TechSpot

Virus infecting svchost

Solved
By Cal_74
Feb 2, 2013
  1. I have a trojan which seems to have attacked svchost.exe. I have BitDefender Internet Security 2010 installed and he reports the following infected file:
    Infected: <System>=>c:\windows\syswow64\svchost.exe *32 [2044] (memory dump)=>(Embedded EXE r)
    Infected: <System>=>c:\windows\syswow64\svchost.exe *32 [2044] (full dump)=>(Embedded EXE r)

    Since BitDefender seems unable to delete it/quarantine it, any idea how I should proceed?

    Thank you for your help.
     
  2. Broni

    Broni Malware Annihilator Posts: 47,037   +255

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
  3. Cal_74

    Cal_74 TS Rookie Topic Starter Posts: 37

    Malwarebytes Anti-Malware (Trial) 1.70.0.1100
    www.malwarebytes.org
    Database version: v2013.02.02.10
    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Calimero :: ASUS_CAL [administrator]
    Protection: Enabled
    3/02/2013 00:24:27
    mbam-log-2013-02-03 (00-24-27).txt
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 265944
    Time elapsed: 7 minute(s), 27 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 1
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|{D299E061-2555-5CDA-F225-A02F88A19E84} (Trojan.ZbotR.Gen) -> Data: C:\Users\Calimero\AppData\Roaming\Puaquh\ypicx.exe -> Quarantined and deleted successfully.
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 1
    C:\Users\Calimero\AppData\Roaming\Puaquh\ypicx.exe (Trojan.ZbotR.Gen) -> Quarantined and deleted successfully.
    (end)
     
  4. Cal_74

    Cal_74 TS Rookie Topic Starter Posts: 37

    DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK
    Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.11.2
    Run by Calimero at 0:43:01 on 2013-02-03
    Microsoft Windows 7 Édition Familiale Premium 6.1.7601.1.1252.32.1036.18.6068.4680 [GMT 1:00]
    .
    AV: BitDefender Antivirus *Enabled/Updated* {982ADE23-275B-0766-37C5-DE01A484098E}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: BitDefender Antispyware *Enabled/Updated* {234B3FC7-0161-08E8-0D75-E573DF034333}
    FW: BitDefender Firewall *Enabled* {A0115F06-6D34-063E-1C9A-77345A574EF5}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\Explorer.EXE
    C:\Windows\system32\ctfmon.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.be/
    mStart Page = about:blank
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: Programme d'aide de l'Assistant de connexion Windows Live ID: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    BHO: Microsoft Web Test Recorder 10.0 Helper: {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
    TB: BitDefender Toolbar: {381FFDE8-2394-4f90-B10D-FC6124A40F8C} -
    EB: Web Test Recorder 10.0: {5802D092-1784-4908-8CDB-99B6842D353D} -
    uRun: [Zoner Photo Studio Autoupdate] C:\PROGRAM FILES\ZONER\PHOTO STUDIO 15\Program32\ZPSTRAY.EXE
    uRun: [{D299E061-2555-5CDA-F225-A02F88A19E84}] C:\Users\Calimero\AppData\Roaming\Puaquh\ypicx.exe
    mRun: [ASUS VIBE] C:\Program Files (x86)\ASUS\ASUS VIBE\ASUS VIBE.exe /S
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
    mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
    mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
    mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
    mRun: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
    mRun: [Trend Micro RUBotted V2.0 Beta] C:\Program Files (x86)\Trend Micro\RUBotted\RUBottedGUI.exe
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
    StartupFolder: C:\Users\Calimero\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ALERTE~1.LNK - C:\Windows\System32\RunDll32.exe
    uPolicies-Explorer: NoDriveAutoRun = dword:0
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableLUA = dword:0
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-System: PromptOnSecureDesktop = dword:0
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
    TCP: NameServer = 192.168.1.1
    TCP: Interfaces\{2ACCF41E-0369-4C73-8D8E-989C8CFF5C66} : DHCPNameServer = 192.168.1.1
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SSODL: WebCheck - <orphaned>
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-TB: BitDefender Toolbar: {381FFDE8-2394-4f90-B10D-FC6124A40F8C} -
    x64-Run: [ASUS WebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
    x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
    x64-Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
    x64-Run: [THXCfg64] C:\Windows\System32\RunDLL32.exe C:\Windows\System32\THXCfg64.dll,RunDLLEntry THXCfg64
    x64-Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd
    x64-Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
    x64-Run: [BitDefender Antiphishing Helper 32] "C:\Program Files\BitDefender\BitDefender 2010\Antispam32\IEShow.exe"
    x64-Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2010\IEShow.exe"
    x64-Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe"
    x64-Run: [OODefragTray] C:\Program Files\OO Software\Defrag\oodtray.exe
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-SSODL: WebCheck - <orphaned>
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Calimero\AppData\Roaming\Mozilla\Firefox\Profiles\7bcnnfzp.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Users\Calimero\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
    FF - plugin: C:\Windows\System32\Wat\npWatWeb.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: network.cookie.cookieBehavior - 0
    FF - user.js: privacy.clearOnShutdown.cookies - false
    FF - user.js: security.warn_viewing_mixed - false
    FF - user.js: security.warn_viewing_mixed.show_once - false
    FF - user.js: security.warn_submit_insecure - false
    FF - user.js: security.warn_submit_insecure.show_once - false
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 FSProFilter;FSPro File Filter;C:\Windows\System32\drivers\FSPFltd.sys [2011-10-12 55440]
    R0 oodrvled;oodrvled;C:\Windows\System32\drivers\OODrvled.sys [2011-3-2 30800]
    R1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;C:\Windows\System32\drivers\BdfNdisf6.sys [2009-10-19 88144]
    R3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;C:\Windows\System32\drivers\FLxHCIc.sys [2010-9-24 229376]
    R3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;C:\Windows\System32\drivers\FLxHCIh.sys [2010-9-24 69120]
    R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-11-4 56344]
    R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2010-4-21 76912]
    S1 bdfwfpf;bdfwfpf;C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdfwfpf.sys [2010-1-4 89680]
    S2 AFBAgent;AFBAgent;C:\Windows\System32\FBAgent.exe [2010-11-4 379520]
    S2 BDVEDISK;BDVEDISK;C:\Program Files\BitDefender\BitDefender 2010\bdvedisk.sys [2010-1-19 103944]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 fsproflt;FSPro Filter Service;C:\Windows\SysWOW64\fsproflt.exe [2011-10-12 73392]
    S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-2-3 398184]
    S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-2-3 682344]
    S2 MSMQSVC;Message Queuing Service;C:\Windows\System32\mqsv32.exe --> C:\Windows\System32\mqsv32.exe [?]
    S2 OODefragAgent;O&O Defrag;C:\Program Files\OO Software\Defrag\oodag.exe [2012-3-28 3288400]
    S2 RUBotSrv;Trend Micro RUBotted Service;C:\Program Files (x86)\Trend Micro\RUBotted\RUBotSrv.exe [2011-8-8 439632]
    S2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2010-4-17 13832]
    S2 TurboBoost;Intel(R) Turbo Boost Technology Monitor;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-4-17 134928]
    S2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-11-4 2314240]
    S3 Arrakis3;BitDefender Arrakis Server;C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [2009-10-19 278224]
    S3 BDFM;BDFM;C:\Windows\System32\drivers\bdfm.sys [2010-1-29 163936]
    S3 btusbflt;Bluetooth USB Filter;C:\Windows\System32\drivers\btusbflt.sys [2009-12-14 53800]
    S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-11-4 79360]
    S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-1-31 1038088]
    S3 ivusb;Initio Driver for USB Default Controller;C:\Windows\System32\drivers\ivusb.sys [2010-7-28 29720]
    S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-2-3 24176]
    S3 PSSDK42;PSSDK42;C:\Windows\System32\drivers\pssdk42.sys [2011-6-18 53312]
    S3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2010-11-4 318056]
    S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\System32\drivers\SiSG664.sys [2009-6-10 56832]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-4-16 59392]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]
    S3 VSPerfDrv100;Performance Tools Driver 10.0;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2011-1-18 68440]
    S3 WatAdminSvc;Service Windows Activation Technologies;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-1-15 1255736]
    .
    =============== File Associations ===============
    .
    ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS4\dreamweaver.exe", "%1"
    .
    =============== Created Last 30 ================
    .
    2013-02-02 23:22:24 -------- d-----w- C:\Users\Calimero\AppData\Roaming\Malwarebytes
    2013-02-02 23:22:17 -------- d-----w- C:\ProgramData\Malwarebytes
    2013-02-02 23:22:16 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2013-02-02 23:22:15 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2013-02-02 22:12:03 -------- d-----w- C:\Users\Calimero\AppData\Roaming\tor
    2013-02-02 22:12:03 -------- d-----w- C:\Users\Calimero\AppData\Roaming\Puaquh
    2013-02-02 22:12:03 -------- d-----w- C:\Users\Calimero\AppData\Roaming\Odtoy
    2013-02-01 21:06:25 -------- d-----w- C:\Users\Calimero\AppData\Local\GameMaker8.1
    2013-02-01 21:06:21 -------- d-----w- C:\Users\Calimero\AppData\Local\YoYo_Games_Ltd
    2013-02-01 21:05:42 -------- d-----w- C:\Users\Calimero\AppData\Roaming\GameMaker
    2013-02-01 20:02:25 -------- d-----w- C:\Users\Calimero\AppData\Local\PreEmptive Solutions
    2013-02-01 17:51:02 -------- d-----w- C:\Users\Calimero\AppData\Local\CrashDumps
    2013-01-28 18:44:16 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2013-01-26 21:08:54 -------- d-----w- C:\Users\Calimero\AppData\Roaming\Elephant Games
    2013-01-26 21:08:54 -------- d-----w- C:\ProgramData\Elephant Games
    2013-01-24 20:59:29 741480 ------w- C:\Windows\System32\HPDiscoPMa211.dll
    2013-01-24 20:59:10 -------- d-----w- C:\Program Files\HP
    2013-01-13 20:49:45 -------- d-----w- C:\Users\Calimero\AppData\Roaming\digipen
    2013-01-13 20:49:45 -------- d-----w- C:\Users\Calimero\AppData\Local\digipen
    2013-01-13 14:13:28 -------- d-----w- C:\Users\Calimero\AppData\Local\DigitalVolcano
    2013-01-13 13:42:12 -------- d-----w- C:\Program Files (x86)\Duplicate Cleaner
    2013-01-12 13:40:03 -------- d-----w- C:\Users\Calimero\AppData\Roaming\Zoner
    2013-01-12 13:40:03 -------- d-----w- C:\Users\Calimero\AppData\Local\Zoner
    2013-01-12 13:37:35 -------- d-----w- C:\ProgramData\Zoner
    2013-01-12 13:37:14 -------- d-----w- C:\Program Files\Zoner
    2013-01-10 21:03:53 -------- d-----w- C:\Program Files (x86)\Alawar
    2013-01-09 05:47:48 424448 ----a-w- C:\Windows\System32\KernelBase.dll
    2013-01-09 05:45:33 68608 ----a-w- C:\Windows\System32\taskhost.exe
    2013-01-09 05:45:31 3149824 ----a-w- C:\Windows\System32\win32k.sys
    2013-01-07 21:20:55 -------- d-----w- C:\Users\Calimero\AppData\Roaming\SolEol
    .
    ==================== Find3M ====================
    .
    2013-02-02 23:38:31 45056 ----a-w- C:\Windows\System32\acovcnt.exe
    2013-01-10 19:21:46 74248 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-01-10 19:21:46 697864 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-12-19 21:08:32 859072 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
    2012-12-19 21:08:32 779704 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2012-12-16 17:11:22 46080 ----a-w- C:\Windows\System32\atmlib.dll
    2012-12-16 14:45:03 367616 ----a-w- C:\Windows\System32\atmfd.dll
    2012-12-16 14:13:28 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
    2012-12-16 14:13:20 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
    2012-12-07 13:20:16 441856 ----a-w- C:\Windows\System32\Wpc.dll
    2012-12-07 13:15:31 2746368 ----a-w- C:\Windows\System32\gameux.dll
    2012-12-07 12:26:17 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll
    2012-12-07 12:20:43 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll
    2012-12-07 11:20:04 30720 ----a-w- C:\Windows\System32\usk.rs
    2012-12-07 11:20:03 43520 ----a-w- C:\Windows\System32\csrr.rs
    2012-12-07 11:20:03 23552 ----a-w- C:\Windows\System32\oflc.rs
    2012-12-07 11:20:01 45568 ----a-w- C:\Windows\System32\oflc-nz.rs
    2012-12-07 11:20:01 44544 ----a-w- C:\Windows\System32\pegibbfc.rs
    2012-12-07 11:20:01 20480 ----a-w- C:\Windows\System32\pegi-fi.rs
    2012-12-07 11:20:00 20480 ----a-w- C:\Windows\System32\pegi-pt.rs
    2012-12-07 11:19:59 20480 ----a-w- C:\Windows\System32\pegi.rs
    2012-12-07 11:19:58 46592 ----a-w- C:\Windows\System32\fpb.rs
    2012-12-07 11:19:57 40960 ----a-w- C:\Windows\System32\cob-au.rs
    2012-12-07 11:19:57 21504 ----a-w- C:\Windows\System32\grb.rs
    2012-12-07 11:19:57 15360 ----a-w- C:\Windows\System32\djctq.rs
    2012-12-07 11:19:56 55296 ----a-w- C:\Windows\System32\cero.rs
    2012-12-07 11:19:55 51712 ----a-w- C:\Windows\System32\esrb.rs
    2012-12-01 14:21:29 281688 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
    2012-12-01 14:21:29 281688 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
    2012-12-01 12:24:02 281688 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
    2012-12-01 12:22:20 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
    2012-11-30 05:45:35 362496 ----a-w- C:\Windows\System32\wow64win.dll
    2012-11-30 05:45:35 243200 ----a-w- C:\Windows\System32\wow64.dll
    2012-11-30 05:45:35 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
    2012-11-30 05:45:14 215040 ----a-w- C:\Windows\System32\winsrv.dll
    2012-11-30 05:43:12 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
    2012-11-30 04:54:00 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
    2012-11-30 04:53:59 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
    2012-11-30 03:23:48 338432 ----a-w- C:\Windows\System32\conhost.exe
    2012-11-30 02:44:06 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
    2012-11-30 02:44:04 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
    2012-11-30 02:44:04 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
    2012-11-30 02:44:03 2048 ----a-w- C:\Windows\SysWow64\user.exe
    2012-11-30 02:38:59 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
    2012-11-30 02:38:59 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
    2012-11-30 02:38:59 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
    2012-11-30 02:38:59 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
    2012-11-22 05:44:23 800768 ----a-w- C:\Windows\System32\usp10.dll
    2012-11-22 04:45:03 626688 ----a-w- C:\Windows\SysWow64\usp10.dll
    2012-11-20 05:48:49 307200 ----a-w- C:\Windows\System32\ncrypt.dll
    2012-11-20 04:51:09 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
    2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll
    2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll
    2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2012-11-09 05:45:32 750592 ----a-w- C:\Windows\System32\win32spl.dll
    2012-11-09 05:45:09 2048 ----a-w- C:\Windows\System32\tzres.dll
    2012-11-09 04:43:04 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
    2012-11-09 04:42:49 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2012-11-08 10:29:12 1402312 ----a-w- C:\Windows\SysWow64\msxml4.dll
    .
    ============= FINISH: 0:43:37,59 ===============
     
  5. Cal_74

    Cal_74 TS Rookie Topic Starter Posts: 37

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Édition Familiale Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 15/01/2011 15:54:04
    System Uptime: 3/02/2013 00:40:30 (0 hours ago)
    .
    Motherboard: ASUSTeK Computer Inc. | | G73Jw
    Processor: Intel(R) Core(TM) i7 CPU Q 740 @ 1.73GHz | Socket 989 | 1729/133mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 116 GiB total, 45,637 GiB free.
    D: is FIXED (NTFS) - 328 GiB total, 86,388 GiB free.
    E: is CDROM ()
    G: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Atheros AR9285 Wireless Network Adapter
    Device ID: PCI\VEN_168C&DEV_002B&SUBSYS_10891A3B&REV_01\001517FFFF24141200
    Manufacturer: Atheros Communications Inc.
    Name: Atheros AR9285 Wireless Network Adapter
    PNP Device ID: PCI\VEN_168C&DEV_002B&SUBSYS_10891A3B&REV_01\001517FFFF24141200
    Service: athr
    .
    Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
    Description: USB2.0 UVC 2M WebCam
    Device ID: USB\VID_13D3&PID_5122&MI_00\7&458BFA4&0&0000
    Manufacturer: Azureware
    Name: USB2.0 UVC 2M WebCam
    PNP Device ID: USB\VID_13D3&PID_5122&MI_00\7&458BFA4&0&0000
    Service: SNP2UVC
    .
    Class GUID: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
    Description: Generic Bluetooth Adapter
    Device ID: USB\VID_0B05&PID_1788\74F06DB2A6D0
    Manufacturer: GenericAdapter
    Name: Generic Bluetooth Adapter
    PNP Device ID: USB\VID_0B05&PID_1788\74F06DB2A6D0
    Service: BTHUSB
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: Security Processor Loader Driver
    Device ID: ROOT\LEGACY_SPLDR\0000
    Manufacturer:
    Name: Security Processor Loader Driver
    PNP Device ID: ROOT\LEGACY_SPLDR\0000
    Service: spldr
    .
    ==== System Restore Points ===================
    .
    No restore point in system.
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    AC3Filter 1.62b
    Acrobat.com
    Activision(R)
    Adobe AIR
    Adobe Anchor Service CS4
    Adobe Anchor Service x64 CS4
    Adobe Bridge CS4
    Adobe CMaps CS4
    Adobe CMaps x64 CS4
    Adobe Color - Photoshop Specific CS4
    Adobe Color EU Recommended Settings CS4
    Adobe Color JA Extra Settings CS4
    Adobe Color NA Extra Settings CS4
    Adobe Color Video Profiles CS CS4
    Adobe Creative Suite 4 Design Premium
    Adobe CSI CS4
    Adobe CSI CS4 x64
    Adobe Default Language CS4
    Adobe Dreamweaver CS4
    Adobe Drive CS4 x64
    Adobe ExtendScript Toolkit CS4
    Adobe Flash Player 11 ActiveX 64-bit
    Adobe Flash Player 11 Plugin
    Adobe Fonts All x64
    Adobe Linguistics CS4 x64
    Adobe Media Encoder CS4 Importer
    Adobe Output Module
    Adobe PDF Library Files CS4
    Adobe PDF Library Files x64 CS4
    Adobe Photoshop CS4 (64 Bit)
    Adobe Photoshop CS4 Support
    Adobe Reader 9.5.3 MUI
    Adobe Search for Help
    Adobe Service Manager Extension
    Adobe Setup
    Adobe Type Support CS4
    Adobe Type Support x64 CS4
    Adobe Update Manager CS4
    Adobe WinSoft Linguistics Plugin x64
    Adobe XMP Panels CS4
    AdobeColorCommonSetCMYK
    AdobeColorCommonSetRGB
    Any Video Converter 3.5.8
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ASUS AI Recovery
    ASUS AP Bank
    ASUS Live Update
    ASUS Power4Gear Hybrid
    ASUS SmartLogon
    ASUS Splendid Video Enhancement Technology
    ASUS VIBE
    ASUS Virtual Camera
    ATK Package
    BIT.TRIP RUNNER (remove only)
    BitDefender Internet Security 2010
    Bonjour
    BulletStorm
    Bullzip PDF Printer 7.1.0.1218
    Connect
    Contents
    Corel VideoStudio Pro X5
    CP avec Disney le Livre de la Jungle
    Crystal Reports for Visual Studio
    D3DX10
    Desperados Wanted Dead or Alive
    Diablo III
    DiscJuggler
    Disney Princesses - Mon Royaume Enchanté
    DivX Setup
    Dotfuscator Software Services - Community Edition
    Duplicate Cleaner Free 3.0.1
    DVD Shrink 3.2
    eMule
    ExpressGate Cloud
    Far Cry 3
    Fast Boot
    ffdshow v1.1.3562 [2010-09-07]
    FileZilla Client 3.3.5.1
    foobar2000 v1.1.10
    Fresco Logic USB3.0 Host Controller
    Frère des Ours
    Galerie de photos Windows Live
    GameMaker 8.1
    Ghostbusters (TM): The Video Game
    Giana Sisters - Twisted Dreams
    GOG.com Downloader version 3.3.5
    Google Update Helper
    GPL Ghostscript Lite 8.70
    GPU Temp version 1.0
    Grand Theft Auto Vice City
    Hewlett-Packard ACLM.NET v1.1.0.0
    Hide Folders 2009 3.1 for Windows XP/Vista
    Hotfix for Microsoft Team Foundation Server 2010 Object Model - ENU (KB2736182)
    Hotfix for Microsoft Visual Studio 2010 Ultimate - ENU (KB2529927)
    Hotfix for Microsoft Visual Studio 2010 Ultimate - ENU (KB2548139)
    Hotfix for Microsoft Visual Studio 2010 Ultimate - ENU (KB2549864)
    Hotfix for Microsoft Visual Studio 2010 Ultimate - ENU (KB2565057)
    Hotfix for Microsoft Visual Studio 2010 Ultimate - ENU (KB2635973)
    Hotfix for Microsoft Visual Studio 2010 Ultimate - ENU (KB2736182)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2280741)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2284668)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2295689)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2420513)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2452649)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2455033)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2485545)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB982517)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB982721)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB983233)
    HP Deskjet 3070 B611 series Aide
    HP Product Detection
    ICA
    ImgBurn
    ImTOO DVD Ripper Platinum 5
    InfraRecorder 0.51 (x64 edition)
    Intel(R) Management Engine Components
    Intel(R) Turbo Boost Technology Monitor
    IPM_VS_Pro
    ISCOM
    iTunes
    Jamestown: Legend of the Lost Colony
    Java 7 Update 11
    Java Auto Updater
    Java(TM) 6 Update 37
    kuler
    L'Age de Glace(TM) 4 - La dérive des continents - Jeux de l'Arctique
    Lapin Malin Cours Préparatoire ADAPT
    Larry
    LEGO® Pirates of the Caribbean The Video Game
    LEGO® The Lord of the Rings™
    Les Aventures de Porcinet
    Les Schtroumpfs - le téléportaschtroumpf version V1.0
    Logiciel de base du périphérique HP Deskjet 3070 B611 series
    Malwarebytes Anti-Malware version 1.70.0.1100
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft .NET Framework 4 Multi-Targeting Pack
    Microsoft Application Error Reporting
    Microsoft ASP.NET MVC 2
    Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft Games for Windows Marketplace
    Microsoft Help Viewer 1.1
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office Office 64-bit Components 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared 64-bit MUI (English) 2007
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft Silverlight 3 SDK
    Microsoft Silverlight 4 SDK
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft SQL Server 2008 R2 Data-Tier Application Framework
    Microsoft SQL Server 2008 R2 Data-Tier Application Project
    Microsoft SQL Server 2008 R2 Management Objects
    Microsoft SQL Server 2008 R2 Management Objects (x64)
    Microsoft SQL Server 2008 R2 Transact-SQL Language Service
    Microsoft SQL Server Compact 3.5 SP2 ENU
    Microsoft SQL Server Compact 3.5 SP2 x64 ENU
    Microsoft SQL Server Database Publishing Wizard 1.4
    Microsoft SQL Server System CLR Types
    Microsoft SQL Server System CLR Types (x64)
    Microsoft Sync Framework Runtime v1.0 SP1 (x64)
    Microsoft Sync Framework SDK v1.0 SP1
    Microsoft Sync Framework Services v1.0 SP1 (x64)
    Microsoft Sync Services for ADO.NET v2.0 SP1 (x64)
    Microsoft Team Foundation Server 2010 Object Model - ENU
    Microsoft Visual C++ Compilers 2010 Standard - enu - x64
    Microsoft Visual C++ Compilers 2010 Standard - enu - x86
    Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable (x64)
    Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
    Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x64 Designtime - 10.0.30319
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219
    Microsoft Visual F# 2.0 Runtime
    Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
    Microsoft Visual Studio 2010 IntelliTrace Collection (x64)
    Microsoft Visual Studio 2010 Office Developer Tools (x64)
    Microsoft Visual Studio 2010 Performance Collection Tools SP1 - ENU
    Microsoft Visual Studio 2010 Service Pack 1
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - FRA
    Microsoft Visual Studio 2010 Ultimate - ENU
    Microsoft Visual Studio Macro Tools
    Microsoft Xbox 360 Accessories 1.2
    Microsoft XNA Framework Redistributable 3.1
    Microsoft XNA Framework Redistributable 4.0
    Microsoft XNA Game Studio 4.0
    Microsoft XNA Game Studio 4.0 (ARP entry)
    Microsoft XNA Game Studio 4.0 (Redists)
    Microsoft XNA Game Studio 4.0 (Shared Components)
    Microsoft XNA Game Studio 4.0 (Visual Studio)
    Microsoft XNA Game Studio 4.0 (XnaLiveProxy)
    Microsoft XNA Game Studio 4.0 Documentation
    Microsoft XNA Game Studio Platform Tools
    Mises à jour NVIDIA 1.8.15
    Module linguistique Microsoft Visual Studio 2010 Tools pour Office Runtime (x64) - FRA
    Mozilla Firefox 16.0.1 (x86 fr)
    Mozilla Maintenance Service
    MSVCRT
    MSXML 4.0 SP3 Parser (KB2721691)
    MSXML 4.0 SP3 Parser (KB2758694)
    MSXML 4.0 SP3 Parser (KB973685)
    NewsLeecher v5.0 Beta 11
    Notepad++
    NVIDIA Display Control Panel
    NVIDIA Install Application
    NVIDIA Logiciel système PhysX 9.12.0213
    NVIDIA PhysX
    NVIDIA Pilote audio HD : 1.3.16.0
    NVIDIA Pilote graphique 301.42
    NVIDIA Update Components
    O&O Defrag Professional
    O&O DriveLED Professional
    Ootake ver2.62
    OpenAL
    Panneau de configuration NVIDIA 301.42
    PDF Settings CS4
    pdfsam
    PeaZip 3.6
    Photoshop Camera Raw
    Photoshop Camera Raw_x64
    Puddle
    QuickPar 0.9
    QuickTime
    Rapture3D 2.5.1 Game
    Rayman Origins
    Realtek PCIE Card Reader
    Recuva
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
    Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
    Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
    Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
    Security Update for Microsoft Visual Studio 2010 Ultimate - ENU (KB2645410)
    Security Update for Microsoft Visual Studio Macro Tools (KB2669970)
    Setup
    Share
    Share64
    SmartSound Common Data
    SmartSound Quicktracks 5
    Suite Shared Configuration CS4
    Super Meat Boy v1.5
    SUPER STREET FIGHTER IV: ARCADE EDITION
    Surface - The Soaring City - Collector's Edition
    Synaptics Pointing Device Driver
    TagScanner 5.1.625
    The Cave (c) SEGA version 1
    The Witcher
    The Witcher 2 - Assassins of Kings
    Trend Micro RUBotted 2.0 Beta
    Ubisoft Game Launcher
    Uninstall 1.0.0.1
    Unity Web Player
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2600217)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2760586) 32-Bit Edition
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Uplay
    USB2.0 UVC 2M WebCam
    VC80CRTRedist - 8.0.50727.6195
    VirtualCloneDrive
    Visual Studio 2010 Prerequisites - English
    Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
    VLC media player 2.0.0
    VSClassic
    VSHelp
    VSPro
    Vuze
    WCF RIA Services V1.0 SP1
    Web Deployment Tool
    Windows Live
    Windows Live Communications Platform
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Language Selector
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live Sync
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Media Encoder 9 Series
    WinFlash
    WinHTTrack Website Copier 3.44-4
    WinPcap 4.1.1
    WinUAE 2.3.3
    Wireless Console 3
    XviD MPEG-4 Codec
    Zoner Photo Studio 15
    .
    ==== End Of File ===========================
     
  6. Broni

    Broni Malware Annihilator Posts: 47,037   +255

    Any particular reason you ran DDS from safe mode?

    Zbot infection is not too good news.

    Let's double check...

    Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • IMPORTANT! UN-check Remove found threats
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
     
  7. Cal_74

    Cal_74 TS Rookie Topic Starter Posts: 37

    Additional information: after MBAM scan I followed the indicated steps but it looks like Win7 has difficulties starting now. It is stuck on a black screen with the mouse cursor visible when the desktop should be displayed.
     
  8. Broni

    Broni Malware Annihilator Posts: 47,037   +255

    Can you start in safe mode?
     
  9. Cal_74

    Cal_74 TS Rookie Topic Starter Posts: 37

    Yes.
     
  10. Broni

    Broni Malware Annihilator Posts: 47,037   +255

    If you can start in Safe Mode with Networking run Eset scan from my reply #6
     
  11. Cal_74

    Cal_74 TS Rookie Topic Starter Posts: 37

    The scan is done and no thread found. Since there seems to be a display issue with ESET in safe mode (window a little bit truncated), I don't know if there was a way to save a report file in this case.
     
     
  12. Broni

    Broni Malware Annihilator Posts: 47,037   +255

    Very well then...

    • Download RogueKiller on the desktop
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    ==========================

    Download Malwarebytes Anti-Rootkit (MBAR) from HERE
    • Unzip downloaded file.
    • Open the folder where the contents were unzipped and run mbar.exe
    • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
    • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
    • Wait while the system shuts down and the cleanup process is performed.
    • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
    • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
     
  13. Cal_74

    Cal_74 TS Rookie Topic Starter Posts: 37

    RogueKiller V8.4.4 [Feb 1 2013] par Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Remontees : http://www.sur-la-toile.com/discussion-193725-1--RogueKiller-Remontees.html
    Site Web : http://www.sur-la-toile.com/RogueKiller/
    Blog : http://tigzyrk.blogspot.com/
    Systeme d'exploitation : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Demarrage : Mode sans echec avec prise en charge reseau
    Utilisateur : Calimero [Droits d'admin]
    Mode : Suppression -- Date : 03/02/2013 03:37:08
    | ARK || MBR |
    ¤¤¤ Processus malicieux : 0 ¤¤¤
    ¤¤¤ Entrees de registre : 12 ¤¤¤
    [RUN][SUSP PATH] HKCU\[...]\Run : {D299E061-2555-5CDA-F225-A02F88A19E84} (C:\Users\Calimero\AppData\Roaming\Puaquh\ypicx.exe) -> SUPPRIMÉ
    [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REMPLACÉ (2)
    [HJ] HKLM\[...]\System : EnableLUA (0) -> REMPLACÉ (1)
    [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyDocs (0) -> REMPLACÉ (1)
    [HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> REMPLACÉ (1)
    [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> REMPLACÉ (1)
    [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REMPLACÉ (1)
    [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> REMPLACÉ (1)
    [HJ SMENU] HKCU\[...]\Advanced : Start_ShowHelp (0) -> REMPLACÉ (1)
    [HJ SMENU] HKCU\[...]\Advanced : Start_TrackProgs (0) -> REMPLACÉ (1)
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REMPLACÉ (0)
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REMPLACÉ (0)
    ¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤
    ¤¤¤ Driver : [NON CHARGE] ¤¤¤
    ¤¤¤ Fichier HOSTS: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts

    ¤¤¤ MBR Verif: ¤¤¤
    +++++ PhysicalDrive0: ST95005620AS +++++
    --- User ---
    [MBR] 697fe5d5f8f6c594432ea117b4bfe546
    [BSP] b8e681ec20f3f51e484d81d4ade624cc : Windows 7/8 MBR Code
    Partition table:
    0 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 63 | Size: 22003 Mo
    1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 45062325 | Size: 119231 Mo
    2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 289249280 | Size: 335704 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!
    Termine : << RKreport[2]_D_03022013_033708.txt >>
    RKreport[1]_S_03022013_033629.txt ; RKreport[2]_D_03022013_033708.txt
     
  14. Cal_74

    Cal_74 TS Rookie Topic Starter Posts: 37

    Il y avait un autre log avant celui que je viens de poster, le voici:

    RogueKiller V8.4.4 [Feb 1 2013] par Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Remontees : http://www.sur-la-toile.com/discussion-193725-1--RogueKiller-Remontees.html
    Site Web : http://www.sur-la-toile.com/RogueKiller/
    Blog : http://tigzyrk.blogspot.com/
    Systeme d'exploitation : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Demarrage : Mode sans echec avec prise en charge reseau
    Utilisateur : Calimero [Droits d'admin]
    Mode : Recherche -- Date : 03/02/2013 03:36:29
    | ARK || MBR |
    ¤¤¤ Processus malicieux : 0 ¤¤¤
    ¤¤¤ Entrees de registre : 15 ¤¤¤
    [RUN][SUSP PATH] HKCU\[...]\Run : {D299E061-2555-5CDA-F225-A02F88A19E84} (C:\Users\Calimero\AppData\Roaming\Puaquh\ypicx.exe) -> TROUVÉ
    [RUN][SUSP PATH] HKUS\S-1-5-21-3955869695-4156559446-3699184568-1002[...]\Run : {D299E061-2555-5CDA-F225-A02F88A19E84} (C:\Users\Calimero\AppData\Roaming\Puaquh\ypicx.exe) -> TROUVÉ
    [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> TROUVÉ
    [HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> TROUVÉ
    [HJ] HKLM\[...]\System : EnableLUA (0) -> TROUVÉ
    [HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> TROUVÉ
    [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyDocs (0) -> TROUVÉ
    [HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> TROUVÉ
    [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> TROUVÉ
    [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> TROUVÉ
    [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> TROUVÉ
    [HJ SMENU] HKCU\[...]\Advanced : Start_ShowHelp (0) -> TROUVÉ
    [HJ SMENU] HKCU\[...]\Advanced : Start_TrackProgs (0) -> TROUVÉ
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> TROUVÉ
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> TROUVÉ
    ¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤
    ¤¤¤ Driver : [NON CHARGE] ¤¤¤
    ¤¤¤ Fichier HOSTS: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts
     
  15. Cal_74

    Cal_74 TS Rookie Topic Starter Posts: 37

    Do I have to reboot between RogueKiller and Anti-Rootkit?
     
  16. Broni

    Broni Malware Annihilator Posts: 47,037   +255

    If the program doesn't ask you to reboot don't.
     
  17. Cal_74

    Cal_74 TS Rookie Topic Starter Posts: 37

    Scan finished: no malware found.
     
  18. Cal_74

    Cal_74 TS Rookie Topic Starter Posts: 37

    Malwarebytes Anti-Rootkit BETA 1.01.0.1017
    www.malwarebytes.org
    Database version: v2013.02.03.01
    Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)
    Internet Explorer 9.0.8112.16421
    Calimero :: ASUS_CAL [administrator]
    3/02/2013 04:00:37
    mbar-log-2013-02-03 (04-00-37).txt
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
    Scan options disabled:
    Objects scanned: 32624
    Time elapsed: 10 minute(s), 6 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 0
    (No malicious items detected)
    (end)
     
  19. Broni

    Broni Malware Annihilator Posts: 47,037   +255

    See what happens if you try to start in normal mode.
     
  20. Cal_74

    Cal_74 TS Rookie Topic Starter Posts: 37

    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.01.0.1017
    (c) Malwarebytes Corporation 2011-2012
    OS version: 6.1.7601 Windows 7 Service Pack 1 x64
    System is currently in a safe mode
    Account is Administrative
    Internet Explorer version: 9.0.8112.16421
    Java version: 1.6.0_37
    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
    CPU speed: 1.729000 GHz
    Memory total: 6363136000, free: 4620726272
    ------------ Kernel report ------------
    02/03/2013 03:41:22
    ------------ Loaded modules -----------
    \SystemRoot\system32\ntoskrnl.exe
    \SystemRoot\system32\hal.dll
    \SystemRoot\system32\kdcom.dll
    \SystemRoot\system32\mcupdate_GenuineIntel.dll
    \SystemRoot\system32\PSHED.dll
    \SystemRoot\system32\CLFS.SYS
    \SystemRoot\system32\CI.dll
    \SystemRoot\system32\drivers\Wdf01000.sys
    \SystemRoot\system32\drivers\WDFLDR.SYS
    \SystemRoot\system32\drivers\ACPI.sys
    \SystemRoot\system32\drivers\WMILIB.SYS
    \SystemRoot\system32\drivers\msisadrv.sys
    \SystemRoot\system32\drivers\pci.sys
    \SystemRoot\system32\drivers\vdrvroot.sys
    \SystemRoot\System32\drivers\partmgr.sys
    \SystemRoot\system32\DRIVERS\compbatt.sys
    \SystemRoot\system32\DRIVERS\BATTC.SYS
    \SystemRoot\system32\drivers\volmgr.sys
    \SystemRoot\System32\drivers\volmgrx.sys
    \SystemRoot\system32\drivers\pciide.sys
    \SystemRoot\system32\drivers\PCIIDEX.SYS
    \SystemRoot\System32\drivers\mountmgr.sys
    \SystemRoot\system32\DRIVERS\iaStor.sys
    \SystemRoot\system32\drivers\atapi.sys
    \SystemRoot\system32\drivers\ataport.SYS
    \SystemRoot\system32\drivers\msahci.sys
    \SystemRoot\system32\drivers\amdxata.sys
    \SystemRoot\system32\drivers\fltmgr.sys
    \SystemRoot\system32\drivers\fileinfo.sys
    \SystemRoot\System32\Drivers\FSPFltd.sys
    \SystemRoot\System32\Drivers\msrpc.sys
    \SystemRoot\System32\Drivers\ksecdd.sys
    \SystemRoot\system32\DRIVERS\oodrvled.sys
    \SystemRoot\System32\Drivers\Ntfs.sys
    \SystemRoot\System32\Drivers\cng.sys
    \SystemRoot\System32\drivers\pcw.sys
    \SystemRoot\System32\Drivers\Fs_Rec.sys
    \SystemRoot\system32\drivers\ndis.sys
    \SystemRoot\system32\drivers\NETIO.SYS
    \SystemRoot\System32\Drivers\ksecpkg.sys
    \SystemRoot\System32\drivers\tcpip.sys
    \SystemRoot\System32\drivers\fwpkclnt.sys
    \SystemRoot\system32\drivers\volsnap.sys
    \SystemRoot\System32\drivers\rdyboost.sys
    \SystemRoot\System32\Drivers\mup.sys
    \SystemRoot\System32\drivers\hwpolicy.sys
    \SystemRoot\System32\DRIVERS\fvevol.sys
    \SystemRoot\system32\DRIVERS\disk.sys
    \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\System32\Drivers\Beep.SYS
    \SystemRoot\System32\drivers\vga.sys
    \SystemRoot\System32\drivers\VIDEOPRT.SYS
    \SystemRoot\System32\drivers\watchdog.sys
    \SystemRoot\system32\drivers\rdpencdd.sys
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\system32\DRIVERS\BdfNdisf6.sys
    \SystemRoot\system32\DRIVERS\tdx.sys
    \SystemRoot\system32\DRIVERS\TDI.SYS
    \SystemRoot\system32\drivers\afd.sys
    \SystemRoot\System32\DRIVERS\netbt.sys
    \SystemRoot\system32\DRIVERS\wfplwf.sys
    \SystemRoot\system32\DRIVERS\pacer.sys
    \SystemRoot\system32\DRIVERS\vwififlt.sys
    \SystemRoot\system32\DRIVERS\vpcnfltr.sys
    \SystemRoot\system32\DRIVERS\netbios.sys
    \SystemRoot\system32\DRIVERS\rdbss.sys
    \SystemRoot\system32\drivers\nsiproxy.sys
    \SystemRoot\System32\Drivers\dfsc.sys
    \SystemRoot\system32\DRIVERS\tunnel.sys
    \SystemRoot\system32\drivers\HDAudBus.sys
    \SystemRoot\system32\DRIVERS\HECIx64.sys
    \SystemRoot\system32\drivers\usbehci.sys
    \SystemRoot\system32\drivers\USBPORT.SYS
    \SystemRoot\system32\DRIVERS\FLxHCIc.sys
    \SystemRoot\system32\DRIVERS\L1C62x64.sys
    \SystemRoot\system32\drivers\i8042prt.sys
    \SystemRoot\system32\DRIVERS\SynTP.sys
    \SystemRoot\system32\DRIVERS\USBD.SYS
    \SystemRoot\system32\DRIVERS\mouclass.sys
    \SystemRoot\system32\DRIVERS\kbfiltr.sys
    \SystemRoot\system32\DRIVERS\kbdclass.sys
    \SystemRoot\system32\drivers\cdrom.sys
    \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    \SystemRoot\system32\DRIVERS\ATK64AMD.sys
    \SystemRoot\system32\DRIVERS\blbdrive.sys
    \SystemRoot\system32\drivers\CompositeBus.sys
    \SystemRoot\system32\drivers\mssmbios.sys
    \SystemRoot\system32\DRIVERS\AgileVpn.sys
    \SystemRoot\system32\DRIVERS\rasl2tp.sys
    \SystemRoot\system32\DRIVERS\ndistapi.sys
    \SystemRoot\system32\DRIVERS\ndiswan.sys
    \SystemRoot\system32\DRIVERS\raspppoe.sys
    \SystemRoot\system32\DRIVERS\raspptp.sys
    \SystemRoot\system32\DRIVERS\rassstp.sys
    \SystemRoot\system32\drivers\termdd.sys
    \SystemRoot\system32\DRIVERS\VClone.sys
    \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
    \SystemRoot\system32\drivers\swenum.sys
    \SystemRoot\system32\drivers\ks.sys
    \SystemRoot\system32\drivers\umbus.sys
    \SystemRoot\system32\DRIVERS\vpchbus.sys
    \SystemRoot\system32\DRIVERS\usbhub.sys
    \SystemRoot\system32\DRIVERS\FLxHCIh.sys
    \SystemRoot\System32\Drivers\NDProxy.SYS
    \SystemRoot\system32\DRIVERS\usbccgp.sys
    \SystemRoot\system32\DRIVERS\cdfs.sys
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\Dxapi.sys
    \SystemRoot\System32\drivers\dxg.sys
    \SystemRoot\System32\TSDDD.dll
    \SystemRoot\System32\Drivers\crashdmp.sys
    \SystemRoot\System32\Drivers\dump_iaStor.sys
    \SystemRoot\System32\Drivers\dump_dumpfve.sys
    \SystemRoot\System32\framebuf.dll
    \SystemRoot\System32\ATMFD.DLL
    \SystemRoot\system32\DRIVERS\hidusb.sys
    \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    \SystemRoot\system32\DRIVERS\kbdhid.sys
    \SystemRoot\system32\DRIVERS\mouhid.sys
    \SystemRoot\system32\DRIVERS\nwifi.sys
    \SystemRoot\system32\DRIVERS\ndisuio.sys
    \SystemRoot\system32\DRIVERS\bowser.sys
    \SystemRoot\System32\drivers\mpsdrv.sys
    \SystemRoot\system32\DRIVERS\mrxsmb.sys
    \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    \??\C:\Windows\system32\drivers\mbamchameleon.sys
    \??\C:\Windows\system32\drivers\mbamswissarmy.sys
    \Windows\System32\ntdll.dll
    \Windows\System32\smss.exe
    \Windows\System32\apisetschema.dll
    ----------- End -----------
    <<<1>>>
    Upper Device Name: \Device\Harddisk0\DR0
    Upper Device Object: 0xfffffa80065bb790
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\Ide\IAAStorageDevice-1\
    Lower Device Object: 0xfffffa8006339050
    Lower Device Driver Name: \Driver\iaStor\
    Driver name found: iaStor
    Initialization returned 0x0
    Load Function returned 0x0
    Downloaded database version: v2013.02.03.01
    Downloaded database version: v2013.01.23.01
    =======================================

    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.01.0.1017
    (c) Malwarebytes Corporation 2011-2012
    OS version: 6.1.7601 Windows 7 Service Pack 1 x64
    System is currently in a safe mode
    Account is Administrative
    Internet Explorer version: 9.0.8112.16421
    Java version: 1.6.0_37
    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
    CPU speed: 1.729000 GHz
    Memory total: 6363136000, free: 4948520960
    ------------ Kernel report ------------
    02/03/2013 03:50:14
    ------------ Loaded modules -----------
    \SystemRoot\system32\ntoskrnl.exe
    \SystemRoot\system32\hal.dll
    \SystemRoot\system32\kdcom.dll
    \SystemRoot\system32\mcupdate_GenuineIntel.dll
    \SystemRoot\system32\PSHED.dll
    \SystemRoot\system32\CLFS.SYS
    \SystemRoot\system32\CI.dll
    \SystemRoot\system32\drivers\Wdf01000.sys
    \SystemRoot\system32\drivers\WDFLDR.SYS
    \SystemRoot\system32\drivers\ACPI.sys
    \SystemRoot\system32\drivers\WMILIB.SYS
    \SystemRoot\system32\drivers\msisadrv.sys
    \SystemRoot\system32\drivers\pci.sys
    \SystemRoot\system32\drivers\vdrvroot.sys
    \SystemRoot\System32\drivers\partmgr.sys
    \SystemRoot\system32\DRIVERS\compbatt.sys
    \SystemRoot\system32\DRIVERS\BATTC.SYS
    \SystemRoot\system32\drivers\volmgr.sys
    \SystemRoot\System32\drivers\volmgrx.sys
    \SystemRoot\system32\drivers\pciide.sys
    \SystemRoot\system32\drivers\PCIIDEX.SYS
    \SystemRoot\System32\drivers\mountmgr.sys
    \SystemRoot\system32\DRIVERS\iaStor.sys
    \SystemRoot\system32\drivers\atapi.sys
    \SystemRoot\system32\drivers\ataport.SYS
    \SystemRoot\system32\drivers\msahci.sys
    \SystemRoot\system32\drivers\amdxata.sys
    \SystemRoot\system32\drivers\fltmgr.sys
    \SystemRoot\system32\drivers\fileinfo.sys
    \SystemRoot\System32\Drivers\FSPFltd.sys
    \SystemRoot\System32\Drivers\msrpc.sys
    \SystemRoot\System32\Drivers\ksecdd.sys
    \SystemRoot\system32\DRIVERS\oodrvled.sys
    \SystemRoot\System32\Drivers\Ntfs.sys
    \SystemRoot\System32\Drivers\cng.sys
    \SystemRoot\System32\drivers\pcw.sys
    \SystemRoot\System32\Drivers\Fs_Rec.sys
    \SystemRoot\system32\drivers\ndis.sys
    \SystemRoot\system32\drivers\NETIO.SYS
    \SystemRoot\System32\Drivers\ksecpkg.sys
    \SystemRoot\System32\drivers\tcpip.sys
    \SystemRoot\System32\drivers\fwpkclnt.sys
    \SystemRoot\system32\drivers\volsnap.sys
    \SystemRoot\System32\drivers\rdyboost.sys
    \SystemRoot\System32\Drivers\mup.sys
    \SystemRoot\System32\drivers\hwpolicy.sys
    \SystemRoot\System32\DRIVERS\fvevol.sys
    \SystemRoot\system32\DRIVERS\disk.sys
    \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\System32\Drivers\Beep.SYS
    \SystemRoot\System32\drivers\vga.sys
    \SystemRoot\System32\drivers\VIDEOPRT.SYS
    \SystemRoot\System32\drivers\watchdog.sys
    \SystemRoot\system32\drivers\rdpencdd.sys
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\system32\DRIVERS\BdfNdisf6.sys
    \SystemRoot\system32\DRIVERS\tdx.sys
    \SystemRoot\system32\DRIVERS\TDI.SYS
    \SystemRoot\system32\drivers\afd.sys
    \SystemRoot\System32\DRIVERS\netbt.sys
    \SystemRoot\system32\DRIVERS\wfplwf.sys
    \SystemRoot\system32\DRIVERS\pacer.sys
    \SystemRoot\system32\DRIVERS\vwififlt.sys
    \SystemRoot\system32\DRIVERS\vpcnfltr.sys
    \SystemRoot\system32\DRIVERS\netbios.sys
    \SystemRoot\system32\DRIVERS\rdbss.sys
    \SystemRoot\system32\drivers\nsiproxy.sys
    \SystemRoot\System32\Drivers\dfsc.sys
    \SystemRoot\system32\DRIVERS\tunnel.sys
    \SystemRoot\system32\drivers\HDAudBus.sys
    \SystemRoot\system32\DRIVERS\HECIx64.sys
    \SystemRoot\system32\drivers\usbehci.sys
    \SystemRoot\system32\drivers\USBPORT.SYS
    \SystemRoot\system32\DRIVERS\FLxHCIc.sys
    \SystemRoot\system32\DRIVERS\L1C62x64.sys
    \SystemRoot\system32\drivers\i8042prt.sys
    \SystemRoot\system32\DRIVERS\SynTP.sys
    \SystemRoot\system32\DRIVERS\USBD.SYS
    \SystemRoot\system32\DRIVERS\mouclass.sys
    \SystemRoot\system32\DRIVERS\kbfiltr.sys
    \SystemRoot\system32\DRIVERS\kbdclass.sys
    \SystemRoot\system32\drivers\cdrom.sys
    \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    \SystemRoot\system32\DRIVERS\ATK64AMD.sys
    \SystemRoot\system32\DRIVERS\blbdrive.sys
    \SystemRoot\system32\drivers\CompositeBus.sys
    \SystemRoot\system32\drivers\mssmbios.sys
    \SystemRoot\system32\DRIVERS\AgileVpn.sys
    \SystemRoot\system32\DRIVERS\rasl2tp.sys
    \SystemRoot\system32\DRIVERS\ndistapi.sys
    \SystemRoot\system32\DRIVERS\ndiswan.sys
    \SystemRoot\system32\DRIVERS\raspppoe.sys
    \SystemRoot\system32\DRIVERS\raspptp.sys
    \SystemRoot\system32\DRIVERS\rassstp.sys
    \SystemRoot\system32\drivers\termdd.sys
    \SystemRoot\system32\DRIVERS\VClone.sys
    \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
    \SystemRoot\system32\drivers\swenum.sys
    \SystemRoot\system32\drivers\ks.sys
    \SystemRoot\system32\drivers\umbus.sys
    \SystemRoot\system32\DRIVERS\vpchbus.sys
    \SystemRoot\system32\DRIVERS\usbhub.sys
    \SystemRoot\system32\DRIVERS\FLxHCIh.sys
    \SystemRoot\System32\Drivers\NDProxy.SYS
    \SystemRoot\system32\DRIVERS\usbccgp.sys
    \SystemRoot\system32\DRIVERS\hidusb.sys
    \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    \SystemRoot\system32\DRIVERS\cdfs.sys
    \SystemRoot\system32\DRIVERS\kbdhid.sys
    \SystemRoot\system32\DRIVERS\mouhid.sys
    \SystemRoot\System32\Drivers\crashdmp.sys
    \SystemRoot\System32\Drivers\dump_iaStor.sys
    \SystemRoot\System32\Drivers\dump_dumpfve.sys
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\Dxapi.sys
    \SystemRoot\System32\drivers\dxg.sys
    \SystemRoot\System32\TSDDD.dll
    \SystemRoot\System32\framebuf.dll
    \SystemRoot\System32\ATMFD.DLL
    \SystemRoot\system32\DRIVERS\nwifi.sys
    \SystemRoot\system32\DRIVERS\ndisuio.sys
    \SystemRoot\system32\DRIVERS\bowser.sys
    \SystemRoot\System32\drivers\mpsdrv.sys
    \SystemRoot\system32\DRIVERS\mrxsmb.sys
    \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    \??\C:\Windows\system32\drivers\mbamchameleon.sys
    \??\C:\Windows\system32\drivers\mbamswissarmy.sys
    \Windows\System32\ntdll.dll
    \Windows\System32\smss.exe
    \Windows\System32\apisetschema.dll
    ----------- End -----------
    <<<1>>>
    Upper Device Name: \Device\Harddisk0\DR0
    Upper Device Object: 0xfffffa80065db790
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\Ide\IAAStorageDevice-1\
    Lower Device Object: 0xfffffa8006386050
    Lower Device Driver Name: \Driver\iaStor\
    Driver name found: iaStor
    Initialization returned 0x0
    Load Function returned 0x0
    Initializing...
    Done!
    <<<2>>>
    Device number: 0, partition: 2
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xfffffa80065db790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa80065db2c0, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa80065db790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa8006380530, DeviceName: Unknown, DriverName: \Driver\ACPI\
    DevicePointer: 0xfffffa8006386050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
    ------------ End ----------
    Upper DeviceData: 0xfffff8a002d45660, 0xfffffa80065db790, 0xfffffa8010821090
    Lower DeviceData: 0xfffff8a002dbedf0, 0xfffffa8006386050, 0xfffffa801081c850
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scanning directory: C:\Windows\system32\drivers...
    Done!
    Drive 0
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: E0C5913D
    Partition information:
    Partition 0 type is Other (0x1c)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 63 Numsec = 45062262
    Partition 1 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 45062325 Numsec = 244186929
    Partition file system is NTFS
    Partition is bootable
    Partition 2 type is Extended with LBA (0xf)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 289249280 Numsec = 687521792
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0
    Disk Size: 500107862016 bytes
    Sector size: 512 bytes
    Scanning physical sectors of unpartitioned space on drive 0 (1-62-976753168-976773168)...
    Done!
    Performing system, memory and registry scan...
    Done!
    Scan finished
    =======================================
     
  21. Broni

    Broni Malware Annihilator Posts: 47,037   +255

    See what happens if you try to start in normal mode.
     
  22. Cal_74

    Cal_74 TS Rookie Topic Starter Posts: 37

    Did a restart in normal mode.

    Same results as before. After the "Welcome" screen, it becomes black with only the mouse cursor visible then nothing else happens.
     
  23. Broni

    Broni Malware Annihilator Posts: 47,037   +255

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
  24. Cal_74

    Cal_74 TS Rookie Topic Starter Posts: 37

    After launching ComboFix, it tells me that the BitDefender real-time antivirus and antispyware scanner are active.

    The problem is that, if I open the BitDefender console, it says that the BitDefender Security Service (vsserv.exe) is unavailable -> no way to stop the scanners. I can't uninstall BitDefender in safe mode neither.
     
  25. Broni

    Broni Malware Annihilator Posts: 47,037   +255

    In safe mode it doesn't matter.
    Disregard that warning.
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.