-w-    c:\windows\system32\licmgr10.dll
2013-03-13 03:32 . 2013-03-13 03:32    1441280    ----a-w-    c:\windows\system32\inetcpl.cpl
2013-04-12 17:26 . 2013-04-12 17:25    263064    ----a-w-    c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58    121968    ----a-w-    c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-04-16 23:10    576976    ----a-w-    c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-04-16 23:10    576976    ----a-w-    c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-04-16 23:10    576976    ----a-w-    c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-04-16 23:10    576976    ----a-w-    c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent"="c:\users\Alfred\AppData\Roaming\BitTorrent\BitTorrent.exe" [2013-05-02 882520]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-16 499608]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2012-02-09 312376]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [BU]
.
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [x]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation    REG_MULTI_SZ       SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc
GPSvcGroup    REG_MULTI_SZ       GPSvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-05-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-06 18:10]
.
2013-05-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-05-01 02:45]
.
2013-05-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-05-01 02:45]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Alfred\AppData\Roaming\Mozilla\Firefox\Profiles\kmo4j686.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - ExtSQL: 2013-03-18 09:29; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\Alfred\AppData\Roaming\Mozilla\Firefox\Profiles\kmo4j686.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-05-16 22:26; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-05-17  11:40:17
ComboFix-quarantined-files.txt  2013-05-17 18:40
.
Pre-Run: 114,083,028,992 bytes free
Post-Run: 113,864,609,792 bytes free
.
- - End Of File - - 7B136B2E78FE79C38EEC44CB1C967727
 

 



#9 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:03:08 AM

Posted 17 May 2013 - 03:17 PM

Please run the following:

Please run the following:

Please download Junkware Removal Tool to your desktop.
  • Shutdown your antivirus to avoid any conflicts.
  • Right-mouse click JRT.exe and select Run as administrator
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message

NEXT


Download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Delete
  • Once done it will ask to reboot, allow the reboot
  • On reboot a log will be produced, please attach the content of the log to your next reply
NEXT
  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#10 Slayer90

Slayer90
  • Topic Starter

  • Members
  • 216 posts
  • OFFLINE
  •  
  • Local time:12:08 AM

Posted 17 May 2013 - 04:11 PM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Home Premium x86
Ran by Alfred on Fri 05/17/2013 at 13:48:58.53
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Alfred\AppData\Roaming\mozilla\firefox\profiles\kmo4j686.default\minidumps [47 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 05/17/2013 at 13:52:46.34
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

# AdwCleaner v2.301 - Logfile created 05/17/2013 at 13:57:38
# Updated 16/05/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (32 bits)
# User : Alfred - ALFRED-PC
# Boot Mode : Normal
# Running from : C:\Users\Alfred\Desktop\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16576

[OK] Registry is clean.

-\\ Mozilla Firefox v20.0.1 (en-US)

File : C:\Users\Alfred\AppData\Roaming\Mozilla\Firefox\Profiles\kmo4j686.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v26.0.1410.64

File : C:\Users\Alfred\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S14].txt - [816 octets] - [17/05/2013 13:57:38]

########## EOF - C:\AdwCleaner[S14].txt - [876 octets] ##########
 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.05.17.06

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16576
Alfred :: ALFRED-PC [administrator]

5/17/2013 2:01:52 PM
mbam-log-2013-05-17 (14-01-52).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 197727
Time elapsed: 6 minute(s), 29 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 

 

 

 



#11 Slayer90

Slayer90
  • Topic Starter

  • Members
  • 216 posts
  • OFFLINE
  •  
  • Local time:12:08 AM

Posted 17 May 2013 - 06:26 PM

I finished the scanning with Eset but it did not provide me with a log.

 

esetscanresults.jpg



#12 Slayer90

Slayer90
  • Topic Starter

  • Members
  • 216 posts
  • OFFLINE
  •  
  • Local time:12:08 AM

Posted 17 May 2013 - 08:18 PM

Help? The symptoms still occurs. It freeze randomly but I can still move my mouse cursor. When I open folders or anything it causes the computer to stall. I Can move the mouse cursor but the cursor is stuck in a loading circle. Sometimes it can take up to 10 to 30 minutes for the computer to recover and other times it gets stuck and have to restart my computer. I suspect its a very advance hidden trojan. There are times that my computer works fine for a brief moment. So it clearly is a trojan with a human user behind it.


Edited by Slayer90, 17 May 2013 - 08:19 PM.


#13 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:03:08 AM

Posted 17 May 2013 - 08:56 PM

There are no signs of infection on your machine.

Please run the following:

Please download Windows Repair (all in one) from here

Install the program then run it

Go to step 2 and allow it to run Disk check



Once that is done then go to step 3 and allow it to run SFC

Capture.gif

On the the Start Repairs tab => Click the Start

7fthj.png

Click on the select all check box and then click on Start

DON'T use the computer while each scan is in progress.

Restart may be needed to finish the repair procedure.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#14 Slayer90

Slayer90
  • Topic Starter

  • Members
  • 216 posts
  • OFFLINE
  •  
  • Local time:12:08 AM

Posted 17 May 2013 - 09:14 PM

Before I use this will Windows Repair effect my installed programs use as games? Will it effect my games such as roms, iso and emulators? Will it affect my MP3s?



#15 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:03:08 AM

Posted 17 May 2013 - 09:24 PM

It shouldn't, it only looks for corrupt core files.

Make a restore point before running it.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users