TechSpot

[A] Another 0i763f66bz.exe Infection

By CplKerberos
Jul 13, 2012
  1. Hello,

    I recently noticed my computer acting rather funny and playing random music and ads even when nothing was open. I managed to catch a glimpse of an unknown file, 0i763f66bz.exe, running in my processes. After performing several attempts using Malwarebytes to remove the infection, It still dwells on my machine.

    I am frustrated and would greatly appreciate some help. Logs are as follows:

    Malwarebytes Anti-Malware 1.62.0.1300
    www.malwarebytes.org

    Database version: v2012.07.12.08

    Windows Vista Service Pack 2 x86 NTFS
    Internet Explorer 9.0.8112.16421
    The Man :: THEMAN [administrator]

    7/13/2012 1:49:48 PM
    mbam-log-2012-07-13 (13-49-48).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 268504
    Time elapsed: 5 minute(s), 43 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Regedit32 (Trojan.Agent) -> Data: C:\Windows\system32\regedit.exe -> Quarantined and deleted successfully.

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 2
    C:\Windows\Installer\{0b1584b4-677e-80a2-0359-20e052729584}\U\00000001.@ (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{0b1584b4-677e-80a2-0359-20e052729584}\U\800000cb.@ (Rootkit.0Access) -> Quarantined and deleted successfully.

    (end)
    ____________________________________________________
    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2012-07-13 13:59:36
    Windows 6.0.6002 Service Pack 2
    Running: gnecouhf.exe


    ---- Services - GMER 1.0.15 ----

    Service C:\SystemRoot\System32\Drivers\2b166bab857722d2.sys (*** hidden *** ) [BOOT] 2b166bab857722d2 <-- ROOTKIT !!!

    ---- EOF - GMER 1.0.15 ----
    _____________________________________________________
    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_33
    Run by The Man at 14:00:47 on 2012-07-13
    Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.3070.1673 [GMT -5:00]
    .
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
    C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\Windows\system32\PnkBstrA.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\Wacom_Tablet.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\DRIVERS\xaudio.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\SYSTEM32\WISPTIS.EXE
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\SYSTEM32\WISPTIS.EXE
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\WTablet\Wacom_TabletUser.exe
    C:\Windows\system32\Wacom_Tablet.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
    C:\Program Files\Razer\Copperhead\razerhid.exe
    C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\DNA\btdna.exe
    C:\Users\The Man\0i763f66bz.exe
    C:\Users\The Man\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Razer\Copperhead\razerofa.exe
    C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\conime.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
    uURLSearchHooks: H - No File
    mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
    BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
    TB: {00000000-0000-0000-0000-000000000000} - No File
    TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
    TB: {1392B8D2-5C05-419F-A8F6-B9F15A596612} - No File
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"
    uRun: [igndlm.exe] c:\program files\download manager\DLM.exe /windowsstart /startifwork
    uRun: [Google Update] "c:\users\the man\appdata\local\google\update\GoogleUpdate.exe" /c
    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
    uRun: [0i763f66bz] c:\users\the man\0i763f66bz.exe
    uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockw~1\SWHELP~1.EXE -Update -1103471 -"Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.6) Gecko/2009011913 Firefox/3.0.6" -"http://owl.cengage.com/owl-c/quiz_e...49&Session=80&Module=48185&TsActn=12343197760"
    mRun: [RtHDVCpl] RtHDVCpl.exe
    mRun: [ATT-SST_McciTrayApp] "c:\program files\att-sst\McciTrayApp.exe"
    mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
    mRun: [ATT-SST_UninstallTracking] c:\users\theman~1\appdata\local\temp\InstallHelper.exe /uninstalltrackingvendor=ATT-SST
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [Copperhead] c:\program files\razer\copperhead\razerhid.exe
    mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
    mRun: [LogMeIn Hamachi Ui] "c:\program files\logmein hamachi\hamachi-2-ui.exe" --auto-start
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
    mRun: [Regedit32] c:\windows\system32\regedit.exe
    mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "c:\programdata\malwarebytes\malwarebytes' anti-malware\cleanup.dll",ProcessCleanupScript
    StartupFolder: c:\users\theman~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\the man\appdata\roaming\dropbox\bin\Dropbox.exe
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: {E59EB121-F339-4851-A3BA-FE49C35617C2} - c:\program files\icq6.5\ICQ.exe
    Trusted Zone: motive.com\patttbc.att
    DPF: {2B658B62-1B6F-4CFF-8A7C-225B7BB15336} - hxxp://www.dotbook.jp/crochet/download/T-TimeCrochet.cab
    DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.2.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
    DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} - hxxp://support.gateway.com/support/serialharvest/gwCID.CAB
    DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
    TCP: Interfaces\{C1A96CA6-645E-49A0-BC78-54D4CDC5D9FB} : DhcpNameServer = 75.75.75.75 75.75.76.76
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\the man\appdata\roaming\mozilla\firefox\profiles\2jofzfx4.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us&tb_uuid=100000000000000002&tb_oid=05-05-2010&tb_mrud=05-05-2010
    FF - prefs.js: browser.startup.homepage - www.google.com
    FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\battlelog web plugins\1.116.0\npesnlaunch.dll
    FF - plugin: c:\program files\battlelog web plugins\1.118.0\npesnlaunch.dll
    FF - plugin: c:\program files\battlelog web plugins\sonar\0.70.4\npesnsonar.dll
    FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
    FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
    FF - plugin: c:\program files\download manager\npfpdlm.dll
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
    FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
    FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
    FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
    FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
    FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll
    FF - plugin: c:\users\the man\appdata\local\google\update\1.3.21.115\npGoogleUpdate3.dll
    FF - plugin: c:\users\the man\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
    FF - plugin: c:\users\the man\appdata\roaming\mozilla\plugins\npgoogletalk.dll
    FF - plugin: c:\users\the man\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_265.dll
    FF - plugin: c:\windows\system32\npdeployJava1.dll
    FF - plugin: c:\windows\system32\npmproxy.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
    FF - user.js: browser.sessionstore.resume_from_crash - false
    FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
    ============= SERVICES / DRIVERS ===============
    .
    R2 DAZContentManagementService;DAZ Content Management Service;c:\program files\daz 3d\content management service\ContentManagementServer.exe [2011-12-4 18432]
    R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2011-10-27 21504]
    R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\logmein hamachi\hamachi-2.exe [2012-6-27 1385896]
    R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia update core\daemonu.exe [2012-2-24 2348352]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2012-2-9 382272]
    R2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [2011-12-17 2789672]
    R2 UMVPFSrv;UMVPFSrv;c:\program files\common files\logishrd\lvmvfm\UMVPFSrv.exe [2011-8-19 450848]
    R3 UsbFltr;Razer Copperhead Driver;c:\windows\system32\drivers\copperhd.sys [2012-5-20 11596]
    R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2011-12-17 15656]
    S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-7-13 721000]
    S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-7-13 353688]
    S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-7-13 21256]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-7-13 57656]
    S2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-7-13 44808]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-6-30 116648]
    S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-6-5 160944]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-6 250056]
    S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\electronic arts\dragon age\bin_ship\daupdatersvc.service.exe [2011-2-24 25832]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-6-30 116648]
    S3 LachesisFltr;Lachesis Mouse Driver;c:\windows\system32\drivers\Lachesis.sys [2008-7-22 12032]
    S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2010-4-6 33792]
    S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\drivers\MijXfilt.sys [2011-10-15 97552]
    S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-24 113120]
    S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-1-25 42000]
    S3 TarFltr;Razer Tarantula USB Keyboard;c:\windows\system32\drivers\UsbFltr.sys [2007-4-11 45440]
    S3 uxldipoc;uxldipoc;c:\users\theman~1\appdata\local\temp\uxldipoc.sys [2012-7-13 100864]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    .
    =============== Created Last 30 ================
    .
    2012-07-13 18:55:49 54016 ----a-w- c:\windows\system32\drivers\wlxllud.sys
    2012-07-13 18:47:23 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2012-07-13 18:47:23 57656 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2012-07-13 18:47:07 41224 ----a-w- c:\windows\avastSS.scr
    2012-07-13 18:46:23 -------- d-----w- c:\programdata\AVAST Software
    2012-07-13 18:46:23 -------- d-----w- c:\program files\AVAST Software
    2012-07-12 16:33:14 476936 ----a-w- c:\windows\system32\npdeployJava1.dll
    2012-07-11 13:30:33 -------- d-----w- c:\program files\LogMeIn Hamachi
    2012-06-27 22:45:40 -------- d-----w- c:\users\the man\appdata\local\DDMSettings
    2012-06-27 22:43:20 -------- d-----w- c:\program files\common files\DivX Shared
    2012-06-27 22:33:14 -------- d-----w- c:\programdata\DivX
    2012-06-27 16:27:51 -------- d-----w- c:\program files\Guild Wars 2
    2012-06-23 01:49:37 -------- d-----w- c:\programdata\BioWare
    2012-06-23 01:49:02 -------- d-----w- c:\users\the man\appdata\local\EA Core
    2012-06-22 21:11:14 -------- d-----w- c:\program files\common files\BioWare
    2012-06-20 20:20:08 -------- d-----w- c:\program files\Dropbox
    2012-06-18 17:08:29 -------- d-----w- c:\users\the man\appdata\local\Macromedia
    2012-06-18 17:08:08 770384 ----a-w- c:\program files\mozilla firefox\msvcr100.dll
    2012-06-18 17:08:08 421200 ----a-w- c:\program files\mozilla firefox\msvcp100.dll
    .
    ==================== Find3M ====================
    .
    2012-07-12 17:06:06 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-07-12 17:06:06 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-07-12 16:33:04 472840 ----a-w- c:\windows\system32\deployJava1.dll
    2012-07-03 18:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-05-14 07:44:16 140800 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
    2012-05-14 07:44:07 283304 ----a-w- c:\windows\system32\PnkBstrB.xtr
    2012-05-14 07:44:07 283304 ----a-w- c:\windows\system32\PnkBstrB.exe
    2012-05-14 07:43:56 280904 ----a-w- c:\windows\system32\PnkBstrB.ex0
    .
    ============= FINISH: 14:01:22.65 ===============
    ______________________________________________________________
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft® Windows Vista™ Ultimate
    Boot Device: \Device\HarddiskVolume1
    Install Date: 5/7/2005 10:24:05 AM
    System Uptime: 7/13/2012 1:30:02 PM (1 hours ago)
    .
    Motherboard: ECS | | MCP61PM-GM
    Processor: AMD Phenom(tm) 9600 Quad-Core Processor | Socket AM2 | 2300/1mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 430 GiB total, 66.642 GiB free.
    D: is CDROM ()
    F: is FIXED (FAT32) - 298 GiB total, 34.335 GiB free.
    G: is FIXED (FAT32) - 56 GiB total, 11.509 GiB free.
    H: is Removable
    I: is Removable
    J: is Removable
    L: is FIXED (NTFS) - 35 GiB total, 35.409 GiB free.
    N: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID:
    Description: Multimedia Video Controller
    Device ID: PCI\VEN_14F1&DEV_8880&SUBSYS_D4391461&REV_0F\4&30CC26D1&0&0060
    Manufacturer:
    Name: Multimedia Video Controller
    PNP Device ID: PCI\VEN_14F1&DEV_8880&SUBSYS_D4391461&REV_0F\4&30CC26D1&0&0060
    Service:
    .
    Class GUID: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
    Description:
    Device ID: ROOT\HIDCLASS\0001
    Manufacturer: Wacom
    Name:
    PNP Device ID: ROOT\HIDCLASS\0001
    Service:
    .
    Class GUID: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
    Description:
    Device ID: ROOT\HIDCLASS\0003
    Manufacturer: Wacom
    Name:
    PNP Device ID: ROOT\HIDCLASS\0003
    Service:
    .
    ==== System Restore Points ===================
    .
    .
    ==== Installed Programs ======================
    .
    Acrobat.com
    Adobe AIR
    Adobe Anchor Service CS3
    Adobe Anchor Service CS4
    Adobe Asset Services CS3
    Adobe Bridge CS3
    Adobe Bridge CS4
    Adobe Bridge Start Meeting
    Adobe Camera Raw 4.0
    Adobe CMaps CS4
    Adobe Color - Photoshop Specific
    Adobe Color EU Extra Settings CS4
    Adobe Color JA Extra Settings CS4
    Adobe Color NA Recommended Settings CS4
    Adobe CSI CS4
    Adobe Default Language CS4
    Adobe Device Central CS3
    Adobe ExtendScript Toolkit 2
    Adobe ExtendScript Toolkit CS4
    Adobe Extension Manager CS4
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Fonts All
    Adobe Help Viewer CS3
    Adobe Illustrator CS4
    Adobe Linguistics CS3
    Adobe Linguistics CS4
    Adobe Output Module
    Adobe PDF Library Files CS4
    Adobe Photoshop CS3
    Adobe Reader 9.5.1
    Adobe Search for Help
    Adobe Service Manager Extension
    Adobe Setup
    Adobe Shockwave Player
    Adobe Stock Photos CS3
    Adobe Type Support CS4
    Adobe Update Manager CS3
    Adobe Update Manager CS4
    Adobe Version Cue CS3 Client
    Adobe WinSoft Linguistics Plugin
    Adobe XMP Panels CS3
    Adobe XMP Panels CS4
    AdobeColorCommonSetCMYK
    AdobeColorCommonSetRGB
    Adventure Game Studio 3.1.2 SP1
    AIM 7
    Alien Swarm
    Alien Swarm - SDK
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    avast! Free Antivirus
    Battlefield 2(TM)
    Battlefield 3™
    Battlelog Web Plugins
    BioShock 2
    BitTorrent
    Blender (remove only)
    Blender NIF Scripts (remove only)
    Bonjour
    Brawl Busters
    Call of Duty(R) - World at War(TM) 1.1 Patch
    Call of Duty(R) - World at War(TM) 1.2 Patch
    Call of Duty(R) - World at War(TM) 1.4 Patch
    Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
    Camtasia Studio 7
    Canon iP6700D
    Canon ScanGear Starter
    Canon Utilities Easy-PhotoPrint
    CanoScan Toolbox Ver4.9
    CDisplay 1.8
    Cheat Engine 6.1
    Combined Community Codec Pack 2008-09-21 16:18
    Connect
    Creation Kit
    Crysis(R)
    Crystal Player Professional 1.98
    DAZ Content Management Service
    DAZ Studio 4
    Dead Space 2
    Debut Video Capture Software
    Digsby
    DivX Setup
    DNA
    Download Manager 2.3.7
    Download Updater (AOL LLC)
    Dragon Age: Origins
    DriveImage XML
    Dropbox
    DS4 Default Content
    DVD Decrypter (Remove Only)
    EA Installer
    EA Shared Game Component: Activation
    EasyBCD 1.7.2
    ESN Sonar
    Fallout 3
    Fallout 3 - The Garden of Eden Creation Kit
    FastStone Image Viewer 4.2
    ffvfw (uninstall only)
    FileZilla Client 3.3.0.1
    FLV Player 2.0 (build 25)
    Fraps (remove only)
    Freecorder 5
    FreeFixer
    Frozen Synapse
    Garry's Mod
    Google Chrome
    Google Earth
    Google Talk Plugin
    Google Update Helper
    GraphicsGale FreeEdition version 1.93.16
    GraphicsGale version 1.93
    Guild Wars
    Guild Wars 2
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    ICQ6.5
    Indeo® software
    iTunes
    Japanese Fonts Support For Adobe Reader 9
    Java Auto Updater
    Java DB 10.6.2.1
    Java(TM) 6 Update 22
    Java(TM) 6 Update 33
    Java(TM) 6 Update 7
    Java(TM) SE Development Kit 6 Update 24
    Java(TM) SE Runtime Environment 6
    join.me
    kuler
    Livestream Procaster
    Logitech Updater
    Logitech Webcam Software
    Logitech Webcam Software Driver Package
    LogMeIn Hamachi
    Malwarebytes Anti-Malware version 1.62.0.1300
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Games for Windows - LIVE
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft Silverlight
    Microsoft VC9 runtime libraries
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft XNA Framework Redistributable 3.1
    Microsoft XNA Framework Redistributable 4.0
    MotioninJoy ds3 driver version 0.6.0004
    Move Networks Media Player for Internet Explorer
    Mozilla Firefox 13.0.1 (x86 en-US)
    Mozilla Maintenance Service
    Mozilla Thunderbird 13.0.1 (x86 en-US)
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MuckClient
    NCH Toolbox
    Notepad++
    NVIDIA 3D Vision Controller Driver
    NVIDIA 3D Vision Controller Driver 295.73
    NVIDIA 3D Vision Driver 295.73
    NVIDIA Control Panel 295.73
    NVIDIA Drivers
    NVIDIA Graphics Driver 295.73
    NVIDIA Install Application
    NVIDIA PhysX
    NVIDIA PhysX System Software 9.12.0209
    NVIDIA Stereoscopic 3D Driver
    NVIDIA Update 1.7.11
    NVIDIA Update Components
    OEM Logo and Information
    OpenAL
    openCanvas4.5e Plus
    OpenOffice.org 3.3
    Origin
    PCSX2 - Playstation 2 Emulator
    PDF Settings CS4
    Photoshop Camera Raw
    PunkBuster Services
    PyFFI 2.1.10
    Python 2.6 PyFFI-2.1.10
    Python 2.6.6
    QuickTime
    Razer Copperhead
    Realtek High Definition Audio Driver
    Revo Uninstaller 1.93
    Sanctum
    SecondLifeViewer (remove only)
    Security Update for CAPICOM (KB931906)
    Skulltag
    Skype™ 5.9
    SMPlayer 0.6.7
    Soft Data Fax Modem with SmartCP
    Source SDK
    Source SDK Base - Orange Box
    StarCraft II
    Steam
    Suite Shared Configuration CS4
    Synergy
    TeamSpeak 2 RC2
    TechArts 3D Custom Girl XPr1
    Terraria
    The Elder Scrolls V: Skyrim
    TightVNC 1.3.9
    Tom Clancy's Splinter Cell: Conviction
    Trillian
    Trine
    Trine 2
    Ubisoft Game Launcher
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    VC80CRTRedist - 8.0.50727.6195
    Ventrilo Client
    Ventrilo Server
    VLC media player 1.1.10
    VTFEdit 1.2.5
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Messenger
    Windows Live Upload Tool
    Windows Media Player Firefox Plugin
    WinPcap 4.0
    WinRAR archiver
    WM Recorder 11.2
    Wolfenstein(TM) 1.1 Patch
    Xilisoft Video Converter Ultimate
    Xvid 1.2.1 final uninstall
    Yahoo! Messenger
    .
    ==== Event Viewer Messages From Past Week ========
    .
    7/9/2012 10:44:42 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.101 for the Network Card with network address 001E900B7BE9 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
    7/13/2012 8:49:27 AM, Error: Service Control Manager [7034] - The Interactive Services Detection service terminated unexpectedly. It has done this 1 time(s).
    7/13/2012 8:46:25 AM, Error: Service Control Manager [7034] - The DAZ Content Management Service service terminated unexpectedly. It has done this 1 time(s).
    7/13/2012 1:56:32 PM, Error: Service Control Manager [7000] - The uxldipoc service failed to start due to the following error: A device attached to the system is not functioning.
    7/13/2012 1:49:42 PM, Error: Service Control Manager [7000] - The MBAMSwissArmy service failed to start due to the following error: A device attached to the system is not functioning.
    7/13/2012 1:47:28 PM, Error: Service Control Manager [7001] - The avast! Antivirus service depends on the aswMonFlt service which failed to start because of the following error: A device attached to the system is not functioning.
    7/13/2012 1:47:28 PM, Error: Service Control Manager [7000] - The avast! Network Shield Support service failed to start due to the following error: A device attached to the system is not functioning.
    7/13/2012 1:47:28 PM, Error: Service Control Manager [7000] - The aswSP service failed to start due to the following error: A device attached to the system is not functioning.
    7/13/2012 1:47:28 PM, Error: Service Control Manager [7000] - The aswSnx service failed to start due to the following error: A device attached to the system is not functioning.
    7/13/2012 1:47:28 PM, Error: Service Control Manager [7000] - The aswMonFlt service failed to start due to the following error: A device attached to the system is not functioning.
    7/13/2012 1:47:28 PM, Error: Service Control Manager [7000] - The aswFsBlk service failed to start due to the following error: A device attached to the system is not functioning.
    7/13/2012 1:33:13 PM, Error: Microsoft-Windows-WMPNSS-Service [14325] - Service 'WMPNetworkSvc' did not start correctly because QueryService encountered error '0x80070424'. In Windows Media Player, turn off media sharing, and then turn it back on.
    7/13/2012 1:32:02 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: kohvmykv sptd svbfory
    7/13/2012 1:32:02 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
    7/13/2012 1:32:02 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
    7/13/2012 1:32:02 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
    7/13/2012 1:13:22 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    7/13/2012 1:13:22 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    7/13/2012 1:13:21 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    7/13/2012 1:13:11 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC kohvmykv NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr sptd svbfory tdx Wanarpv6
    7/13/2012 1:13:11 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    7/13/2012 1:13:11 PM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    7/13/2012 1:13:11 PM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
    7/13/2012 1:13:11 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    7/13/2012 1:13:11 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    7/13/2012 1:13:11 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    7/13/2012 1:13:11 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    7/13/2012 1:13:11 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
    7/13/2012 1:13:11 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    7/13/2012 1:13:11 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    7/13/2012 1:13:11 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    7/13/2012 1:13:11 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    7/13/2012 1:12:46 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    7/13/2012 1:12:46 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    7/13/2012 1:12:46 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
    7/13/2012 1:12:43 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    7/13/2012 1:12:35 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    7/11/2012 8:32:05 AM, Error: Service Control Manager [7030] - The LogMeIn Hamachi Tunneling Engine service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    7/11/2012 8:32:05 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: kohvmykv svbfory
    7/11/2012 8:32:05 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the LogMeIn Hamachi Tunneling Engine service to connect.
    7/11/2012 8:32:05 AM, Error: Service Control Manager [7000] - The LogMeIn Hamachi Tunneling Engine service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    .
    ==== End Of File ===========================
     
  2. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ===========================================

    For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
    For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.

    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.

    On the System Recovery Options menu you will get the following options:

      • Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
     
  3. CplKerberos

    CplKerberos TS Rookie Topic Starter

    I followed your instructions to the letter. Everything ran just fine and the computer restarted into Windows Vista normally. I verified the log for FRST was created successfully and it was. I shut down my machine and came back later to discover that my old dual boot of Windows XP came back to bite me. The OS was removed from my machine and never caused an issue up until this point but upon starting my machine I was greeted with a brief flash showcasing "invalid boot.ini". Obviously this has caused me some concern and has prevented me from starting the machine normally.

    Regardless, here is the log file from FRST:

    Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 13-07-2012
    Ran by SYSTEM at 14-07-2012 01:24:17
    Running from H:\
    Windows Vista (TM) Ultimate (X86) OS Language: English(US)
    The current controlset is ControlSet004

    ========================== Registry (Whitelisted) =============

    HKLM\...\Run: [RtHDVCpl] RtHDVCpl.exe [x]
    HKLM\...\Run: [ATT-SST_McciTrayApp] "C:\Program Files\ATT-SST\McciTrayApp.exe" [x]
    HKLM\...\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin [611712 2008-08-14] (Adobe Systems Incorporated)
    HKLM\...\Run: [ATT-SST_UninstallTracking] C:\Users\THEMAN~1\AppData\Local\Temp\InstallHelper.exe /uninstalltrackingvendor=ATT-SST [x]
    HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2011-07-05] (Apple Inc.)
    HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-09-27] (Apple Inc.)
    HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421736 2011-10-09] (Apple Inc.)
    HKLM\...\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide [2793304 2009-10-14] ()
    HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2012-03-27] (Adobe Systems Incorporated)
    HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
    HKLM\...\Run: [Copperhead] C:\Program Files\Razer\Copperhead\razerhid.exe [155648 2005-11-25] ()
    HKLM\...\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1259376 2011-07-28] ()
    HKLM\...\Run: [LogMeIn Hamachi Ui] "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start [1996200 2012-06-27] (LogMeIn Inc.)
    HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
    HKLM\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4273976 2012-07-03] (AVAST Software)
    HKLM\...\Run: [Regedit32] C:\Windows\system32\regedit.exe [x]
    HKU\Guest\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2011-07-05] (Apple Inc.)
    HKU\The Man\...\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe" [323392 2009-11-06] (BitTorrent, Inc.)
    HKU\The Man\...\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork [1103216 2009-05-14] (IGN Entertainment)
    HKU\The Man\...\Run: [Google Update] "C:\Users\The Man\AppData\Local\Google\Update\GoogleUpdate.exe" /c [135664 2010-01-20] (Google Inc.)
    HKU\The Man\...\Run: [0i763f66bz] C:\Users\The Man\0i763f66bz.exe [38400 2012-07-09] (DeLOCK)
    Startup: C:\Users\The Man\Start Menu\Programs\Startup\Dropbox.lnk
    ShortcutTarget: Dropbox.lnk -> (No File)

    ================================ Services (Whitelisted) ==================

    2 avast! Antivirus; "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" [44808 2012-07-03] (AVAST Software)
    3 DAUpdaterSvc; C:\Program Files\Electronic Arts\Dragon Age\\bin_ship\DAUpdaterSvc.Service.exe [25832 2011-02-23] (BioWare)
    2 DAZContentManagementService; "C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe" [18432 2011-05-05] ()
    2 Eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [21504 2008-01-18] (Microsoft Corporation)
    2 Hamachi2Svc; "C:\Program Files\LogMeIn Hamachi\hamachi-2.exe" -s [1385896 2012-06-27] (LogMeIn Inc.)
    2 nvUpdatusService; C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2348352 2012-02-09] (NVIDIA Corporation)
    2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76888 2012-02-29] ()
    2 SkypeUpdate; "C:\Program Files\Skype\Updater\Updater.exe" [160944 2012-06-05] (Skype Technologies)
    2 Stereo Service; C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [382272 2012-02-09] (NVIDIA Corporation)
    2 TabletServiceWacom; C:\Windows\system32\Wacom_Tablet.exe [2789672 2009-03-26] (Wacom Technology, Corp.)
    2 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [450848 2011-08-19] (Logitech Inc.)
    2 RoxLiveShare9; "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe" [x]
    3 rpcapd; "C:\Program Files\WinPcap\rpcapd.exe" -d -f "C:\Program Files\WinPcap\rpcapd.ini" [x]

    ========================== Drivers (Whitelisted) =============

    0 2b166bab857722d2; C:\Windows\System32\Drivers\2b166bab857722d2.sys [69968 2012-07-11] ()
    3 2WIREPCP; C:\Windows\System32\DRIVERS\2WirePCP.sys [68672 2002-11-14] (2Wire, Inc.)
    2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [21256 2012-07-03] (AVAST Software)
    2 aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [57656 2012-07-03] (AVAST Software)
    1 AswRdr; C:\Windows\System32\Drivers\AswRdr.sys [35928 2012-07-03] (AVAST Software)
    1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [721000 2012-07-03] (AVAST Software)
    1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [353688 2012-07-03] (AVAST Software)
    1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [54232 2012-07-03] (AVAST Software)
    3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
    3 LachesisFltr; C:\Windows\System32\drivers\Lachesis.sys [12032 2007-08-08] (Razer (Asia-Pacific) Pte Ltd)
    3 libusb0; C:\Windows\System32\drivers\libusb0.sys [33792 2005-03-09] ()
    3 LVPr2Mon; C:\Windows\System32\Drivers\LVPr2Mon.sys [25752 2009-10-06] ()
    3 LVUSBSta; C:\Windows\System32\drivers\LVUSBSta.sys [41752 2008-07-26] (Logitech Inc.)
    3 MotioninJoyXFilter; C:\Windows\System32\DRIVERS\MijXfilt.sys [97552 2011-08-29] (MotioninJoy)
    3 NPF; C:\Windows\System32\drivers\npf.sys [42000 2007-01-25] (CACE Technologies)
    3 NVNET; C:\Windows\System32\DRIVERS\nvmfdx32.sys [292712 2010-08-12] (NVIDIA Corporation)
    0 sptd; C:\Windows\System32\Drivers\sptd.sys [717296 2008-08-17] (Duplex Secure Ltd.)
    3 TarFltr; C:\Windows\System32\Drivers\UsbFltr.sys [45440 2007-04-11] (Razer USA Ltd.)
    3 UsbFltr; C:\Windows\System32\drivers\copperhd.sys [11596 2005-11-02] (Razer (Asia-Pacific) Pte Ltd)
    3 xusb21; C:\Windows\System32\DRIVERS\xusb21.sys [61984 2010-08-19] (Microsoft Corporation)
    4 blbdrive; C:\Windows\system32\drivers\blbdrive.sys [x]
    3 EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys [x]
    3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
    0 kohvmykv; C:\Windows\System32\drivers\xdjdc.sys [x]
    3 ManyCam; C:\Windows\System32\DRIVERS\ManyCam.sys [x]
    3 MREMP50; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [x]
    3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [x]
    3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [x]
    3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [x]
    3 MRESP50; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [x]
    3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [x]
    3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
    3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]
    3 RimUsb; C:\Windows\System32\Drivers\RimUsb.sys [x]
    0 svbfory; C:\Windows\System32\drivers\jnfctl.sys [x]
    3 XDva394; \??\C:\Windows\system32\XDva394.sys [x]
    3 XPADFL02; C:\Windows\System32\DRIVERS\xpadfl02.sys [x]

    ========================== NetSvcs (Whitelisted) ===========


    ============ One Month Created Files and Folders ==============

    2012-07-14 00:59 - 2012-07-14 00:59 - 00000000 ____D C:\FRST
    2012-07-13 21:40 - 2012-07-13 21:40 - 00890970 ____A (Farbar) C:\Users\The Man\Desktop\FRST.exe
    2012-07-13 11:05 - 2012-07-13 11:05 - 00016628 ____A C:\Users\The Man\Desktop\Attach.txt
    2012-07-13 11:02 - 2012-07-13 11:02 - 00017311 ____A C:\Users\The Man\Desktop\DDS.txt
    2012-07-13 10:59 - 2012-07-13 10:59 - 00000332 ____A C:\Users\The Man\Desktop\GMer.log
    2012-07-13 10:53 - 2012-07-13 10:53 - 00607260 ___RA (Swearware) C:\Users\The Man\Desktop\dds.scr
    2012-07-13 10:51 - 2012-07-13 10:52 - 35691608 ____A (COMODO) C:\Users\The Man\Desktop\cispremium_installer_x86.exe
    2012-07-13 10:47 - 2012-07-13 10:47 - 00302592 ____A C:\Users\The Man\Desktop\gnecouhf.exe
    2012-07-13 10:47 - 2012-07-13 10:47 - 00001829 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    2012-07-13 10:47 - 2012-07-03 08:21 - 00721000 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
    2012-07-13 10:47 - 2012-07-03 08:21 - 00353688 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
    2012-07-13 10:47 - 2012-07-03 08:21 - 00227648 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
    2012-07-13 10:47 - 2012-07-03 08:21 - 00057656 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
    2012-07-13 10:47 - 2012-07-03 08:21 - 00054232 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
    2012-07-13 10:47 - 2012-07-03 08:21 - 00041224 ____A (AVAST Software) C:\Windows\avastSS.scr
    2012-07-13 10:47 - 2012-07-03 08:21 - 00035928 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr.sys
    2012-07-13 10:47 - 2012-07-03 08:21 - 00021256 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
    2012-07-13 10:46 - 2012-07-13 10:46 - 00000000 ____D C:\Users\All Users\AVAST Software
    2012-07-13 10:46 - 2012-07-13 10:46 - 00000000 ____D C:\Program Files\AVAST Software
    2012-07-13 10:42 - 2012-07-13 10:43 - 89340632 ____A C:\Users\The Man\Desktop\avast_free_antivirus_setup.exe
    2012-07-12 08:33 - 2012-07-12 08:33 - 00476936 ____A (Sun Microsystems, Inc.) C:\Windows\System32\npdeployJava1.dll
    2012-07-12 08:31 - 2012-07-12 08:31 - 00000000 ____D C:\Users\All Users\McAfee
    2012-07-11 09:23 - 2012-07-11 09:23 - 00069968 ____A C:\Windows\System32\Drivers\2b166bab857722d2.sys
    2012-07-11 05:30 - 2012-07-11 05:30 - 00000000 ____D C:\Program Files\LogMeIn Hamachi
    2012-07-09 18:24 - 2012-07-09 18:24 - 00038400 ____A (DeLOCK) C:\Users\The Man\0i763f66bz.exe
    2012-06-30 14:42 - 2012-06-30 14:42 - 00002073 ____A C:\Users\Public\Desktop\Google Earth.lnk
    2012-06-30 14:41 - 2012-07-13 22:03 - 00000884 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2012-06-30 14:41 - 2012-07-13 21:51 - 00000888 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2012-06-27 14:45 - 2012-06-27 14:45 - 00000000 ____D C:\Users\The Man\AppData\Local\DDMSettings
    2012-06-27 14:43 - 2012-06-27 14:43 - 00000000 ____D C:\Program Files\Common Files\DivX Shared
    2012-06-27 14:33 - 2012-06-27 14:45 - 00000000 ____D C:\Users\All Users\DivX
    2012-06-27 14:33 - 2012-06-27 14:33 - 00933256 ____A (DivX, LLC) C:\Users\The Man\Downloads\DivXWebPlayerInstaller.exe
    2012-06-27 08:27 - 2012-06-27 10:26 - 00000000 ____D C:\Program Files\Guild Wars 2
    2012-06-27 08:27 - 2012-06-27 08:27 - 00000741 ____A C:\Users\Public\Desktop\Guild Wars 2.lnk
    2012-06-22 17:49 - 2012-06-22 17:49 - 00000000 ____D C:\Users\The Man\AppData\Local\EA Core
    2012-06-22 17:49 - 2012-06-22 17:49 - 00000000 ____D C:\Users\All Users\BioWare
    2012-06-22 17:47 - 2012-06-22 17:47 - 00000000 ____D C:\Users\The Man\Documents\BioWare
    2012-06-22 13:12 - 2012-06-22 13:12 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
    2012-06-22 13:12 - 2012-06-22 13:12 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
    2012-06-22 13:12 - 2012-06-22 13:12 - 00000000 ____D C:\Program Files\Common Files\Adobe AIR
    2012-06-22 13:11 - 2012-06-22 13:11 - 00000000 ____D C:\Program Files\Common Files\BioWare
    2012-06-20 12:20 - 2012-06-20 12:20 - 00000000 ____D C:\Program Files\Dropbox
    2012-06-18 09:08 - 2012-06-18 09:08 - 00000000 ____D C:\Users\The Man\AppData\Local\Macromedia
    2012-06-18 09:02 - 2012-07-13 22:06 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

    ============ 3 Months Modified Files ========================

    2012-07-13 22:19 - 2006-11-02 05:00 - 00032610 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2012-07-13 22:19 - 2006-11-02 05:00 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-07-13 22:19 - 2006-11-02 04:46 - 00006896 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    2012-07-13 22:19 - 2006-11-02 04:46 - 00006896 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    2012-07-13 22:16 - 2010-01-20 07:38 - 00000916 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1418986884-3954040137-1992069185-1000UA.job
    2012-07-13 22:16 - 2008-06-19 09:53 - 00224256 ____A C:\Users\The Man\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2012-07-13 22:14 - 2008-07-08 18:52 - 00000422 ___AH C:\Windows\Tasks\User_Feed_Synchronization-{906C7088-80A5-4AAB-AC2A-94D7CBA20F8B}.job
    2012-07-13 22:10 - 2006-11-02 02:33 - 00774818 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-07-13 22:06 - 2012-06-18 09:02 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2012-07-13 22:03 - 2012-06-30 14:41 - 00000884 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2012-07-13 22:02 - 2006-11-02 04:59 - 00271720 ____A C:\Windows\PFRO.log
    2012-07-13 21:51 - 2012-06-30 14:41 - 00000888 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2012-07-13 21:40 - 2012-07-13 21:40 - 00890970 ____A (Farbar) C:\Users\The Man\Desktop\FRST.exe
    2012-07-13 20:16 - 2010-01-20 07:38 - 00000864 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1418986884-3954040137-1992069185-1000Core.job
    2012-07-13 11:57 - 2011-11-04 09:35 - 00002377 ____A C:\Users\Public\Desktop\Skype.lnk
    2012-07-13 11:05 - 2012-07-13 11:05 - 00016628 ____A C:\Users\The Man\Desktop\Attach.txt
    2012-07-13 11:02 - 2012-07-13 11:02 - 00017311 ____A C:\Users\The Man\Desktop\DDS.txt
    2012-07-13 10:59 - 2012-07-13 10:59 - 00000332 ____A C:\Users\The Man\Desktop\GMer.log
    2012-07-13 10:53 - 2012-07-13 10:53 - 00607260 ___RA (Swearware) C:\Users\The Man\Desktop\dds.scr
    2012-07-13 10:52 - 2012-07-13 10:51 - 35691608 ____A (COMODO) C:\Users\The Man\Desktop\cispremium_installer_x86.exe
    2012-07-13 10:47 - 2012-07-13 10:47 - 00302592 ____A C:\Users\The Man\Desktop\gnecouhf.exe
    2012-07-13 10:47 - 2012-07-13 10:47 - 00001829 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    2012-07-13 10:47 - 2006-11-02 02:23 - 00002577 ____A C:\Windows\System32\config.nt
    2012-07-13 10:43 - 2012-07-13 10:42 - 89340632 ____A C:\Users\The Man\Desktop\avast_free_antivirus_setup.exe
    2012-07-12 09:06 - 2012-04-06 08:27 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
    2012-07-12 09:06 - 2011-05-26 09:51 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
    2012-07-12 08:33 - 2012-07-12 08:33 - 00476936 ____A (Sun Microsystems, Inc.) C:\Windows\System32\npdeployJava1.dll
    2012-07-12 08:33 - 2012-02-25 12:06 - 00157448 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaws.exe
    2012-07-12 08:33 - 2012-02-25 12:06 - 00149256 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaw.exe
    2012-07-12 08:33 - 2012-02-25 12:06 - 00149256 ____A (Sun Microsystems, Inc.) C:\Windows\System32\java.exe
    2012-07-12 08:33 - 2010-09-11 10:57 - 00472840 ____A (Sun Microsystems, Inc.) C:\Windows\System32\deployJava1.dll
    2012-07-11 16:18 - 2010-01-20 07:39 - 00002052 ____A C:\Users\The Man\Desktop\Google Chrome.lnk
    2012-07-11 09:23 - 2012-07-11 09:23 - 00069968 ____A C:\Windows\System32\Drivers\2b166bab857722d2.sys
    2012-07-09 18:25 - 2006-11-02 04:51 - 01313072 ____A C:\Windows\WindowsUpdate.log
    2012-07-09 18:24 - 2012-07-09 18:24 - 00038400 ____A (DeLOCK) C:\Users\The Man\0i763f66bz.exe
    2012-07-03 10:46 - 2009-12-03 04:35 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-07-03 08:21 - 2012-07-13 10:47 - 00721000 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
    2012-07-03 08:21 - 2012-07-13 10:47 - 00353688 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
    2012-07-03 08:21 - 2012-07-13 10:47 - 00227648 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
    2012-07-03 08:21 - 2012-07-13 10:47 - 00057656 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
    2012-07-03 08:21 - 2012-07-13 10:47 - 00054232 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
    2012-07-03 08:21 - 2012-07-13 10:47 - 00041224 ____A (AVAST Software) C:\Windows\avastSS.scr
    2012-07-03 08:21 - 2012-07-13 10:47 - 00035928 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr.sys
    2012-07-03 08:21 - 2012-07-13 10:47 - 00021256 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
    2012-06-30 14:42 - 2012-06-30 14:42 - 00002073 ____A C:\Users\Public\Desktop\Google Earth.lnk
    2012-06-29 18:11 - 2009-01-29 20:10 - 00000000 ____A C:\Windows\System32\Drivers\lvuvc.hs
    2012-06-27 14:33 - 2012-06-27 14:33 - 00933256 ____A (DivX, LLC) C:\Users\The Man\Downloads\DivXWebPlayerInstaller.exe
    2012-06-27 08:27 - 2012-06-27 08:27 - 00000741 ____A C:\Users\Public\Desktop\Guild Wars 2.lnk
    2012-06-22 13:11 - 2008-07-03 18:50 - 00510438 ____A C:\Windows\DirectX.log
    2012-06-20 12:19 - 2011-12-29 12:31 - 00000925 ____A C:\Users\The Man\Desktop\Dropbox.lnk
    2012-05-26 17:22 - 2006-11-02 04:46 - 02366720 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-05-22 17:23 - 2008-06-18 20:04 - 00059088 ____A C:\Users\The Man\AppData\Local\GDIPFONTCACHEV1.DAT
    2012-05-20 20:00 - 2008-07-22 14:54 - 00045962 ____A C:\Windows\DPINST.LOG
    2012-05-19 12:55 - 2011-05-03 22:18 - 00035559 ____A C:\Windows\setupact.log
    2012-05-19 12:52 - 2006-11-02 02:22 - 44564480 ____A C:\Windows\System32\config\components_previous
    2012-05-19 12:52 - 2006-11-02 02:22 - 39321600 ____A C:\Windows\System32\config\software_previous
    2012-05-19 12:52 - 2006-11-02 02:22 - 35913728 ____A C:\Windows\System32\config\system_previous
    2012-05-19 12:52 - 2006-11-02 02:22 - 00262144 ____A C:\Windows\System32\config\security_previous
    2012-05-19 12:52 - 2006-11-02 02:22 - 00262144 ____A C:\Windows\System32\config\sam_previous
    2012-05-19 12:52 - 2006-11-02 02:22 - 00262144 ____A C:\Windows\System32\config\default_previous
    2012-05-13 23:44 - 2009-04-30 17:47 - 00283304 ____A C:\Windows\System32\PnkBstrB.xtr
    2012-05-13 23:44 - 2008-06-19 20:48 - 00140800 ____A C:\Windows\System32\Drivers\PnkBstrK.sys
    2012-05-13 23:44 - 2008-06-19 20:46 - 00283304 ____A C:\Windows\System32\PnkBstrB.exe
    2012-05-13 23:43 - 2008-06-19 20:46 - 00280904 ____A C:\Windows\System32\PnkBstrB.ex0
    2012-05-12 18:28 - 2012-03-17 10:58 - 00000895 ____A C:\Users\Public\Desktop\Livestream Procaster.lnk
    2012-05-12 17:30 - 2010-07-23 06:09 - 00108772 ___AH C:\Windows\System32\mlfcache.dat
    2012-05-03 16:23 - 2012-05-03 16:23 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_WinUSB_01005.Wdf
    2012-04-27 09:48 - 2010-06-22 08:38 - 00001830 ____A C:\Users\The Man\AppData\Roaming\ImperatorProfile0.dat


    ZeroAccess:
    C:\Windows\Installer\{0b1584b4-677e-80a2-0359-20e052729584}
    C:\Windows\Installer\{0b1584b4-677e-80a2-0359-20e052729584}\@
    C:\Windows\Installer\{0b1584b4-677e-80a2-0359-20e052729584}\L
    C:\Windows\Installer\{0b1584b4-677e-80a2-0359-20e052729584}\U
    C:\Windows\Installer\{0b1584b4-677e-80a2-0359-20e052729584}\U\00000001.@
    C:\Windows\Installer\{0b1584b4-677e-80a2-0359-20e052729584}\U\80000000.@
    C:\Windows\Installer\{0b1584b4-677e-80a2-0359-20e052729584}\U\800000cb.@

    ZeroAccess:
    C:\Users\The Man\AppData\Local\{0b1584b4-677e-80a2-0359-20e052729584}
    C:\Users\The Man\AppData\Local\{0b1584b4-677e-80a2-0359-20e052729584}\@
    C:\Users\The Man\AppData\Local\{0b1584b4-677e-80a2-0359-20e052729584}\L
    C:\Users\The Man\AppData\Local\{0b1584b4-677e-80a2-0359-20e052729584}\U

    ========================= Known DLLs (Whitelisted) ============


    ========================= Bamital & volsnap Check ============

    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe 8737764F4FD36D6808EE80578409C843 ZeroAccess <==== ATTENTION!.
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ========================= Memory info ======================

    Percentage of memory in use: 16%
    Total physical RAM: 3069.88 MB
    Available physical RAM: 2577.72 MB
    Total Pagefile: 2826.52 MB
    Available Pagefile: 2660.29 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1990.35 MB

    ======================= Partitions =========================

    1 Drive c: () (Fixed) (Total:430.26 GB) (Free:72.69 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
    2 Drive d: () (Fixed) (Total:35.5 GB) (Free:35.41 GB) NTFS
    3 Drive e: (VISTA_32_ULTIMATE) (CDROM) (Total:2.86 GB) (Free:0 GB) UDF
    4 Drive f: (My Book) (Fixed) (Total:298.02 GB) (Free:27.9 GB) FAT32
    5 Drive g: (FIRELITE) (Fixed) (Total:55.91 GB) (Free:11.51 GB) FAT32
    6 Drive h: () (Removable) (Total:1.89 GB) (Free:1.89 GB) FAT
    11 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

    Disk ### Status Size Free Dyn Gpt
    -------- ---------- ------- ------- --- ---
    Disk 0 Online 466 GB 1017 KB
    Disk 1 Online 298 GB 1528 KB
    Disk 2 Online 56 GB 6190 KB
    Disk 3 Online 1937 MB 0 B
    Disk 4 No Media 0 B 0 B
    Disk 5 No Media 0 B 0 B
    Disk 6 No Media 0 B 0 B
    Disk 7 No Media 0 B 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 430 GB 1024 KB
    Partition 2 Primary 35 GB 430 GB

    ==================================================================================

    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 C NTFS Partition 430 GB Healthy

    ==================================================================================

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 7 D NTFS Partition 35 GB Healthy

    ==================================================================================

    Partitions of Disk 1:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 298 GB 32 KB

    ==================================================================================

    Disk: 1
    Partition 1
    Type : 0C
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 9 F My Book FAT32 Partition 298 GB Healthy

    ==================================================================================

    Partitions of Disk 2:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 56 GB 32 KB

    ==================================================================================

    Disk: 2
    Partition 1
    Type : 0B
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 G FIRELITE FAT32 Partition 56 GB Healthy

    ==================================================================================

    Partitions of Disk 3:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 1933 MB 4032 KB

    ==================================================================================

    Disk: 3
    Partition 1
    Type : 0E
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 7 H FAT Removable 1933 MB Healthy

    ==================================================================================

    ==========================================================

    Last Boot: 2012-07-13 22:09

    ======================= End Of Log ==========================
     
  4. CplKerberos

    CplKerberos TS Rookie Topic Starter

    Sorry for the double post but I managed to rebuild my boot loader and got the machine to load correctly. If you require any new logs because of this, let me know. Thanks.
     
  5. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    In Vista or Windows 7: Boot to System Recovery Options and run FRST.
    In Windows XP: Please boot to UBCD and run FRST.
    Type the following in the edit box after "Search:".

    services.exe

    Click Search button and post the log (Search.txt) it makes to your reply.
     
  6. CplKerberos

    CplKerberos TS Rookie Topic Starter

    Here is the requested log:

    Farbar Recovery Scan Tool Version: 13-07-2012
    Ran by SYSTEM at 2012-07-15 12:40:23
    Running from G:\

    ================== Search: "services.exe" ===================

    C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe
    [2011-10-27 10:56] - [2009-04-10 20:28] - 0279552 ____A (Microsoft Corporation) D4E6D91C1349B7BFB3599A6ADA56851B

    C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
    [2011-10-27 09:49] - [2008-01-18 20:33] - 0279040 ____A (Microsoft Corporation) 2B336AB6286D6C81FA02CBAB914E3C6C

    C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6000.16386_none_cd28fe6bd05df036\services.exe
    [2006-11-02 00:35] - [2006-11-02 01:45] - 0279552 ____A (Microsoft Corporation) 329CF3C97CE4C19375C8ABCABAE258B0

    C:\Windows\System32\services.exe
    [2011-10-27 10:56] - [2009-04-10 20:28] - 0279552 ____A (Microsoft Corporation) 8737764F4FD36D6808EE80578409C843

    === End Of Search ===
     
  7. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    On Vista or Windows 7: Now please enter System Recovery Options.
    On Windows XP: Now please boot into the UBCD.
    Run FRST/FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    Next...

    Restart normally.

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     

    Attached Files:

  8. CplKerberos

    CplKerberos TS Rookie Topic Starter

    Here is the fixlog:

    Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 13-07-2012
    Ran by SYSTEM at 2012-07-15 17:32:14 Run:1
    Running from F:\

    ==============================================

    HKEY_LOCAL_MACHINE\System\ControlSet004\Control\Session Manager\SubSystems\\Windows No ZeroAccess entry found.
    C:\Windows\System32\consrv.dll not found.
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Regedit32 Value deleted successfully.
    2b166bab857722d2 service deleted successfully.
    kohvmykv service deleted successfully.
    svbfory service deleted successfully.
    C:\Windows\System32\Drivers\2b166bab857722d2.sys moved successfully.
    C:\Users\The Man\0i763f66bz.exe moved successfully.
    C:\Windows\Installer\{0b1584b4-677e-80a2-0359-20e052729584} moved successfully.
    C:\Users\The Man\AppData\Local\{0b1584b4-677e-80a2-0359-20e052729584} moved successfully.
    C:\Windows\System32\services.exe moved successfully.
    C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe copied successfully to C:\Windows\System32\services.exe

    ==== End of Fixlog ====

    And the Combofix log:

    ComboFix 12-07-14.01 - The Man 07/15/2012 17:40:50.1.4 - x86
    Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.3070.2015 [GMT -5:00]
    Running from: c:\users\The Man\Desktop\ComboFix.exe
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\desktop.ini
    c:\program files\Search Toolbar
    c:\program files\Search Toolbar\SearchToolbar.dll
    c:\programdata\D81EDBF9-D167-4011-B77D-211DF920EB80
    c:\users\The Man\0i763f66bz.exe
    c:\users\The Man\AppData\Roaming\698e8de9c79e614b8d6a96b5ce9682e6-i686.cache-2
    c:\users\The Man\D20284-001-001.exe
    c:\users\The Man\D20286-001-001.exe
    c:\windows\iun6002.exe
    c:\windows\TEMP\logishrd\LVPrcInj11.dll
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-06-16 to 2012-07-16 )))))))))))))))))))))))))))))))
    .
    .
    2012-07-15 22:51 . 2012-07-16 01:54 -------- d-----w- c:\users\The Man\AppData\Local\temp
    2012-07-15 22:51 . 2012-07-15 22:51 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
    2012-07-15 22:51 . 2012-07-15 22:51 -------- d-----w- c:\users\UpdatusUser.TheMan\AppData\Local\temp
    2012-07-14 08:59 . 2012-07-14 08:59 -------- d-----w- C:\FRST
    2012-07-13 18:46 . 2012-07-13 18:46 -------- d-----w- c:\programdata\AVAST Software
    2012-07-13 18:46 . 2012-07-13 18:46 -------- d-----w- c:\program files\AVAST Software
    2012-07-12 16:33 . 2012-07-12 16:33 476936 ----a-w- c:\windows\system32\npdeployJava1.dll
    2012-07-12 16:31 . 2012-07-12 16:31 -------- d-----w- c:\programdata\McAfee
    2012-07-11 13:30 . 2012-07-11 13:30 -------- d-----w- c:\program files\LogMeIn Hamachi
    2012-06-27 22:45 . 2012-06-27 22:45 -------- d-----w- c:\users\The Man\AppData\Local\DDMSettings
    2012-06-27 22:43 . 2012-06-27 22:43 -------- d-----w- c:\program files\Common Files\DivX Shared
    2012-06-27 22:33 . 2012-06-27 22:45 -------- d-----w- c:\programdata\DivX
    2012-06-27 16:27 . 2012-06-27 18:26 -------- d-----w- c:\program files\Guild Wars 2
    2012-06-23 01:49 . 2012-06-23 01:49 -------- d-----w- c:\programdata\BioWare
    2012-06-23 01:49 . 2012-06-23 01:49 -------- d-----w- c:\users\The Man\AppData\Local\EA Core
    2012-06-22 21:12 . 2012-06-22 21:12 -------- d-----w- c:\program files\Common Files\Adobe AIR
    2012-06-22 21:11 . 2012-06-22 21:11 -------- d-----w- c:\program files\Common Files\BioWare
    2012-06-20 20:20 . 2012-06-20 20:20 -------- d-----w- c:\program files\Dropbox
    2012-06-18 17:08 . 2012-06-18 17:08 -------- d-----w- c:\users\The Man\AppData\Local\Macromedia
    2012-06-18 17:08 . 2012-06-18 17:08 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll
    2012-06-18 17:08 . 2012-06-18 17:08 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-07-12 17:06 . 2012-04-06 16:27 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-07-12 17:06 . 2011-05-26 17:51 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-07-12 16:33 . 2010-09-11 18:57 472840 ----a-w- c:\windows\system32\deployJava1.dll
    2012-07-03 18:46 . 2009-12-03 12:35 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-05-14 07:44 . 2008-06-20 04:48 140800 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
    2012-05-14 07:44 . 2009-05-01 01:47 283304 ----a-w- c:\windows\system32\PnkBstrB.xtr
    2012-05-14 07:44 . 2008-06-20 04:46 283304 ----a-w- c:\windows\system32\PnkBstrB.exe
    2012-05-14 07:43 . 2008-06-20 04:46 280904 ----a-w- c:\windows\system32\PnkBstrB.ex0
    2012-06-18 17:08 . 2011-05-11 07:21 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-12-05 19:17 94208 ----a-w- c:\users\The Man\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-12-05 19:17 94208 ----a-w- c:\users\The Man\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-12-05 19:17 94208 ----a-w- c:\users\The Man\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2011-12-05 19:17 94208 ----a-w- c:\users\The Man\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
    "BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-11-06 323392]
    "igndlm.exe"="c:\program files\Download Manager\DLM.exe" [2009-05-15 1103216]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="RtHDVCpl.exe" [2007-10-31 4702208]
    "AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736]
    "LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
    "Copperhead"="c:\program files\Razer\Copperhead\razerhid.exe" [2005-11-25 155648]
    "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
    "LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-06-27 1996200]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
    "googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
    .
    c:\users\The Man\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\The Man\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux5"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
    2010-01-20 15:38 135664 ----atw- c:\users\The Man\AppData\Local\Google\Update\GoogleUpdate.exe
    .
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-07-16 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 17:06]
    .
    2012-07-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2012-06-30 22:41]
    .
    2012-07-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2012-06-30 22:41]
    .
    2012-07-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1418986884-3954040137-1992069185-1000Core.job
    - c:\users\The Man\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-20 15:38]
    .
    2012-07-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1418986884-3954040137-1992069185-1000UA.job
    - c:\users\The Man\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-20 15:38]
    .
    2012-07-16 c:\windows\Tasks\User_Feed_Synchronization-{906C7088-80A5-4AAB-AC2A-94D7CBA20F8B}.job
    - c:\windows\system32\msfeedssync.exe [2011-10-28 16:39]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uInternet Settings,ProxyOverride = *.local
    Trusted Zone: motive.com\patttbc.att
    DPF: {2B658B62-1B6F-4CFF-8A7C-225B7BB15336} - hxxp://www.dotbook.jp/crochet/download/T-TimeCrochet.cab
    FF - ProfilePath - c:\users\The Man\AppData\Roaming\Mozilla\Firefox\Profiles\2jofzfx4.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us&tb_uuid=100000000000000002&tb_oid=05-05-2010&tb_mrud=05-05-2010
    FF - prefs.js: browser.startup.homepage - www.google.com
    FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
    FF - user.js: browser.sessionstore.resume_from_crash - false
    FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
    .
    - - - - ORPHANS REMOVED - - - -
    .
    URLSearchHooks-{1392b8d2-5c05-419f-a8f6-b9f15a596612} - (no file)
    WebBrowser-{1392B8D2-5C05-419F-A8F6-B9F15A596612} - (no file)
    HKCU-Run-0i763f66bz - c:\users\The Man\0i763f66bz.exe
    HKLM-Run-ATT-SST_McciTrayApp - c:\program files\ATT-SST\McciTrayApp.exe
    MSConfigStartUp-VeohPlugin - c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
    AddRemove-Freecorder5.11 - c:\program files\Freecorder\uninstall.exe
    AddRemove-pcsx2-r4600 - c:\users\The Man\Desktop\PCSX2 0.9.8\Uninst-pcsx2-r4600.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-07-15 20:53
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    .
    c:\users\THEMAN~1\AppData\Local\Temp\ArmUI.ini 163994 bytes
    c:\users\THEMAN~1\AppData\Local\Temp\div27DD.tmp\div286B.tmp 31762 bytes
    c:\users\THEMAN~1\AppData\Local\Temp\div27DD.tmp\div71DA.tmp 174672 bytes
    c:\users\THEMAN~1\AppData\Local\Temp\div27DD.tmp\divB179.tmp 31762 bytes
    c:\users\THEMAN~1\AppData\Local\Temp\div27DD.tmp\divC93E.tmp 163840 bytes
    .
    scan completed successfully
    hidden files: 5
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-1418986884-3954040137-1992069185-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    "??"=hex:d7,7c,31,c9,1a,d1,82,ff,06,94,5c,54,cc,e7,19,69,85,d4,f8,0f,ef,2c,29,
    25,50,07,a8,50,aa,2e,be,46,5e,3f,d1,6d,27,6a,db,f0,4a,0a,cb,0c,3b,d3,88,c2,\
    "??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50
    .
    [HKEY_USERS\S-1-5-21-1418986884-3954040137-1992069185-1000\Software\SecuROM\License information*]
    "datasecu"=hex:8e,a6,45,00,d3,74,a2,fe,fb,63,69,10,e4,57,55,eb,45,a3,1f,ec,25,
    33,6d,ef,ec,65,c0,0a,db,b2,fd,86,7a,be,ea,f1,34,b7,40,a6,a5,0d,dc,21,43,9c,\
    "rkeysecu"=hex:88,1c,58,f1,ab,9a,68,61,be,7e,a8,1d,53,9f,e2,d8
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'Explorer.exe'(5748)
    c:\users\The Man\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\nvvsvc.exe
    c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    c:\program files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
    c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
    c:\windows\system32\nvvsvc.exe
    c:\windows\SYSTEM32\WISPTIS.EXE
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\DAZ 3D\Content Management Service\ContentManagementServer.exe
    c:\program files\LogMeIn Hamachi\hamachi-2.exe
    c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    c:\windows\system32\PnkBstrA.exe
    c:\windows\system32\Wacom_Tablet.exe
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    c:\windows\system32\DRIVERS\xaudio.exe
    c:\windows\system32\WUDFHost.exe
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    c:\windows\SYSTEM32\WISPTIS.EXE
    c:\windows\system32\WTablet\Wacom_TabletUser.exe
    c:\program files\NVIDIA Corporation\Display\nvtray.exe
    c:\windows\system32\Wacom_Tablet.exe
    c:\windows\system32\conime.exe
    c:\windows\RtHDVCpl.exe
    c:\program files\Windows Media Player\wmpnetwk.exe
    c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
    c:\program files\iPod\bin\iPodService.exe
    c:\windows\system32\SLUI.exe
    .
    **************************************************************************
    .
    Completion time: 2012-07-15 20:59:34 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-07-16 01:59
    .
    Pre-Run: 95,599,288,320 bytes free
    Post-Run: 90,580,860,928 bytes free
    .
    - - End Of File - - 86892071B668B68F771E997594940FF2
     
  9. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    1. Please open Notepad (Start>All Programs>Accessories>Notepad).

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    File::
    c:\users\THEMAN~1\AppData\Local\Temp\ArmUI.ini 
    
    Folder::
    c:\users\THEMAN~1\AppData\Local\Temp\div27DD.tmp
    
    ClearJavaCache::
    

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
     
  10. CplKerberos

    CplKerberos TS Rookie Topic Starter

    Here's the latest log from ComboFix:

    ComboFix 12-07-16.01 - The Man 07/17/2012 5:05.2.4 - x86
    Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.3070.1663 [GMT -5:00]
    Running from: c:\users\The Man\Desktop\ComboFix.exe
    Command switches used :: c:\users\The Man\Desktop\CFScript.txt
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    FILE ::
    "c:\users\THEMAN~1\AppData\Local\Temp\ArmUI.ini"
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    Infected copy of c:\windows\system32\userinit.exe was found and disinfected
    Restored copy from - c:\windows\erdnt\cache\userinit.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-06-17 to 2012-07-17 )))))))))))))))))))))))))))))))
    .
    .
    2012-07-17 10:16 . 2012-07-17 10:20 -------- d-----w- c:\users\The Man\AppData\Local\temp
    2012-07-17 10:16 . 2012-07-17 10:16 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
    2012-07-17 10:16 . 2012-07-17 10:16 -------- d-----w- c:\users\UpdatusUser.TheMan\AppData\Local\temp
    2012-07-17 10:16 . 2012-07-17 10:16 -------- d-----w- c:\users\Guest\AppData\Local\temp
    2012-07-17 10:16 . 2012-07-17 10:16 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-07-17 09:55 . 2012-07-17 09:57 -------- d-----w- C:\DayZ-1.7.2.3
    2012-07-14 08:59 . 2012-07-14 08:59 -------- d-----w- C:\FRST
    2012-07-13 18:46 . 2012-07-13 18:46 -------- d-----w- c:\programdata\AVAST Software
    2012-07-13 18:46 . 2012-07-13 18:46 -------- d-----w- c:\program files\AVAST Software
    2012-07-12 16:33 . 2012-07-12 16:33 476936 ----a-w- c:\windows\system32\npdeployJava1.dll
    2012-07-12 16:31 . 2012-07-12 16:31 -------- d-----w- c:\programdata\McAfee
    2012-07-11 13:30 . 2012-07-11 13:30 -------- d-----w- c:\program files\LogMeIn Hamachi
    2012-06-27 22:45 . 2012-06-27 22:45 -------- d-----w- c:\users\The Man\AppData\Local\DDMSettings
    2012-06-27 22:43 . 2012-06-27 22:43 -------- d-----w- c:\program files\Common Files\DivX Shared
    2012-06-27 22:33 . 2012-06-27 22:45 -------- d-----w- c:\programdata\DivX
    2012-06-27 16:27 . 2012-06-27 18:26 -------- d-----w- c:\program files\Guild Wars 2
    2012-06-23 01:49 . 2012-06-23 01:49 -------- d-----w- c:\programdata\BioWare
    2012-06-23 01:49 . 2012-06-23 01:49 -------- d-----w- c:\users\The Man\AppData\Local\EA Core
    2012-06-22 21:12 . 2012-06-22 21:12 -------- d-----w- c:\program files\Common Files\Adobe AIR
    2012-06-22 21:11 . 2012-06-22 21:11 -------- d-----w- c:\program files\Common Files\BioWare
    2012-06-20 20:20 . 2012-06-20 20:20 -------- d-----w- c:\program files\Dropbox
    2012-06-18 17:08 . 2012-06-18 17:08 -------- d-----w- c:\users\The Man\AppData\Local\Macromedia
    2012-06-18 17:08 . 2012-06-18 17:08 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll
    2012-06-18 17:08 . 2012-06-18 17:08 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-07-12 17:06 . 2012-04-06 16:27 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-07-12 17:06 . 2011-05-26 17:51 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-07-12 16:33 . 2010-09-11 18:57 472840 ----a-w- c:\windows\system32\deployJava1.dll
    2012-07-03 18:46 . 2009-12-03 12:35 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-05-14 07:44 . 2008-06-20 04:48 140800 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
    2012-05-14 07:44 . 2009-05-01 01:47 283304 ----a-w- c:\windows\system32\PnkBstrB.xtr
    2012-05-14 07:44 . 2008-06-20 04:46 283304 ----a-w- c:\windows\system32\PnkBstrB.exe
    2012-05-14 07:43 . 2008-06-20 04:46 280904 ----a-w- c:\windows\system32\PnkBstrB.ex0
    2012-06-18 17:08 . 2011-05-11 07:21 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-12-05 19:17 94208 ----a-w- c:\users\The Man\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-12-05 19:17 94208 ----a-w- c:\users\The Man\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-12-05 19:17 94208 ----a-w- c:\users\The Man\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2011-12-05 19:17 94208 ----a-w- c:\users\The Man\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
    "BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-11-06 323392]
    "igndlm.exe"="c:\program files\Download Manager\DLM.exe" [2009-05-15 1103216]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="RtHDVCpl.exe" [2007-10-31 4702208]
    "AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736]
    "LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
    "Copperhead"="c:\program files\Razer\Copperhead\razerhid.exe" [2005-11-25 155648]
    "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
    "LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-06-27 1996200]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
    "googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
    .
    c:\users\The Man\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\The Man\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux5"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
    2010-01-20 15:38 135664 ----atw- c:\users\The Man\AppData\Local\Google\Update\GoogleUpdate.exe
    .
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-07-17 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 17:06]
    .
    2012-07-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2012-06-30 22:41]
    .
    2012-07-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2012-06-30 22:41]
    .
    2012-07-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1418986884-3954040137-1992069185-1000Core.job
    - c:\users\The Man\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-20 15:38]
    .
    2012-07-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1418986884-3954040137-1992069185-1000UA.job
    - c:\users\The Man\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-20 15:38]
    .
    2012-07-17 c:\windows\Tasks\User_Feed_Synchronization-{906C7088-80A5-4AAB-AC2A-94D7CBA20F8B}.job
    - c:\windows\system32\msfeedssync.exe [2011-10-28 16:39]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uInternet Settings,ProxyOverride = *.local
    Trusted Zone: motive.com\patttbc.att
    DPF: {2B658B62-1B6F-4CFF-8A7C-225B7BB15336} - hxxp://www.dotbook.jp/crochet/download/T-TimeCrochet.cab
    FF - ProfilePath - c:\users\The Man\AppData\Roaming\Mozilla\Firefox\Profiles\2jofzfx4.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us&tb_uuid=100000000000000002&tb_oid=05-05-2010&tb_mrud=05-05-2010
    FF - prefs.js: browser.startup.homepage - www.google.com
    FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
    FF - user.js: browser.sessionstore.resume_from_crash - false
    FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
    .
    .
    **************************************************************************
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files:
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-1418986884-3954040137-1992069185-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    "??"=hex:d7,7c,31,c9,1a,d1,82,ff,06,94,5c,54,cc,e7,19,69,85,d4,f8,0f,ef,2c,29,
    25,50,07,a8,50,aa,2e,be,46,5e,3f,d1,6d,27,6a,db,f0,4a,0a,cb,0c,3b,d3,88,c2,\
    "??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50
    .
    [HKEY_USERS\S-1-5-21-1418986884-3954040137-1992069185-1000\Software\SecuROM\License information*]
    "datasecu"=hex:8e,a6,45,00,d3,74,a2,fe,fb,63,69,10,e4,57,55,eb,45,a3,1f,ec,25,
    33,6d,ef,ec,65,c0,0a,db,b2,fd,86,7a,be,ea,f1,34,b7,40,a6,a5,0d,dc,21,43,9c,\
    "rkeysecu"=hex:88,1c,58,f1,ab,9a,68,61,be,7e,a8,1d,53,9f,e2,d8
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'Explorer.exe'(3576)
    c:\users\The Man\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\nvvsvc.exe
    c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    c:\program files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
    c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
    c:\windows\system32\nvvsvc.exe
    c:\windows\SYSTEM32\WISPTIS.EXE
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\DAZ 3D\Content Management Service\ContentManagementServer.exe
    c:\program files\LogMeIn Hamachi\hamachi-2.exe
    c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    c:\windows\system32\PnkBstrA.exe
    c:\windows\system32\Wacom_Tablet.exe
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    c:\windows\system32\DRIVERS\xaudio.exe
    c:\windows\system32\WUDFHost.exe
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    c:\windows\SYSTEM32\WISPTIS.EXE
    c:\windows\system32\WTablet\Wacom_TabletUser.exe
    c:\windows\system32\Wacom_Tablet.exe
    c:\program files\NVIDIA Corporation\Display\nvtray.exe
    c:\windows\system32\conime.exe
    c:\windows\RtHDVCpl.exe
    c:\program files\Windows Media Player\wmpnetwk.exe
    c:\program files\Razer\Copperhead\razerofa.exe
    c:\program files\iPod\bin\iPodService.exe
    c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
    c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    .
    **************************************************************************
    .
    Completion time: 2012-07-17 05:27:31 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-07-17 10:27
    ComboFix2.txt 2012-07-16 01:59
    .
    Pre-Run: 81,862,213,632 bytes free
    Post-Run: 81,971,892,224 bytes free
    .
    - - End Of File - - F36BC584D43626B684C4DD897B36E9E4
     
  11. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Looks good :)

    Any current issues?

    =====================================

    I can see some traces of Avast but I don't see it running.
    If you uninstalled it please reinstall it.

    ====================================

    Download Malwarebytes' Anti-Malware (MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.
    NOTE. If you already have MBAM installed, update it before running the scan.

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform quick scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    Be sure to restart the computer IF MBAM asks you to do so.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

    ================================

    Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...