Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

MBAR (Beta) reports Trojan.0Access; Avast, MBAM, other report clean


  • This topic is locked This topic is locked
3 replies to this topic

#1 willie6973

willie6973

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Orleans
  • Local time:05:11 AM

Posted 29 May 2014 - 04:40 PM

Avast says I had Java:Malware-gen {Trj] and 30+ other files that it cleaned and reports all OK.

However Malwarebytes Anti-Rootkit (Beta) says three file have Trojan.0Access and five other something else. And offers to clean it up.  I am a little reluctant to perform clean up using beta MBAR.  Would like additional confirmation one way or the other.  Especially given MBAM reports clean (or did I miss something?). 

Any suggestions on what next?

e.g. what tools to run to determine infection or not?

Do I need to delete the items in the Avast chest - e.g. completely get rid of them?

 

 

Background

I have a  two year old HP laptop running Win7 SP1 - up to date - automatic updates on

Java NOT up to date.

 

Avast free anti virus reported a problem and recommended reboot to clean up. So I did and had Avast move all problem files to avast chest (quarantine - see aswBoot.txt contents listed below)   Now avast is happy.  reports no threats/problems.  I even rescanned C:\Users\patsy\AppData\ - no problems found.   I Also ran Windows Defender scan which reports no problems.

 

This is the wife’s computer.  Mostly uses it for email, Facebook, games (YAHOO, AARP, other?) 

I wanted more checks to ensure system is clean.  I remembers this site (bleeping computer); and wondered if you have a protocol that would give me this extra check.   I looked at several recent ‘Am I Infected’ requests.   Thus I followed instructions by BC Advisor in his initial response to noriar and ran Security Check ; FSS, MiniToolBox, MBAM, MBAR and Rkill.   

(per  http://www.bleepingcomputer.com/forums/t/535503/am-i-infected/)     The logs, etc from this are also below.

 

 +—+—+—+—+—+—+—+—+—+—+—+++

avast free anti virus  - report of infection / cleaning from file  aswBoot.txt

 +—+—+—+—+—+—+—+—+—+—+—+++

05/28/2014 14:01

Scan of all local drives

 

File C:\Users\patsy\AppData\Local\Temp\ZRASMI|>hw.class is infected by Java:Agent-CPL [Trj], Moved to chest

File C:\Users\patsy\AppData\Local\Temp\ZRASMI|>chcyih.class is infected by Java:Downloader-IA [Trj], Moved to chest

File C:\Users\patsy\AppData\Local\Temp\ZRASMI|>m.class is infected by Java:Agent-FFD [Trj], Moved to chest

File C:\Users\patsy\AppData\Local\Temp\ZRASMI|>vcs.class is infected by Java:Agent-FFD [Trj], Moved to chest

File C:\Users\patsy\AppData\Local\Temp\jar_cache4792688697478292448.tmp|>hw.class is infected by Java:Agent-CPL [Trj], Moved to chest

File C:\Users\patsy\AppData\Local\Temp\jar_cache4792688697478292448.tmp|>chcyih.class is infected by Java:Downloader-IA [Trj], Moved to chest

File C:\Users\patsy\AppData\Local\Temp\jar_cache4792688697478292448.tmp|>m.class is infected by Java:Agent-FFD [Trj], Moved to chest

File C:\Users\patsy\AppData\Local\Temp\jar_cache4792688697478292448.tmp|>vcs.class is infected by Java:Agent-FFD [Trj], Moved to chest

File C:\Users\patsy\AppData\Local\Temp\jar_cache7287742256970640269.tmp|>sUUIHppY.class is infected by Java:Downloader-HV [Trj], Moved to chest

File C:\Users\patsy\AppData\Local\Temp\jar_cache7287742256970640269.tmp|>txnMWOxmYY.class is infected by Java:Agent-CON [Trj], Moved to chest

File C:\Users\patsy\AppData\Local\Temp\jar_cache7287742256970640269.tmp|>upygAxPgzx.class is infected by Java:Agent-CAI [Trj], Moved to chest

File C:\Users\patsy\AppData\Local\Temp\jar_cache7287742256970640269.tmp|>GtuQQLCf.class is infected by Java:CVE-2012-1723-HN [Expl], Moved to chest

File C:\Users\patsy\AppData\Local\Temp\jar_cache7287742256970640269.tmp|>BWXRk.class is infected by Java:Malware-gen [Trj], Moved to chest

File C:\Users\patsy\AppData\Local\Temp\jar_cache7287742256970640269.tmp|>cbKfx.class is infected by Java:Malware-gen [Trj], Moved to chest

File C:\Users\patsy\AppData\Local\Temp\jar_cache7287742256970640269.tmp|>cCq.class is infected by Java:Malware-gen [Trj], Moved to chest

File C:\Users\patsy\AppData\Local\Temp\jar_cache7287742256970640269.tmp|>DzJEOf.class is infected by Java:Malware-gen [Trj], Moved to chest

File C:\Users\patsy\AppData\Local\Temp\jar_cache7287742256970640269.tmp|>jkByAnc.class is infected by Java:CVE-2011-3544-KJ [Expl], Moved to chest

File C:\Users\patsy\AppData\Local\Temp\jar_cache7287742256970640269.tmp|>mOCiacl.class is infected by Java:Malware-gen [Trj], Moved to chest

File C:\Users\patsy\AppData\Local\Temp\jar_cache7287742256970640269.tmp|>NAOzxbCEr.class is infected by Java:Malware-gen [Trj], Moved to chest

File C:\Users\patsy\AppData\Local\Temp\jar_cache7287742256970640269.tmp|>rQLGr.class is infected by Java:Malware-gen [Trj], Moved to chest

File C:\Users\patsy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\3965b335-19acde9f|>wIVlR\GXHUt.class is infected by Java:Malware-gen [Trj], Moved to chest

File C:\Users\patsy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\3965b335-19acde9f|>wIVlR\DfvZKMnOv.class is infected by Java:Malware-gen [Trj], Moved to chest

File C:\Users\patsy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\3965b335-19acde9f|>wIVlR\rVARPd.class is infected by Java:Malware-gen [Trj], Moved to chest

File C:\Users\patsy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\3965b335-19acde9f|>wIVlR\bZKOgFtmr.class is infected by Java:Malware-gen [Trj], Moved to chest

File C:\Users\patsy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\3965b335-19acde9f|>wIVlR\TxbsfmWsJ.class is infected by Java:CVE-2013-0422-HS [Expl], Moved to chest

File C:\Users\patsy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\3965b335-19acde9f|>wIVlR\rozzt.class is infected by Java:Malware-gen [Trj], Moved to chest

File C:\Users\patsy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\3965b335-19acde9f|>wIVlR\Mgxkmlr.class is infected by Java:Agent-FIM [Trj], Moved to chest

File C:\Users\patsy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\40df257b-45bd8858|>wIVlR\GXHUt.class is infected by Java:Malware-gen [Trj], Moved to chest

File C:\Users\patsy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\40df257b-45bd8858|>wIVlR\DfvZKMnOv.class is infected by Java:Malware-gen [Trj], Moved to chest

File C:\Users\patsy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\40df257b-45bd8858|>wIVlR\rVARPd.class is infected by Java:Malware-gen [Trj], Moved to chest

File C:\Users\patsy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\40df257b-45bd8858|>wIVlR\bZKOgFtmr.class is infected by Java:Malware-gen [Trj], Moved to chest

File C:\Users\patsy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\40df257b-45bd8858|>wIVlR\TxbsfmWsJ.class is infected by Java:CVE-2013-0422-HS [Expl], Moved to chest

File C:\Users\patsy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\40df257b-45bd8858|>wIVlR\rozzt.class is infected by Java:Malware-gen [Trj], Moved to chest

File C:\Users\patsy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\40df257b-45bd8858|>wIVlR\Mgxkmlr.class is infected by Java:Agent-FIM [Trj], Moved to chest

Number of searched folders: 36481

Number of tested files: 670540

Number of infected files: 34

 

 

+—+—+—+—+—+—+—+—+—+—+—+

Security Check ; FSS, MiniToolBox, …logs 

+—+—+—+—+—+—+—+—+—+—+—+

 

 Results of screen317's Security Check version 0.99.83  

 Windows 7 Service Pack 1 x64 (UAC is enabled)  

 Internet Explorer 11  

``````````````Antivirus/Firewall Check:``````````````

 Windows Firewall Enabled!  

avast! Antivirus   

 Antivirus up to date!   

`````````Anti-malware/Other Utilities Check:`````````

 Java 7 Update 51  

 Java version out of Date!

 Adobe Flash Player 13.0.0.214  

 Adobe Reader XI  

 Mozilla Firefox (29.0.1) 

 Google Chrome 34.0.1847.137  

 Google Chrome 35.0.1916.114  

````````Process Check: objlist.exe by Laurent````````

 AVAST Software Avast AvastSvc.exe  

 AVAST Software Avast avastui.exe  

`````````````````System Health check`````````````````

 Total Fragmentation on Drive C: 0% 

````````````````````End of Log``````````````````````

 

 

Farbar Service Scanner Version: 21-05-2014

Ran by admin (administrator) on 29-05-2014 at 12:10:04

Running from "C:\Users\admin\Downloads"

Microsoft Windows 7 Home Premium  Service Pack 1 (X64)

Boot Mode: Normal

****************************************************************

 

Internet Services:

============

 

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Google.com is accessible.

Yahoo.com is accessible.

 

 

Windows Firewall:

=============

 

Firewall Disabled Policy: 

==================

 

 

System Restore:

============

 

System Restore Disabled Policy: 

========================

 

 

Action Center:

============

 

 

Windows Update:

============

 

Windows Autoupdate Disabled Policy: 

============================

 

 

Windows Defender:

==============

 

Other Services:

==============

 

 

File Check:

========

C:\Windows\System32\nsisvc.dll => MD5 is legit

C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit

C:\Windows\System32\dhcpcore.dll => MD5 is legit

C:\Windows\System32\drivers\afd.sys => MD5 is legit

C:\Windows\System32\drivers\tdx.sys => MD5 is legit

C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit

C:\Windows\System32\dnsrslvr.dll => MD5 is legit

C:\Windows\System32\mpssvc.dll => MD5 is legit

C:\Windows\System32\bfe.dll => MD5 is legit

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit

C:\Windows\System32\SDRSVC.dll => MD5 is legit

C:\Windows\System32\vssvc.exe => MD5 is legit

C:\Windows\System32\wscsvc.dll => MD5 is legit

C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit

C:\Windows\System32\wuaueng.dll => MD5 is legit

C:\Windows\System32\qmgr.dll => MD5 is legit

C:\Windows\System32\es.dll => MD5 is legit

C:\Windows\System32\cryptsvc.dll => MD5 is legit

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit

C:\Windows\System32\ipnathlp.dll => MD5 is legit

C:\Windows\System32\iphlpsvc.dll => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

 

 

**** End of log ****

 

 

MiniToolBox by Farbar  Version: 23-01-2014

Ran by admin (administrator) on 29-05-2014 at 12:20:39

Running from "C:\Users\admin\Documents\VIRUS 2014-05\tools"

Microsoft Windows 7 Home Premium  Service Pack 1 (X64)

Boot Mode: Normal

***************************************************************************

 

========================= IE Proxy Settings: ============================== 

 

Proxy is not enabled.

No Proxy Server is set.

 

========================= FF Proxy Settings: ============================== 

 

========================= Hosts content: =================================

 

 

 

========================= IP Configuration: ================================

 

Ralink RT5390 802.11b/g/n WiFi Adapter = Wireless Network Connection (Connected)

Realtek PCIe FE Family Controller = Local Area Connection (Media disconnected)

Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)

 

 

# ----------------------------------

# IPv4 Configuration

# ----------------------------------

pushd interface ipv4

 

reset

set global icmpredirects=enabled

 

 

popd

# End of IPv4 configuration

 

 

 

Windows IP Configuration

 

   Host Name . . . . . . . . . . . . : HP-notebook

   Primary Dns Suffix  . . . . . . . : 

   Node Type . . . . . . . . . . . . : Hybrid

   IP Routing Enabled. . . . . . . . : No

   WINS Proxy Enabled. . . . . . . . : No

   DNS Suffix Search List. . . . . . : gateway.2wire.net

 

Wireless LAN adapter Wireless Network Connection 2:

 

   Media State . . . . . . . . . . . : Media disconnected

   Connection-specific DNS Suffix  . : 

   Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter

   Physical Address. . . . . . . . . : 60-D8-19-39-D6-9D

   DHCP Enabled. . . . . . . . . . . : Yes

   Autoconfiguration Enabled . . . . : Yes

 

Ethernet adapter Local Area Connection:

 

   Media State . . . . . . . . . . . : Media disconnected

   Connection-specific DNS Suffix  . : 

   Description . . . . . . . . . . . : Realtek PCIe FE Family Controller

   Physical Address. . . . . . . . . : 78-E3-B5-63-22-80

   DHCP Enabled. . . . . . . . . . . : Yes

   Autoconfiguration Enabled . . . . : Yes

 

Wireless LAN adapter Wireless Network Connection:

 

   Connection-specific DNS Suffix  . : gateway.2wire.net

   Description . . . . . . . . . . . : Ralink RT5390 802.11b/g/n WiFi Adapter

   Physical Address. . . . . . . . . : 60-D8-19-39-D6-9C

   DHCP Enabled. . . . . . . . . . . : Yes

   Autoconfiguration Enabled . . . . : Yes

   Link-local IPv6 Address . . . . . : fe80::3843:de65:b6b5:f222%11(Preferred) 

   IPv4 Address. . . . . . . . . . . : 192.168.1.80(Preferred) 

   Subnet Mask . . . . . . . . . . . : 255.255.255.0

   Lease Obtained. . . . . . . . . . : Wednesday, May 28, 2014 5:28:10 PM

   Lease Expires . . . . . . . . . . : Friday, May 30, 2014 11:17:05 AM

   Default Gateway . . . . . . . . . : 192.168.1.254

   DHCP Server . . . . . . . . . . . : 192.168.1.254

   DHCPv6 IAID . . . . . . . . . . . : 241227801

   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-16-7A-ED-5A-60-D8-19-39-D6-9C

   DNS Servers . . . . . . . . . . . : 192.168.1.254

   NetBIOS over Tcpip. . . . . . . . : Enabled

 

Tunnel adapter isatap.gateway.2wire.net:

 

   Media State . . . . . . . . . . . : Media disconnected

   Connection-specific DNS Suffix  . : gateway.2wire.net

   Description . . . . . . . . . . . : Microsoft ISATAP Adapter

   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

   DHCP Enabled. . . . . . . . . . . : No

   Autoconfiguration Enabled . . . . : Yes

 

Tunnel adapter isatap.{58D8B3A1-6910-45B1-97A8-789105515D47}:

 

   Media State . . . . . . . . . . . : Media disconnected

   Connection-specific DNS Suffix  . : 

   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2

   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

   DHCP Enabled. . . . . . . . . . . : No

   Autoconfiguration Enabled . . . . : Yes

 

Tunnel adapter Teredo Tunneling Pseudo-Interface:

 

   Connection-specific DNS Suffix  . : 

   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface

   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

   DHCP Enabled. . . . . . . . . . . : No

   Autoconfiguration Enabled . . . . : Yes

   IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fd:4b9:3a69:93b7:c9f8(Preferred) 

   Link-local IPv6 Address . . . . . : fe80::4b9:3a69:93b7:c9f8%13(Preferred) 

   Default Gateway . . . . . . . . . : ::

   NetBIOS over Tcpip. . . . . . . . : Disabled

 

Tunnel adapter isatap.{7D39135A-DC74-40B6-AF83-DDD38439FC71}:

 

   Media State . . . . . . . . . . . : Media disconnected

   Connection-specific DNS Suffix  . : 

   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3

   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

   DHCP Enabled. . . . . . . . . . . : No

   Autoconfiguration Enabled . . . . : Yes

Server:  homeportal

Address:  192.168.1.254

 

Name:    google.com

Addresses:  2607:f8b0:4002:c01::66

  74.125.137.102

  74.125.137.100

  74.125.137.101

  74.125.137.113

  74.125.137.139

  74.125.137.138

 

 

Pinging google.com [74.125.137.139] with 32 bytes of data:

Reply from 74.125.137.139: bytes=32 time=37ms TTL=47

Reply from 74.125.137.139: bytes=32 time=36ms TTL=47

 

Ping statistics for 74.125.137.139:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 36ms, Maximum = 37ms, Average = 36ms

Server:  homeportal

Address:  192.168.1.254

 

Name:    yahoo.com

Addresses:  206.190.36.45

  98.139.183.24

  98.138.253.109

 

 

Pinging yahoo.com [206.190.36.45] with 32 bytes of data:

Reply from 206.190.36.45: bytes=32 time=120ms TTL=44

Reply from 206.190.36.45: bytes=32 time=120ms TTL=44

 

Ping statistics for 206.190.36.45:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 120ms, Maximum = 120ms, Average = 120ms

 

Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

 

Ping statistics for 127.0.0.1:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================

Interface List

 14...60 d8 19 39 d6 9d ......Microsoft Virtual WiFi Miniport Adapter

 12...78 e3 b5 63 22 80 ......Realtek PCIe FE Family Controller

 11...60 d8 19 39 d6 9c ......Ralink RT5390 802.11b/g/n WiFi Adapter

  1...........................Software Loopback Interface 1

 15...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter

 16...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2

 13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface

 17...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3

===========================================================================

 

IPv4 Route Table

===========================================================================

Active Routes:

Network Destination        Netmask          Gateway       Interface  Metric

          0.0.0.0          0.0.0.0    192.168.1.254     192.168.1.80     25

        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306

        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306

  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306

      192.168.1.0    255.255.255.0         On-link      192.168.1.80    281

     192.168.1.80  255.255.255.255         On-link      192.168.1.80    281

    192.168.1.255  255.255.255.255         On-link      192.168.1.80    281

        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306

        224.0.0.0        240.0.0.0         On-link      192.168.1.80    281

  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306

  255.255.255.255  255.255.255.255         On-link      192.168.1.80    281

===========================================================================

Persistent Routes:

  None

 

IPv6 Route Table

===========================================================================

Active Routes:

 If Metric Network Destination      Gateway

 13     58 ::/0                     On-link

  1    306 ::1/128                  On-link

 13     58 2001::/32                On-link

 13    306 2001:0:5ef5:79fd:4b9:3a69:93b7:c9f8/128

                                    On-link

 11    281 fe80::/64                On-link

 13    306 fe80::/64                On-link

 13    306 fe80::4b9:3a69:93b7:c9f8/128

                                    On-link

 11    281 fe80::3843:de65:b6b5:f222/128

                                    On-link

  1    306 ff00::/8                 On-link

 13    306 ff00::/8                 On-link

 11    281 ff00::/8                 On-link

===========================================================================

Persistent Routes:

  None

========================= Winsock entries =====================================

 

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)

Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)

Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)

Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)

Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)

Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)

Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)

Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)

Catalog5 09 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)

Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)

Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)

Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)

Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)

Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)

Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)

Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)

Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)

Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)

Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)

x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)

x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)

x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)

x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)

x64-Catalog5 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)

x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)

x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)

x64-Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)

x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

 

========================= Event log errors: ===============================

 

Application errors:

==================

Error: (05/29/2014 00:19:23 PM) (Source: MsiInstaller) (User: HP-notebook)

Description: Product: Adobe Reader XI - Update '{AC76BA86-7AD7-0000-2550-7A8C40011007}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

 

Error: (05/28/2014 05:28:48 PM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (05/28/2014 00:58:50 PM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 7305230

 

Error: (05/28/2014 00:58:50 PM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 7305230

 

Error: (05/28/2014 00:58:50 PM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

 

Error: (05/28/2014 10:57:06 AM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 1076

 

Error: (05/28/2014 10:57:06 AM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 1076

 

Error: (05/28/2014 10:57:06 AM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

 

Error: (05/27/2014 10:04:52 PM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 12059

 

Error: (05/27/2014 10:04:52 PM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 12059

 

 

System errors:

=============

Error: (05/28/2014 05:30:42 PM) (Source: DCOM) (User: NT AUTHORITY)

Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

 

Error: (04/18/2014 08:15:51 AM) (Source: DCOM) (User: NT AUTHORITY)

Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

 

Error: (04/15/2014 10:08:59 AM) (Source: DCOM) (User: NT AUTHORITY)

Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

 

Error: (04/15/2014 07:45:05 AM) (Source: BugCheck) (User: )

Description: 0x0000009f (0x0000000000000004, 0x0000000000000258, 0xfffffa80036ab660, 0xfffff80000b9c510)C:\Windows\Minidump\041514-22791-01.dmp041514-22791-01

 

Error: (04/15/2014 07:45:04 AM) (Source: EventLog) (User: )

Description: The previous system shutdown at 7:42:18 AM on ?4/?15/?2014 was unexpected.

 

Error: (04/15/2014 07:42:48 AM) (Source: Service Control Manager) (User: )

Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the wuauserv service.

 

Error: (04/15/2014 07:42:18 AM) (Source: Service Control Manager) (User: )

Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

 

Error: (04/15/2014 07:41:48 AM) (Source: Service Control Manager) (User: )

Description: The Multimedia Class Scheduler service failed to start due to the following error: 

%%1053

 

Error: (04/15/2014 07:41:48 AM) (Source: Service Control Manager) (User: )

Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MMCSS service.

 

Error: (04/15/2014 07:41:18 AM) (Source: Service Control Manager) (User: )

Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

 

 

Microsoft Office Sessions:

=========================

 

=========================== Installed Programs ============================

 

Adobe Flash Player 13 Plugin (Version: 13.0.0.214)

Adobe Reader XI (11.0.06) (Version: 11.0.06)

Adobe Shockwave Player 12.0 (Version: 12.0.9.149)

Agatha Christie - Peril at End House (Version: 2.2.0.95)

AMD APP SDK Runtime (Version: 2.4.650.9)

AMD Fuel (Version: 2011.0705.1115.18310)

AMD Media Foundation Decoders (Version: 1.0.60705.1113)

AMD Steady Video Plug-In  (Version: 1.00.0000)

AMD VISION Engine Control Center (Version: 2011.0705.1115.18310)

Apple Application Support (Version: 3.0.1)

Apple Mobile Device Support (Version: 7.1.1.3)

Apple Software Update (Version: 2.1.3.127)

ATI Catalyst Install Manager (Version: 3.0.829.0)

avast! Free Antivirus (Version: 9.0.2013)

Bejeweled 3 (Version: 2.2.0.97)

Blackhawk Striker 2 (Version: 2.2.0.95)

Blasterball 3 (Version: 2.2.0.97)

Blio (Version: 2.2.6699)

Bonjour (Version: 3.0.0.10)

Bonjour Print Services (Version: 2.0.2.0)

Bounce Symphony (Version: 2.2.0.97)

Cake Mania (Version: 2.2.0.95)

Catalyst Control Center - Branding (Version: 1.00.0000)

Catalyst Control Center Graphics Previews Common (Version: 2011.0705.1115.18310)

Catalyst Control Center InstallProxy (Version: 2011.0705.1115.18310)

Catalyst Control Center Localization All (Version: 2011.0705.1115.18310)

CCC Help Chinese Standard (Version: 2011.0705.1114.18310)

CCC Help Chinese Traditional (Version: 2011.0705.1114.18310)

CCC Help Czech (Version: 2011.0705.1114.18310)

CCC Help Danish (Version: 2011.0705.1114.18310)

CCC Help Dutch (Version: 2011.0705.1114.18310)

CCC Help English (Version: 2011.0705.1114.18310)

CCC Help Finnish (Version: 2011.0705.1114.18310)

CCC Help French (Version: 2011.0705.1114.18310)

CCC Help German (Version: 2011.0705.1114.18310)

CCC Help Greek (Version: 2011.0705.1114.18310)

CCC Help Hungarian (Version: 2011.0705.1114.18310)

CCC Help Italian (Version: 2011.0705.1114.18310)

CCC Help Japanese (Version: 2011.0705.1114.18310)

CCC Help Korean (Version: 2011.0705.1114.18310)

CCC Help Norwegian (Version: 2011.0705.1114.18310)

CCC Help Polish (Version: 2011.0705.1114.18310)

CCC Help Portuguese (Version: 2011.0705.1114.18310)

CCC Help Russian (Version: 2011.0705.1114.18310)

CCC Help Spanish (Version: 2011.0705.1114.18310)

CCC Help Swedish (Version: 2011.0705.1114.18310)

CCC Help Thai (Version: 2011.0705.1114.18310)

CCC Help Turkish (Version: 2011.0705.1114.18310)

ccc-utility64 (Version: 2011.0705.1115.18310)

Chronicles of Albian (Version: 2.2.0.95)

Chuzzle Deluxe (Version: 2.2.0.95)

Cradle of Rome 2 (Version: 2.2.0.95)

CyberLink YouCam (Version: 3.5.1.4119)

D3DX10 (Version: 15.4.2368.0902)

ESU for Microsoft Windows 7 SP1 (Version: 2.1.1)

Evernote v. 4.2.3 (Version: 4.2.3.22)

Farm Frenzy (Version: 2.2.0.95)

FATE (Version: 2.2.0.97)

Google Chrome (Version: 35.0.1916.114)

Google Update Helper (Version: 1.3.24.7)

Governor of Poker 2 Premium Edition (Version: 2.2.0.95)

Hewlett-Packard ACLM.NET v1.1.1.0 (Version: 1.00.0000)

HP Auto (Version: 1.0.12935.3667)

HP Client Services (Version: 1.1.12938.3539)

HP Customer Experience Enhancements (Version: 6.0.1.7)

HP Documentation (Version: 1.1.0.0)

HP Games (Version: 1.0.2.5)

HP Launch Box (Version: 1.0.11)

HP MovieStore (Version: 1.0.057)

HP MovieStore (Version: 2.0)

HP On Screen Display (Version: 1.2.2)

HP Power Manager (Version: 1.2.3)

HP Quick Launch (Version: 2.4.3)

HP QuickWeb (Version: 3.1.0.9760)

HP Setup (Version: 8.7.4751.3798)

HP Setup Manager (Version: 1.1.13476.3753)

HP Software Framework (Version: 4.1.6.1)

HP Support Assistant (Version: 6.0.5.4)

iCloud (Version: 3.1.0.40)

IDT Audio (Version: 1.0.6341.0)

iTunes (Version: 11.1.5.5)

Java 7 Update 51 (Version: 7.0.510)

Java Auto Updater (Version: 2.1.9.8)

Jewel Quest: The Sleepless Star - Collector's Edition (Version: 2.2.0.95)

Junk Mail filter update (Version: 15.4.3502.0922)

Mah Jong Medley (Version: 2.2.0.95)

Mesh Runtime (Version: 15.4.5722.2)

Microsoft .NET Framework 4.5.1 (Version: 4.5.50938)

Microsoft Application Error Reporting (Version: 12.0.6015.5000)

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000)

Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)

Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)

Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)

Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)

Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Silverlight (Version: 5.1.30214.0)

Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)

Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)

Microsoft WSE 3.0 Runtime (Version: 3.0.5305.0)

Mozilla Firefox 29.0.1 (x86 en-US) (Version: 29.0.1)

Mozilla Maintenance Service (Version: 29.0.1)

MSVCRT (Version: 15.4.2862.0708)

MSVCRT_amd64 (Version: 15.4.2862.0708)

MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)

MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)

Mystery of Mortlake Mansion (Version: 2.2.0.97)

Namco All-Stars: PAC-MAN (Version: 2.2.0.95)

Penguins! (Version: 2.2.0.95)

Plants vs. Zombies - Game of the Year (Version: 2.2.0.95)

PlayReady PC Runtime x86 (Version: 1.3.0)

Poker Superstars III (Version: 2.2.0.95)

Polar Bowler (Version: 2.2.0.97)

Polar Golfer (Version: 2.2.0.95)

QuickTime 7 (Version: 7.75.80.95)

Ralink RT5390 802.11b/g/n WiFi Adapter (Version: 3.02.01.0)

Realtek Ethernet Controller Driver (Version: 7.45.516.2011)

Realtek PCIE Card Reader (Version: 6.1.7601.81)

Recovery Manager (Version: 2.0.0)

RoxioNow Player (Version: 1.9.5.103)

Shape Shifter

Slingo Supreme (Version: 2.2.0.97)

swMSM (Version: 12.0.0.1)

Synaptics TouchPad Driver (Version: 15.3.29.0)

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition

Update for Microsoft Office Access 2007 Help (KB963663)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office Infopath 2007 Help (KB963662)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition

Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2880505) 32-Bit Edition

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Publisher 2007 Help (KB963667)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

Update Installer for WildTangent Games App

Vacation Quest - The Hawaiian Islands (Version: 2.2.0.97)

Virtual Villagers 5 - New Believers (Version: 2.2.0.97)

Visual Studio 2008 x64 Redistributables (Version: 10.0.0.2)

Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1)

Visual Studio 2012 x64 Redistributables (Version: 14.0.0.1)

Visual Studio 2012 x86 Redistributables (Version: 14.0.0.1)

WildTangent Games App (HP Games) (Version: 4.0.10.5)

Windows Live Communications Platform (Version: 15.4.3502.0922)

Windows Live Essentials (Version: 15.4.3502.0922)

Windows Live Essentials (Version: 15.4.3508.1109)

Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)

Windows Live Installer (Version: 15.4.3502.0922)

Windows Live Language Selector (Version: 15.4.3508.1109)

Windows Live Mail (Version: 15.4.3502.0922)

Windows Live Mesh (Version: 15.4.3502.0922)

Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)

Windows Live Messenger (Version: 15.4.3502.0922)

Windows Live MIME IFilter (Version: 15.4.3502.0922)

Windows Live Movie Maker (Version: 15.4.3502.0922)

Windows Live Photo Common (Version: 15.4.3502.0922)

Windows Live Photo Gallery (Version: 15.4.3502.0922)

Windows Live PIMT Platform (Version: 15.4.3508.1109)

Windows Live Remote Client (Version: 15.4.5722.2)

Windows Live Remote Client Resources (Version: 15.4.5722.2)

Windows Live Remote Service (Version: 15.4.5722.2)

Windows Live Remote Service Resources (Version: 15.4.5722.2)

Windows Live SOXE (Version: 15.4.3502.0922)

Windows Live SOXE Definitions (Version: 15.4.3502.0922)

Windows Live UX Platform (Version: 15.4.3502.0922)

Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)

Windows Live Writer (Version: 15.4.3502.0922)

Windows Live Writer Resources (Version: 15.4.3502.0922)

Zuma Deluxe (Version: 2.2.0.95)

 

========================= Memory info: ===================================

 

Percentage of memory in use: 44%

Total physical RAM: 3562.91 MB

Available physical RAM: 1988.39 MB

Total Pagefile: 7123.99 MB

Available Pagefile: 5430.77 MB

Total Virtual: 4095.88 MB

Available Virtual: 3969.84 MB

 

========================= Partitions: =====================================

 

1 Drive c: () (Fixed) (Total:447.21 GB) (Free:389.85 GB) NTFS

2 Drive d: (Recovery) (Fixed) (Total:14.39 GB) (Free:1.6 GB) NTFS

3 Drive e: (HP_TOOLS) (Fixed) (Total:3.96 GB) (Free:1.1 GB) FAT32

4 Drive f: (OFFICE12) (CDROM) (Total:0.52 GB) (Free:0 GB) UDF

 

========================= Users: ========================================

 

User accounts for \\HP-NOTEBOOK

 

admin                    Administrator            Guest                    

jim                      patsy                    

 

========================= Restore Points ==================================

 

07-05-2014 12:15:39 Windows Update

13-05-2014 12:46:19 Windows Update

15-05-2014 12:20:36 Windows Update

21-05-2014 12:56:48 Windows Update

29-05-2014 00:56:16 Scheduled Checkpoint

 

**** End of log ****

 

 

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 5/29/2014

Scan Time: 12:32:00 PM

Logfile: 4-MBscan.txt

Administrator: Yes

 

Version: 2.00.2.1012

Malware Database: v2014.05.29.09

Rootkit Database: v2014.05.21.01

License: Free

Malware Protection: Disabled

Malicious Website Protection: Disabled

Self-protection: Disabled

 

OS: Windows 7 Service Pack 1

CPU: x64

File System: NTFS

User: admin

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 337885

Time Elapsed: 15 min, 58 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Disabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 0

(No malicious items detected)

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Folders: 0

(No malicious items detected)

 

Files: 0

(No malicious items detected)

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

 

 

 

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.07.0.1009

 

© Malwarebytes Corporation 2011-2012

 

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

 

Account is Administrative

 

Internet Explorer version: 11.0.9600.17107

 

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED

CPU speed: 1.397000 GHz

Memory total: 3735977984, free: 2016518144

 

Downloaded database version: v2014.05.29.09

Downloaded database version: v2014.05.21.01

=======================================

Initializing...

------------ Kernel report ------------

     05/29/2014 12:57:35

------------ Loaded modules -----------

\SystemRoot\system32\ntoskrnl.exe

\SystemRoot\system32\hal.dll

\SystemRoot\system32\kdcom.dll

\SystemRoot\system32\mcupdate_AuthenticAMD.dll

\SystemRoot\system32\PSHED.dll

\SystemRoot\system32\CLFS.SYS

\SystemRoot\system32\CI.dll

\SystemRoot\system32\drivers\Wdf01000.sys

\SystemRoot\system32\drivers\WDFLDR.SYS

\SystemRoot\system32\drivers\ACPI.sys

\SystemRoot\system32\drivers\WMILIB.SYS

\SystemRoot\system32\drivers\msisadrv.sys

\SystemRoot\system32\drivers\pci.sys

\SystemRoot\system32\drivers\vdrvroot.sys

\SystemRoot\System32\drivers\partmgr.sys

\SystemRoot\system32\drivers\compbatt.sys

\SystemRoot\system32\drivers\BATTC.SYS

\SystemRoot\system32\drivers\volmgr.sys

\SystemRoot\System32\drivers\volmgrx.sys

\SystemRoot\System32\drivers\mountmgr.sys

\SystemRoot\system32\drivers\atapi.sys

\SystemRoot\system32\drivers\ataport.SYS

\SystemRoot\system32\drivers\msahci.sys

\SystemRoot\system32\drivers\PCIIDEX.SYS

\SystemRoot\system32\DRIVERS\amd_sata.sys

\SystemRoot\system32\DRIVERS\storport.sys

\SystemRoot\system32\DRIVERS\amd_xata.sys

\SystemRoot\system32\drivers\amdxata.sys

\SystemRoot\system32\drivers\fltmgr.sys

\SystemRoot\system32\drivers\fileinfo.sys

\SystemRoot\System32\Drivers\Ntfs.sys

\SystemRoot\System32\Drivers\msrpc.sys

\SystemRoot\System32\Drivers\ksecdd.sys

\SystemRoot\System32\Drivers\cng.sys

\SystemRoot\System32\drivers\pcw.sys

\SystemRoot\System32\Drivers\Fs_Rec.sys

\SystemRoot\system32\drivers\ndis.sys

\SystemRoot\system32\drivers\NETIO.SYS

\SystemRoot\System32\Drivers\ksecpkg.sys

\SystemRoot\System32\drivers\tcpip.sys

\SystemRoot\System32\drivers\fwpkclnt.sys

\SystemRoot\system32\drivers\volsnap.sys

\SystemRoot\System32\Drivers\spldr.sys

\SystemRoot\System32\drivers\rdyboost.sys

\SystemRoot\System32\Drivers\mup.sys

\SystemRoot\System32\drivers\hwpolicy.sys

\SystemRoot\System32\DRIVERS\fvevol.sys

\SystemRoot\system32\drivers\disk.sys

\SystemRoot\system32\drivers\CLASSPNP.SYS

\SystemRoot\System32\Drivers\aswVmm.sys

\SystemRoot\System32\Drivers\aswRvrt.sys

\SystemRoot\system32\DRIVERS\cdrom.sys

\??\C:\Windows\system32\drivers\aswSnx.sys

\??\C:\Windows\system32\drivers\aswSP.sys

\SystemRoot\System32\Drivers\Null.SYS

\SystemRoot\System32\Drivers\Beep.SYS

\SystemRoot\System32\drivers\vga.sys

\SystemRoot\System32\drivers\VIDEOPRT.SYS

\SystemRoot\System32\drivers\watchdog.sys

\SystemRoot\System32\DRIVERS\RDPCDD.sys

\SystemRoot\system32\drivers\rdpencdd.sys

\SystemRoot\system32\drivers\rdprefmp.sys

\SystemRoot\System32\Drivers\Msfs.SYS

\SystemRoot\System32\Drivers\Npfs.SYS

\SystemRoot\system32\DRIVERS\tdx.sys

\SystemRoot\system32\DRIVERS\TDI.SYS

\SystemRoot\System32\DRIVERS\netbt.sys

\SystemRoot\system32\drivers\afd.sys

\??\C:\Windows\system32\drivers\aswRdr2.sys

\SystemRoot\system32\DRIVERS\wfplwf.sys

\SystemRoot\system32\DRIVERS\pacer.sys

\SystemRoot\system32\DRIVERS\vwififlt.sys

\SystemRoot\system32\DRIVERS\netbios.sys

\SystemRoot\system32\DRIVERS\wanarp.sys

\SystemRoot\system32\drivers\termdd.sys

\SystemRoot\system32\DRIVERS\rdbss.sys

\SystemRoot\system32\drivers\nsiproxy.sys

\SystemRoot\system32\drivers\mssmbios.sys

\SystemRoot\System32\drivers\discache.sys

\SystemRoot\System32\Drivers\dfsc.sys

\SystemRoot\system32\drivers\blbdrive.sys

\SystemRoot\system32\DRIVERS\tunnel.sys

\SystemRoot\system32\DRIVERS\amdppm.sys

\SystemRoot\system32\DRIVERS\atikmpag.sys

\SystemRoot\system32\DRIVERS\atikmdag.sys

\SystemRoot\System32\drivers\dxgkrnl.sys

\SystemRoot\System32\drivers\dxgmms1.sys

\SystemRoot\system32\drivers\HDAudBus.sys

\SystemRoot\system32\DRIVERS\Rt64win7.sys

\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys

\SystemRoot\system32\DRIVERS\usbohci.sys

\SystemRoot\system32\DRIVERS\USBPORT.SYS

\SystemRoot\system32\DRIVERS\usbfilter.sys

\SystemRoot\system32\DRIVERS\usbehci.sys

\SystemRoot\system32\DRIVERS\i8042prt.sys

\SystemRoot\system32\drivers\kbdclass.sys

\SystemRoot\system32\DRIVERS\SynTP.sys

\SystemRoot\system32\DRIVERS\USBD.SYS

\SystemRoot\system32\DRIVERS\mouclass.sys

\SystemRoot\system32\DRIVERS\netr28x.sys

\SystemRoot\system32\DRIVERS\vwifibus.sys

\SystemRoot\system32\DRIVERS\RtsPStor.sys

\SystemRoot\system32\drivers\CmBatt.sys

\SystemRoot\system32\drivers\wmiacpi.sys

\SystemRoot\system32\drivers\CompositeBus.sys

\SystemRoot\system32\DRIVERS\clwvd.sys

\SystemRoot\system32\DRIVERS\ks.sys

\SystemRoot\system32\drivers\ksthunk.sys

\SystemRoot\system32\DRIVERS\AgileVpn.sys

\SystemRoot\system32\DRIVERS\rasl2tp.sys

\SystemRoot\system32\DRIVERS\ndistapi.sys

\SystemRoot\system32\DRIVERS\ndiswan.sys

\SystemRoot\system32\DRIVERS\raspppoe.sys

\SystemRoot\system32\DRIVERS\raspptp.sys

\SystemRoot\system32\DRIVERS\rassstp.sys

\SystemRoot\system32\drivers\swenum.sys

\SystemRoot\system32\DRIVERS\amdiox64.sys

\SystemRoot\system32\DRIVERS\umbus.sys

\SystemRoot\system32\DRIVERS\usbhub.sys

\SystemRoot\System32\Drivers\NDProxy.SYS

\SystemRoot\system32\drivers\AtihdW76.sys

\SystemRoot\system32\drivers\portcls.sys

\SystemRoot\system32\drivers\drmk.sys

\SystemRoot\system32\DRIVERS\stwrt64.sys

\SystemRoot\System32\Drivers\fastfat.SYS

\SystemRoot\system32\DRIVERS\usbccgp.sys

\SystemRoot\system32\drivers\hidusb.sys

\SystemRoot\system32\drivers\HIDCLASS.SYS

\SystemRoot\system32\drivers\HIDPARSE.SYS

\SystemRoot\system32\DRIVERS\mouhid.sys

\SystemRoot\System32\Drivers\usbvideo.sys

\SystemRoot\System32\win32k.sys

\SystemRoot\System32\drivers\Dxapi.sys

\SystemRoot\system32\DRIVERS\monitor.sys

\SystemRoot\System32\TSDDD.dll

\SystemRoot\system32\DRIVERS\udfs.sys

\SystemRoot\System32\Drivers\crashdmp.sys

\SystemRoot\System32\Drivers\dump_diskdump.sys

\SystemRoot\System32\Drivers\dump_amd_sata.sys

\SystemRoot\System32\Drivers\dump_dumpfve.sys

\SystemRoot\system32\drivers\luafv.sys

\??\C:\Windows\system32\drivers\aswMonFlt.sys

\SystemRoot\system32\DRIVERS\lltdio.sys

\SystemRoot\system32\DRIVERS\nwifi.sys

\SystemRoot\system32\DRIVERS\ndisuio.sys

\SystemRoot\system32\DRIVERS\rspndr.sys

\SystemRoot\system32\DRIVERS\vwifimp.sys

\SystemRoot\system32\drivers\HTTP.sys

\SystemRoot\system32\DRIVERS\bowser.sys

\SystemRoot\System32\drivers\mpsdrv.sys

\SystemRoot\system32\DRIVERS\mrxsmb.sys

\SystemRoot\system32\DRIVERS\mrxsmb10.sys

\SystemRoot\system32\DRIVERS\mrxsmb20.sys

\SystemRoot\system32\drivers\peauth.sys

\SystemRoot\System32\Drivers\secdrv.SYS

\SystemRoot\System32\DRIVERS\srvnet.sys

\SystemRoot\System32\drivers\tcpipreg.sys

\SystemRoot\System32\DRIVERS\srv2.sys

\SystemRoot\System32\DRIVERS\srv.sys

\??\C:\Windows\system32\drivers\aswStm.sys

\SystemRoot\system32\DRIVERS\WSDPrint.sys

\SystemRoot\System32\ATMFD.DLL

\SystemRoot\System32\cdd.dll

\SystemRoot\system32\DRIVERS\asyncmac.sys

\??\C:\Windows\system32\drivers\mbamchameleon.sys

\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys

\Windows\System32\ntdll.dll

\Windows\System32\smss.exe

\Windows\System32\apisetschema.dll

----------- End -----------

Done!

<<<1>>>

Upper Device Name: \Device\Harddisk0\DR0

Upper Device Object: 0xfffffa80044f2060

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\00000066\

Lower Device Object: 0xfffffa80041313f0

Lower Device Driver Name: \Driver\amd_sata\

<<<2>>>

Physical Sector Size: 512

Drive: 0, DevicePointer: 0xfffffa80044f2060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa80044f2b90, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa80044f2060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa80036c0ac0, DeviceName: Unknown, DriverName: \Driver\amd_xata\

DevicePointer: 0xfffffa80036bf460, DeviceName: Unknown, DriverName: \Driver\ACPI\

DevicePointer: 0xfffffa80041313f0, DeviceName: \Device\00000066\, DriverName: \Driver\amd_sata\

------------ End ----------

Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

Upper DeviceData: 0x0, 0x0, 0x0

Lower DeviceData: 0x0, 0x0, 0x0

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

<<<2>>>

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...

<<<2>>>

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Done!

Drive 0

Scanning MBR on drive 0...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: 38DAC283

 

Partition information:

 

    Partition 0 type is Primary (0x7)

    Partition is ACTIVE.

    Partition starts at LBA: 2048  Numsec = 407552

    Partition file system is NTFS

    Partition is bootable

 

    Partition 1 type is Primary (0x7)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 409600  Numsec = 937871360

 

    Partition 2 type is Primary (0x7)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 938280960  Numsec = 30169088

 

    Partition 3 type is Other (0xc)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 968450048  Numsec = 8321072

 

Disk Size: 500107862016 bytes

Sector size: 512 bytes

 

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...

Done!

Infected: C:\Users\patsy\AppData\Local\Google\Desktop\Install\{c09ca9f8-9c91-b1a9-5255-93be2a2fcea3}\≸⋙ --> [Trojan.0Access]

Infected: C:\Users\patsy\AppData\Local\Google\Desktop\Install\{c09ca9f8-9c91-b1a9-5255-93be2a2fcea3}\≸⋙\☠⍨ --> [Trojan.0Access]

Infected: C:\Users\patsy\AppData\Local\Google\Desktop\Install\{c09ca9f8-9c91-b1a9-5255-93be2a2fcea3}\≸⋙\☠⍨\ --> [Trojan.0Access]

Infected: C:\Users\patsy\AppData\Local\Google\Desktop\Install\{c09ca9f8-9c91-b1a9-5255-93be2a2fcea3}\≸⋙\☠⍨\\{c09ca9f8-9c91-b1a9-5255-93be2a2fcea3} --> [Trojan.0Access]

Infected: C:\Users\patsy\AppData\Local\Google\Desktop\Install\{c09ca9f8-9c91-b1a9-5255-93be2a2fcea3}\≸⋙\☠⍨\\{c09ca9f8-9c91-b1a9-5255-93be2a2fcea3}\@ --> [Trojan.0Access]

Infected: C:\Users\patsy\AppData\Local\Google\Desktop\Install\{c09ca9f8-9c91-b1a9-5255-93be2a2fcea3}\≸⋙\☠⍨\\{c09ca9f8-9c91-b1a9-5255-93be2a2fcea3}\L --> [Trojan.0Access]

Infected: C:\Users\patsy\AppData\Local\Google\Desktop\Install\{c09ca9f8-9c91-b1a9-5255-93be2a2fcea3}\≸⋙\☠⍨\\{c09ca9f8-9c91-b1a9-5255-93be2a2fcea3}\U --> [Trojan.0Access]

Infected: C:\Users\patsy\AppData\Local\Google\Desktop\Install\{c09ca9f8-9c91-b1a9-5255-93be2a2fcea3} --> [Trojan.0Access]

Scan finished

=======================================

 

 

Removal queue found; removal started

Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...

Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...

Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...

Removal finished

 

 

Malwarebytes Anti-Rootkit BETA 1.07.0.1009

www.malwarebytes.org

 

Database version: v2014.05.29.09

 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 11.0.9600.17107

admin :: HP-NOTEBOOK [administrator]

 

5/29/2014 12:57:41 PM

mbar-log-2014-05-29 (12-57-41).txt

 

Scan type: Quick scan

Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken

Scan options disabled: 

Objects scanned: 336157

Time elapsed: 21 minute(s), 2 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 7

C:\Users\patsy\AppData\Local\Google\Desktop\Install\{c09ca9f8-9c91-b1a9-5255-93be2a2fcea3}\≸⋙ (Trojan.0Access) -> No action taken.

C:\Users\patsy\AppData\Local\Google\Desktop\Install\{c09ca9f8-9c91-b1a9-5255-93be2a2fcea3}\≸⋙\☠⍨ (Trojan.0Access) -> No action taken.

C:\Users\patsy\AppData\Local\Google\Desktop\Install\{c09ca9f8-9c91-b1a9-5255-93be2a2fcea3}\≸⋙\☠⍨\ (Trojan.0Access) -> No action taken.

C:\Users\patsy\AppData\Local\Google\Desktop\Install\{c09ca9f8-9c91-b1a9-5255-93be2a2fcea3}\≸⋙\☠⍨\\{c09ca9f8-9c91-b1a9-5255-93be2a2fcea3} (Trojan.0Access) -> No action taken.

C:\Users\patsy\AppData\Local\Google\Desktop\Install\{c09ca9f8-9c91-b1a9-5255-93be2a2fcea3}\≸⋙\☠⍨\\{c09ca9f8-9c91-b1a9-5255-93be2a2fcea3}\L (Trojan.0Access) -> No action taken.

C:\Users\patsy\AppData\Local\Google\Desktop\Install\{c09ca9f8-9c91-b1a9-5255-93be2a2fcea3}\≸⋙\☠⍨\\{c09ca9f8-9c91-b1a9-5255-93be2a2fcea3}\U (Trojan.0Access) -> No action taken.

C:\Users\patsy\AppData\Local\Google\Desktop\Install\{c09ca9f8-9c91-b1a9-5255-93be2a2fcea3} (Trojan.0Access) -> No action taken.

 

Files Detected: 1

C:\Users\patsy\AppData\Local\Google\Desktop\Install\{c09ca9f8-9c91-b1a9-5255-93be2a2fcea3}\≸⋙\☠⍨\\{c09ca9f8-9c91-b1a9-5255-93be2a2fcea3}\@ (Trojan.0Access) -> No action taken.

 

Physical Sectors Detected: 0

(No malicious items detected)

 

(end)

 

 

Rkill 2.6.6 by Lawrence Abrams (Grinler)

http://www.bleepingcomputer.com/

Copyright 2008-2014 BleepingComputer.com

More Information about Rkill can be found at this link:

 http://www.bleepingcomputer.com/forums/topic308364.html

 

Program started at: 05/29/2014 01:25:08 PM in x64 mode.

Windows Version: Windows 7 Home Premium Service Pack 1

 

Checking for Windows services to stop:

 

 * No malware services found to stop.

 

Checking for processes to terminate:

 

 * No malware processes found to kill.

 

Checking Registry for malware related settings:

 

 * No issues found in the Registry.

 

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

 

Performing miscellaneous checks:

 

 * No issues found.

 

Checking Windows Service Integrity: 

 

 * No issues found.

 

Searching for Missing Digital Signatures: 

 

 * No issues found.

 

Checking HOSTS File: 

 

 * No issues found.

 

Program finished at: 05/29/2014 01:27:04 PM

Execution time: 0 hours(s), 1 minute(s), and 56 seconds(s)



BC AdBot (Login to Remove)

 


#2 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:11 PM

Posted 29 May 2014 - 06:45 PM

Hello -

You have picked up a nasty Zero Access Rootkit infection, please follow the directions below -

 

Please follow the instructions in this Preparation Guide starting at Step #6.

NOTE - If you cannot complete a step, skip it and continue.

 

 Once the proper DDS logs are created, then make a NEW TOPIC and post it to =>
Virus, Trojan, Spyware, and Malware Removal Logs area - Not back here

 

They can use other tools to find the problem that we can not use in this area.

 

 

If HelpBot replies, please follow its Step #1 and the team will be notified.

 

Tell me when you post the new topic so we can close this one and only let the Experts fix your problem.



#3 willie6973

willie6973
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Orleans
  • Local time:05:11 AM

Posted 31 May 2014 - 07:03 PM

thanks

 

posted new topic - see link below - U can close this one 

 

http://www.bleepingcomputer.com/forums/t/536183/trojan0access-rootkit-infection-reported-by-malwarebytes/



#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:11 AM

Posted 31 May 2014 - 08:36 PM

Now that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Removal Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.
From this point on the Malware Removal Team should be the only members that you take advice from, until they have verified your log as clean.
Please be patient. It may take a while to get a response because the Malware Removal Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the Malware Removal Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRL Team member is already assisting you and not open the thread to respond.
The current wait time is 1 - 3 days and ALL logs are answered.
If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.
To avoid confusion, I am closing this topic.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users