Inactive [A] Another 0i763f66bz.exe Infection

Status
Not open for further replies.
C

CplKerberos

Posts: 6   +0
Hello,

I recently noticed my computer acting rather funny and playing random music and ads even when nothing was open. I managed to catch a glimpse of an unknown file, 0i763f66bz.exe, running in my processes. After performing several attempts using Malwarebytes to remove the infection, It still dwells on my machine.

I am frustrated and would greatly appreciate some help. Logs are as follows:

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.12.08

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
The Man :: THEMAN [administrator]

7/13/2012 1:49:48 PM
mbam-log-2012-07-13 (13-49-48).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 268504
Time elapsed: 5 minute(s), 43 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Regedit32 (Trojan.Agent) -> Data: C:\Windows\system32\regedit.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Windows\Installer\{0b1584b4-677e-80a2-0359-20e052729584}\U\00000001.@ (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\Windows\Installer\{0b1584b4-677e-80a2-0359-20e052729584}\U\800000cb.@ (Rootkit.0Access) -> Quarantined and deleted successfully.

(end)
____________________________________________________
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-07-13 13:59:36
Windows 6.0.6002 Service Pack 2
Running: gnecouhf.exe


---- Services - GMER 1.0.15 ----

Service C:\SystemRoot\System32\Drivers\2b166bab857722d2.sys (*** hidden *** ) [BOOT] 2b166bab857722d2 <-- ROOTKIT !!!

---- EOF - GMER 1.0.15 ----
_____________________________________________________
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_33
Run by The Man at 14:00:47 on 2012-07-13
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.3070.1673 [GMT -5:00]
.
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\Wacom_Tablet.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\WTablet\Wacom_TabletUser.exe
C:\Windows\system32\Wacom_Tablet.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files\Razer\Copperhead\razerhid.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\DNA\btdna.exe
C:\Users\The Man\0i763f66bz.exe
C:\Users\The Man\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Razer\Copperhead\razerofa.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Windows\system32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conime.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
uURLSearchHooks: H - No File
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
TB: {00000000-0000-0000-0000-000000000000} - No File
TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
TB: {1392B8D2-5C05-419F-A8F6-B9F15A596612} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"
uRun: [igndlm.exe] c:\program files\download manager\DLM.exe /windowsstart /startifwork
uRun: [Google Update] "c:\users\the man\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [0i763f66bz] c:\users\the man\0i763f66bz.exe
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockw~1\SWHELP~1.EXE -Update -1103471 -"Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.6) Gecko/2009011913 Firefox/3.0.6" -"http://owl.cengage.com/owl-c/quiz_e...49&Session=80&Module=48185&TsActn=12343197760"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [ATT-SST_McciTrayApp] "c:\program files\att-sst\McciTrayApp.exe"
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [ATT-SST_UninstallTracking] c:\users\theman~1\appdata\local\temp\InstallHelper.exe /uninstalltrackingvendor=ATT-SST
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Copperhead] c:\program files\razer\copperhead\razerhid.exe
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [LogMeIn Hamachi Ui] "c:\program files\logmein hamachi\hamachi-2-ui.exe" --auto-start
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [Regedit32] c:\windows\system32\regedit.exe
mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "c:\programdata\malwarebytes\malwarebytes' anti-malware\cleanup.dll",ProcessCleanupScript
StartupFolder: c:\users\theman~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\the man\appdata\roaming\dropbox\bin\Dropbox.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {E59EB121-F339-4851-A3BA-FE49C35617C2} - c:\program files\icq6.5\ICQ.exe
Trusted Zone: motive.com\patttbc.att
DPF: {2B658B62-1B6F-4CFF-8A7C-225B7BB15336} - hxxp://www.dotbook.jp/crochet/download/T-TimeCrochet.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} - hxxp://support.gateway.com/support/serialharvest/gwCID.CAB
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{C1A96CA6-645E-49A0-BC78-54D4CDC5D9FB} : DhcpNameServer = 75.75.75.75 75.75.76.76
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\the man\appdata\roaming\mozilla\firefox\profiles\2jofzfx4.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us&tb_uuid=100000000000000002&tb_oid=05-05-2010&tb_mrud=05-05-2010
FF - prefs.js: browser.startup.homepage - www.google.com
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\battlelog web plugins\1.116.0\npesnlaunch.dll
FF - plugin: c:\program files\battlelog web plugins\1.118.0\npesnlaunch.dll
FF - plugin: c:\program files\battlelog web plugins\sonar\0.70.4\npesnsonar.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\download manager\npfpdlm.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\users\the man\appdata\local\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\users\the man\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\users\the man\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\the man\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_265.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
FF - user.js: browser.sessionstore.resume_from_crash - false
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
============= SERVICES / DRIVERS ===============
.
R2 DAZContentManagementService;DAZ Content Management Service;c:\program files\daz 3d\content management service\ContentManagementServer.exe [2011-12-4 18432]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2011-10-27 21504]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\logmein hamachi\hamachi-2.exe [2012-6-27 1385896]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia update core\daemonu.exe [2012-2-24 2348352]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2012-2-9 382272]
R2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [2011-12-17 2789672]
R2 UMVPFSrv;UMVPFSrv;c:\program files\common files\logishrd\lvmvfm\UMVPFSrv.exe [2011-8-19 450848]
R3 UsbFltr;Razer Copperhead Driver;c:\windows\system32\drivers\copperhd.sys [2012-5-20 11596]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2011-12-17 15656]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-7-13 721000]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-7-13 353688]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-7-13 21256]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-7-13 57656]
S2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-7-13 44808]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-6-30 116648]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-6-5 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-6 250056]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\electronic arts\dragon age\bin_ship\daupdatersvc.service.exe [2011-2-24 25832]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-6-30 116648]
S3 LachesisFltr;Lachesis Mouse Driver;c:\windows\system32\drivers\Lachesis.sys [2008-7-22 12032]
S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2010-4-6 33792]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\drivers\MijXfilt.sys [2011-10-15 97552]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-24 113120]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-1-25 42000]
S3 TarFltr;Razer Tarantula USB Keyboard;c:\windows\system32\drivers\UsbFltr.sys [2007-4-11 45440]
S3 uxldipoc;uxldipoc;c:\users\theman~1\appdata\local\temp\uxldipoc.sys [2012-7-13 100864]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-07-13 18:55:49 54016 ----a-w- c:\windows\system32\drivers\wlxllud.sys
2012-07-13 18:47:23 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-07-13 18:47:23 57656 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-07-13 18:47:07 41224 ----a-w- c:\windows\avastSS.scr
2012-07-13 18:46:23 -------- d-----w- c:\programdata\AVAST Software
2012-07-13 18:46:23 -------- d-----w- c:\program files\AVAST Software
2012-07-12 16:33:14 476936 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-07-11 13:30:33 -------- d-----w- c:\program files\LogMeIn Hamachi
2012-06-27 22:45:40 -------- d-----w- c:\users\the man\appdata\local\DDMSettings
2012-06-27 22:43:20 -------- d-----w- c:\program files\common files\DivX Shared
2012-06-27 22:33:14 -------- d-----w- c:\programdata\DivX
2012-06-27 16:27:51 -------- d-----w- c:\program files\Guild Wars 2
2012-06-23 01:49:37 -------- d-----w- c:\programdata\BioWare
2012-06-23 01:49:02 -------- d-----w- c:\users\the man\appdata\local\EA Core
2012-06-22 21:11:14 -------- d-----w- c:\program files\common files\BioWare
2012-06-20 20:20:08 -------- d-----w- c:\program files\Dropbox
2012-06-18 17:08:29 -------- d-----w- c:\users\the man\appdata\local\Macromedia
2012-06-18 17:08:08 770384 ----a-w- c:\program files\mozilla firefox\msvcr100.dll
2012-06-18 17:08:08 421200 ----a-w- c:\program files\mozilla firefox\msvcp100.dll
.
==================== Find3M ====================
.
2012-07-12 17:06:06 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-12 17:06:06 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-12 16:33:04 472840 ----a-w- c:\windows\system32\deployJava1.dll
2012-07-03 18:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-14 07:44:16 140800 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2012-05-14 07:44:07 283304 ----a-w- c:\windows\system32\PnkBstrB.xtr
2012-05-14 07:44:07 283304 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-05-14 07:43:56 280904 ----a-w- c:\windows\system32\PnkBstrB.ex0
.
============= FINISH: 14:01:22.65 ===============
______________________________________________________________
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 5/7/2005 10:24:05 AM
System Uptime: 7/13/2012 1:30:02 PM (1 hours ago)
.
Motherboard: ECS | | MCP61PM-GM
Processor: AMD Phenom(tm) 9600 Quad-Core Processor | Socket AM2 | 2300/1mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 430 GiB total, 66.642 GiB free.
D: is CDROM ()
F: is FIXED (FAT32) - 298 GiB total, 34.335 GiB free.
G: is FIXED (FAT32) - 56 GiB total, 11.509 GiB free.
H: is Removable
I: is Removable
J: is Removable
L: is FIXED (NTFS) - 35 GiB total, 35.409 GiB free.
N: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Multimedia Video Controller
Device ID: PCI\VEN_14F1&DEV_8880&SUBSYS_D4391461&REV_0F\4&30CC26D1&0&0060
Manufacturer:
Name: Multimedia Video Controller
PNP Device ID: PCI\VEN_14F1&DEV_8880&SUBSYS_D4391461&REV_0F\4&30CC26D1&0&0060
Service:
.
Class GUID: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Description:
Device ID: ROOT\HIDCLASS\0001
Manufacturer: Wacom
Name:
PNP Device ID: ROOT\HIDCLASS\0001
Service:
.
Class GUID: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Description:
Device ID: ROOT\HIDCLASS\0003
Manufacturer: Wacom
Name:
PNP Device ID: ROOT\HIDCLASS\0003
Service:
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
Acrobat.com
Adobe AIR
Adobe Anchor Service CS3
Adobe Anchor Service CS4
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge CS4
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps CS4
Adobe Color - Photoshop Specific
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Illustrator CS4
Adobe Linguistics CS3
Adobe Linguistics CS4
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS3
Adobe Reader 9.5.1
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Shockwave Player
Adobe Stock Photos CS3
Adobe Type Support CS4
Adobe Update Manager CS3
Adobe Update Manager CS4
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Adventure Game Studio 3.1.2 SP1
AIM 7
Alien Swarm
Alien Swarm - SDK
Apple Application Support
Apple Mobile Device Support
Apple Software Update
avast! Free Antivirus
Battlefield 2(TM)
Battlefield 3™
Battlelog Web Plugins
BioShock 2
BitTorrent
Blender (remove only)
Blender NIF Scripts (remove only)
Bonjour
Brawl Busters
Call of Duty(R) - World at War(TM) 1.1 Patch
Call of Duty(R) - World at War(TM) 1.2 Patch
Call of Duty(R) - World at War(TM) 1.4 Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
Camtasia Studio 7
Canon iP6700D
Canon ScanGear Starter
Canon Utilities Easy-PhotoPrint
CanoScan Toolbox Ver4.9
CDisplay 1.8
Cheat Engine 6.1
Combined Community Codec Pack 2008-09-21 16:18
Connect
Creation Kit
Crysis(R)
Crystal Player Professional 1.98
DAZ Content Management Service
DAZ Studio 4
Dead Space 2
Debut Video Capture Software
Digsby
DivX Setup
DNA
Download Manager 2.3.7
Download Updater (AOL LLC)
Dragon Age: Origins
DriveImage XML
Dropbox
DS4 Default Content
DVD Decrypter (Remove Only)
EA Installer
EA Shared Game Component: Activation
EasyBCD 1.7.2
ESN Sonar
Fallout 3
Fallout 3 - The Garden of Eden Creation Kit
FastStone Image Viewer 4.2
ffvfw (uninstall only)
FileZilla Client 3.3.0.1
FLV Player 2.0 (build 25)
Fraps (remove only)
Freecorder 5
FreeFixer
Frozen Synapse
Garry's Mod
Google Chrome
Google Earth
Google Talk Plugin
Google Update Helper
GraphicsGale FreeEdition version 1.93.16
GraphicsGale version 1.93
Guild Wars
Guild Wars 2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
ICQ6.5
Indeo® software
iTunes
Japanese Fonts Support For Adobe Reader 9
Java Auto Updater
Java DB 10.6.2.1
Java(TM) 6 Update 22
Java(TM) 6 Update 33
Java(TM) 6 Update 7
Java(TM) SE Development Kit 6 Update 24
Java(TM) SE Runtime Environment 6
join.me
kuler
Livestream Procaster
Logitech Updater
Logitech Webcam Software
Logitech Webcam Software Driver Package
LogMeIn Hamachi
Malwarebytes Anti-Malware version 1.62.0.1300
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Silverlight
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft XNA Framework Redistributable 3.1
Microsoft XNA Framework Redistributable 4.0
MotioninJoy ds3 driver version 0.6.0004
Move Networks Media Player for Internet Explorer
Mozilla Firefox 13.0.1 (x86 en-US)
Mozilla Maintenance Service
Mozilla Thunderbird 13.0.1 (x86 en-US)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MuckClient
NCH Toolbox
Notepad++
NVIDIA 3D Vision Controller Driver
NVIDIA 3D Vision Controller Driver 295.73
NVIDIA 3D Vision Driver 295.73
NVIDIA Control Panel 295.73
NVIDIA Drivers
NVIDIA Graphics Driver 295.73
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 9.12.0209
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 1.7.11
NVIDIA Update Components
OEM Logo and Information
OpenAL
openCanvas4.5e Plus
OpenOffice.org 3.3
Origin
PCSX2 - Playstation 2 Emulator
PDF Settings CS4
Photoshop Camera Raw
PunkBuster Services
PyFFI 2.1.10
Python 2.6 PyFFI-2.1.10
Python 2.6.6
QuickTime
Razer Copperhead
Realtek High Definition Audio Driver
Revo Uninstaller 1.93
Sanctum
SecondLifeViewer (remove only)
Security Update for CAPICOM (KB931906)
Skulltag
Skype™ 5.9
SMPlayer 0.6.7
Soft Data Fax Modem with SmartCP
Source SDK
Source SDK Base - Orange Box
StarCraft II
Steam
Suite Shared Configuration CS4
Synergy
TeamSpeak 2 RC2
TechArts 3D Custom Girl XPr1
Terraria
The Elder Scrolls V: Skyrim
TightVNC 1.3.9
Tom Clancy's Splinter Cell: Conviction
Trillian
Trine
Trine 2
Ubisoft Game Launcher
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
VC80CRTRedist - 8.0.50727.6195
Ventrilo Client
Ventrilo Server
VLC media player 1.1.10
VTFEdit 1.2.5
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Messenger
Windows Live Upload Tool
Windows Media Player Firefox Plugin
WinPcap 4.0
WinRAR archiver
WM Recorder 11.2
Wolfenstein(TM) 1.1 Patch
Xilisoft Video Converter Ultimate
Xvid 1.2.1 final uninstall
Yahoo! Messenger
.
==== Event Viewer Messages From Past Week ========
.
7/9/2012 10:44:42 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.101 for the Network Card with network address 001E900B7BE9 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
7/13/2012 8:49:27 AM, Error: Service Control Manager [7034] - The Interactive Services Detection service terminated unexpectedly. It has done this 1 time(s).
7/13/2012 8:46:25 AM, Error: Service Control Manager [7034] - The DAZ Content Management Service service terminated unexpectedly. It has done this 1 time(s).
7/13/2012 1:56:32 PM, Error: Service Control Manager [7000] - The uxldipoc service failed to start due to the following error: A device attached to the system is not functioning.
7/13/2012 1:49:42 PM, Error: Service Control Manager [7000] - The MBAMSwissArmy service failed to start due to the following error: A device attached to the system is not functioning.
7/13/2012 1:47:28 PM, Error: Service Control Manager [7001] - The avast! Antivirus service depends on the aswMonFlt service which failed to start because of the following error: A device attached to the system is not functioning.
7/13/2012 1:47:28 PM, Error: Service Control Manager [7000] - The avast! Network Shield Support service failed to start due to the following error: A device attached to the system is not functioning.
7/13/2012 1:47:28 PM, Error: Service Control Manager [7000] - The aswSP service failed to start due to the following error: A device attached to the system is not functioning.
7/13/2012 1:47:28 PM, Error: Service Control Manager [7000] - The aswSnx service failed to start due to the following error: A device attached to the system is not functioning.
7/13/2012 1:47:28 PM, Error: Service Control Manager [7000] - The aswMonFlt service failed to start due to the following error: A device attached to the system is not functioning.
7/13/2012 1:47:28 PM, Error: Service Control Manager [7000] - The aswFsBlk service failed to start due to the following error: A device attached to the system is not functioning.
7/13/2012 1:33:13 PM, Error: Microsoft-Windows-WMPNSS-Service [14325] - Service 'WMPNetworkSvc' did not start correctly because QueryService encountered error '0x80070424'. In Windows Media Player, turn off media sharing, and then turn it back on.
7/13/2012 1:32:02 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: kohvmykv sptd svbfory
7/13/2012 1:32:02 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
7/13/2012 1:32:02 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
7/13/2012 1:32:02 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
7/13/2012 1:13:22 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
7/13/2012 1:13:22 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
7/13/2012 1:13:21 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
7/13/2012 1:13:11 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC kohvmykv NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr sptd svbfory tdx Wanarpv6
7/13/2012 1:13:11 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
7/13/2012 1:13:11 PM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
7/13/2012 1:13:11 PM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
7/13/2012 1:13:11 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
7/13/2012 1:13:11 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
7/13/2012 1:13:11 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
7/13/2012 1:13:11 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
7/13/2012 1:13:11 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
7/13/2012 1:13:11 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
7/13/2012 1:13:11 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
7/13/2012 1:13:11 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
7/13/2012 1:13:11 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
7/13/2012 1:12:46 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
7/13/2012 1:12:46 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
7/13/2012 1:12:46 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
7/13/2012 1:12:43 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
7/13/2012 1:12:35 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
7/11/2012 8:32:05 AM, Error: Service Control Manager [7030] - The LogMeIn Hamachi Tunneling Engine service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
7/11/2012 8:32:05 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: kohvmykv svbfory
7/11/2012 8:32:05 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the LogMeIn Hamachi Tunneling Engine service to connect.
7/11/2012 8:32:05 AM, Error: Service Control Manager [7000] - The LogMeIn Hamachi Tunneling Engine service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================
 
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

===========================================

For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
 
I followed your instructions to the letter. Everything ran just fine and the computer restarted into Windows Vista normally. I verified the log for FRST was created successfully and it was. I shut down my machine and came back later to discover that my old dual boot of Windows XP came back to bite me. The OS was removed from my machine and never caused an issue up until this point but upon starting my machine I was greeted with a brief flash showcasing "invalid boot.ini". Obviously this has caused me some concern and has prevented me from starting the machine normally.

Regardless, here is the log file from FRST:

Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 13-07-2012
Ran by SYSTEM at 14-07-2012 01:24:17
Running from H:\
Windows Vista (TM) Ultimate (X86) OS Language: English(US)
The current controlset is ControlSet004

========================== Registry (Whitelisted) =============

HKLM\...\Run: [RtHDVCpl] RtHDVCpl.exe [x]
HKLM\...\Run: [ATT-SST_McciTrayApp] "C:\Program Files\ATT-SST\McciTrayApp.exe" [x]
HKLM\...\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin [611712 2008-08-14] (Adobe Systems Incorporated)
HKLM\...\Run: [ATT-SST_UninstallTracking] C:\Users\THEMAN~1\AppData\Local\Temp\InstallHelper.exe /uninstalltrackingvendor=ATT-SST [x]
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2011-07-05] (Apple Inc.)
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-09-27] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421736 2011-10-09] (Apple Inc.)
HKLM\...\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide [2793304 2009-10-14] ()
HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2012-03-27] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM\...\Run: [Copperhead] C:\Program Files\Razer\Copperhead\razerhid.exe [155648 2005-11-25] ()
HKLM\...\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1259376 2011-07-28] ()
HKLM\...\Run: [LogMeIn Hamachi Ui] "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start [1996200 2012-06-27] (LogMeIn Inc.)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4273976 2012-07-03] (AVAST Software)
HKLM\...\Run: [Regedit32] C:\Windows\system32\regedit.exe [x]
HKU\Guest\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2011-07-05] (Apple Inc.)
HKU\The Man\...\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe" [323392 2009-11-06] (BitTorrent, Inc.)
HKU\The Man\...\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork [1103216 2009-05-14] (IGN Entertainment)
HKU\The Man\...\Run: [Google Update] "C:\Users\The Man\AppData\Local\Google\Update\GoogleUpdate.exe" /c [135664 2010-01-20] (Google Inc.)
HKU\The Man\...\Run: [0i763f66bz] C:\Users\The Man\0i763f66bz.exe [38400 2012-07-09] (DeLOCK)
Startup: C:\Users\The Man\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> (No File)

================================ Services (Whitelisted) ==================

2 avast! Antivirus; "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" [44808 2012-07-03] (AVAST Software)
3 DAUpdaterSvc; C:\Program Files\Electronic Arts\Dragon Age\\bin_ship\DAUpdaterSvc.Service.exe [25832 2011-02-23] (BioWare)
2 DAZContentManagementService; "C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe" [18432 2011-05-05] ()
2 Eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [21504 2008-01-18] (Microsoft Corporation)
2 Hamachi2Svc; "C:\Program Files\LogMeIn Hamachi\hamachi-2.exe" -s [1385896 2012-06-27] (LogMeIn Inc.)
2 nvUpdatusService; C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2348352 2012-02-09] (NVIDIA Corporation)
2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76888 2012-02-29] ()
2 SkypeUpdate; "C:\Program Files\Skype\Updater\Updater.exe" [160944 2012-06-05] (Skype Technologies)
2 Stereo Service; C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [382272 2012-02-09] (NVIDIA Corporation)
2 TabletServiceWacom; C:\Windows\system32\Wacom_Tablet.exe [2789672 2009-03-26] (Wacom Technology, Corp.)
2 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [450848 2011-08-19] (Logitech Inc.)
2 RoxLiveShare9; "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe" [x]
3 rpcapd; "C:\Program Files\WinPcap\rpcapd.exe" -d -f "C:\Program Files\WinPcap\rpcapd.ini" [x]

========================== Drivers (Whitelisted) =============

0 2b166bab857722d2; C:\Windows\System32\Drivers\2b166bab857722d2.sys [69968 2012-07-11] ()
3 2WIREPCP; C:\Windows\System32\DRIVERS\2WirePCP.sys [68672 2002-11-14] (2Wire, Inc.)
2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [21256 2012-07-03] (AVAST Software)
2 aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [57656 2012-07-03] (AVAST Software)
1 AswRdr; C:\Windows\System32\Drivers\AswRdr.sys [35928 2012-07-03] (AVAST Software)
1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [721000 2012-07-03] (AVAST Software)
1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [353688 2012-07-03] (AVAST Software)
1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [54232 2012-07-03] (AVAST Software)
3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
3 LachesisFltr; C:\Windows\System32\drivers\Lachesis.sys [12032 2007-08-08] (Razer (Asia-Pacific) Pte Ltd)
3 libusb0; C:\Windows\System32\drivers\libusb0.sys [33792 2005-03-09] ()
3 LVPr2Mon; C:\Windows\System32\Drivers\LVPr2Mon.sys [25752 2009-10-06] ()
3 LVUSBSta; C:\Windows\System32\drivers\LVUSBSta.sys [41752 2008-07-26] (Logitech Inc.)
3 MotioninJoyXFilter; C:\Windows\System32\DRIVERS\MijXfilt.sys [97552 2011-08-29] (MotioninJoy)
3 NPF; C:\Windows\System32\drivers\npf.sys [42000 2007-01-25] (CACE Technologies)
3 NVNET; C:\Windows\System32\DRIVERS\nvmfdx32.sys [292712 2010-08-12] (NVIDIA Corporation)
0 sptd; C:\Windows\System32\Drivers\sptd.sys [717296 2008-08-17] (Duplex Secure Ltd.)
3 TarFltr; C:\Windows\System32\Drivers\UsbFltr.sys [45440 2007-04-11] (Razer USA Ltd.)
3 UsbFltr; C:\Windows\System32\drivers\copperhd.sys [11596 2005-11-02] (Razer (Asia-Pacific) Pte Ltd)
3 xusb21; C:\Windows\System32\DRIVERS\xusb21.sys [61984 2010-08-19] (Microsoft Corporation)
4 blbdrive; C:\Windows\system32\drivers\blbdrive.sys [x]
3 EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys [x]
3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
0 kohvmykv; C:\Windows\System32\drivers\xdjdc.sys [x]
3 ManyCam; C:\Windows\System32\DRIVERS\ManyCam.sys [x]
3 MREMP50; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [x]
3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [x]
3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [x]
3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [x]
3 MRESP50; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [x]
3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [x]
3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]
3 RimUsb; C:\Windows\System32\Drivers\RimUsb.sys [x]
0 svbfory; C:\Windows\System32\drivers\jnfctl.sys [x]
3 XDva394; \??\C:\Windows\system32\XDva394.sys [x]
3 XPADFL02; C:\Windows\System32\DRIVERS\xpadfl02.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-07-14 00:59 - 2012-07-14 00:59 - 00000000 ____D C:\FRST
2012-07-13 21:40 - 2012-07-13 21:40 - 00890970 ____A (Farbar) C:\Users\The Man\Desktop\FRST.exe
2012-07-13 11:05 - 2012-07-13 11:05 - 00016628 ____A C:\Users\The Man\Desktop\Attach.txt
2012-07-13 11:02 - 2012-07-13 11:02 - 00017311 ____A C:\Users\The Man\Desktop\DDS.txt
2012-07-13 10:59 - 2012-07-13 10:59 - 00000332 ____A C:\Users\The Man\Desktop\GMer.log
2012-07-13 10:53 - 2012-07-13 10:53 - 00607260 ___RA (Swearware) C:\Users\The Man\Desktop\dds.scr
2012-07-13 10:51 - 2012-07-13 10:52 - 35691608 ____A (COMODO) C:\Users\The Man\Desktop\cispremium_installer_x86.exe
2012-07-13 10:47 - 2012-07-13 10:47 - 00302592 ____A C:\Users\The Man\Desktop\gnecouhf.exe
2012-07-13 10:47 - 2012-07-13 10:47 - 00001829 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2012-07-13 10:47 - 2012-07-03 08:21 - 00721000 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2012-07-13 10:47 - 2012-07-03 08:21 - 00353688 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2012-07-13 10:47 - 2012-07-03 08:21 - 00227648 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
2012-07-13 10:47 - 2012-07-03 08:21 - 00057656 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2012-07-13 10:47 - 2012-07-03 08:21 - 00054232 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2012-07-13 10:47 - 2012-07-03 08:21 - 00041224 ____A (AVAST Software) C:\Windows\avastSS.scr
2012-07-13 10:47 - 2012-07-03 08:21 - 00035928 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr.sys
2012-07-13 10:47 - 2012-07-03 08:21 - 00021256 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
2012-07-13 10:46 - 2012-07-13 10:46 - 00000000 ____D C:\Users\All Users\AVAST Software
2012-07-13 10:46 - 2012-07-13 10:46 - 00000000 ____D C:\Program Files\AVAST Software
2012-07-13 10:42 - 2012-07-13 10:43 - 89340632 ____A C:\Users\The Man\Desktop\avast_free_antivirus_setup.exe
2012-07-12 08:33 - 2012-07-12 08:33 - 00476936 ____A (Sun Microsystems, Inc.) C:\Windows\System32\npdeployJava1.dll
2012-07-12 08:31 - 2012-07-12 08:31 - 00000000 ____D C:\Users\All Users\McAfee
2012-07-11 09:23 - 2012-07-11 09:23 - 00069968 ____A C:\Windows\System32\Drivers\2b166bab857722d2.sys
2012-07-11 05:30 - 2012-07-11 05:30 - 00000000 ____D C:\Program Files\LogMeIn Hamachi
2012-07-09 18:24 - 2012-07-09 18:24 - 00038400 ____A (DeLOCK) C:\Users\The Man\0i763f66bz.exe
2012-06-30 14:42 - 2012-06-30 14:42 - 00002073 ____A C:\Users\Public\Desktop\Google Earth.lnk
2012-06-30 14:41 - 2012-07-13 22:03 - 00000884 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-06-30 14:41 - 2012-07-13 21:51 - 00000888 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-06-27 14:45 - 2012-06-27 14:45 - 00000000 ____D C:\Users\The Man\AppData\Local\DDMSettings
2012-06-27 14:43 - 2012-06-27 14:43 - 00000000 ____D C:\Program Files\Common Files\DivX Shared
2012-06-27 14:33 - 2012-06-27 14:45 - 00000000 ____D C:\Users\All Users\DivX
2012-06-27 14:33 - 2012-06-27 14:33 - 00933256 ____A (DivX, LLC) C:\Users\The Man\Downloads\DivXWebPlayerInstaller.exe
2012-06-27 08:27 - 2012-06-27 10:26 - 00000000 ____D C:\Program Files\Guild Wars 2
2012-06-27 08:27 - 2012-06-27 08:27 - 00000741 ____A C:\Users\Public\Desktop\Guild Wars 2.lnk
2012-06-22 17:49 - 2012-06-22 17:49 - 00000000 ____D C:\Users\The Man\AppData\Local\EA Core
2012-06-22 17:49 - 2012-06-22 17:49 - 00000000 ____D C:\Users\All Users\BioWare
2012-06-22 17:47 - 2012-06-22 17:47 - 00000000 ____D C:\Users\The Man\Documents\BioWare
2012-06-22 13:12 - 2012-06-22 13:12 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2012-06-22 13:12 - 2012-06-22 13:12 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2012-06-22 13:12 - 2012-06-22 13:12 - 00000000 ____D C:\Program Files\Common Files\Adobe AIR
2012-06-22 13:11 - 2012-06-22 13:11 - 00000000 ____D C:\Program Files\Common Files\BioWare
2012-06-20 12:20 - 2012-06-20 12:20 - 00000000 ____D C:\Program Files\Dropbox
2012-06-18 09:08 - 2012-06-18 09:08 - 00000000 ____D C:\Users\The Man\AppData\Local\Macromedia
2012-06-18 09:02 - 2012-07-13 22:06 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

============ 3 Months Modified Files ========================

2012-07-13 22:19 - 2006-11-02 05:00 - 00032610 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-07-13 22:19 - 2006-11-02 05:00 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-13 22:19 - 2006-11-02 04:46 - 00006896 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-13 22:19 - 2006-11-02 04:46 - 00006896 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-13 22:16 - 2010-01-20 07:38 - 00000916 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1418986884-3954040137-1992069185-1000UA.job
2012-07-13 22:16 - 2008-06-19 09:53 - 00224256 ____A C:\Users\The Man\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-07-13 22:14 - 2008-07-08 18:52 - 00000422 ___AH C:\Windows\Tasks\User_Feed_Synchronization-{906C7088-80A5-4AAB-AC2A-94D7CBA20F8B}.job
2012-07-13 22:10 - 2006-11-02 02:33 - 00774818 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-13 22:06 - 2012-06-18 09:02 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-07-13 22:03 - 2012-06-30 14:41 - 00000884 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-07-13 22:02 - 2006-11-02 04:59 - 00271720 ____A C:\Windows\PFRO.log
2012-07-13 21:51 - 2012-06-30 14:41 - 00000888 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-07-13 21:40 - 2012-07-13 21:40 - 00890970 ____A (Farbar) C:\Users\The Man\Desktop\FRST.exe
2012-07-13 20:16 - 2010-01-20 07:38 - 00000864 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1418986884-3954040137-1992069185-1000Core.job
2012-07-13 11:57 - 2011-11-04 09:35 - 00002377 ____A C:\Users\Public\Desktop\Skype.lnk
2012-07-13 11:05 - 2012-07-13 11:05 - 00016628 ____A C:\Users\The Man\Desktop\Attach.txt
2012-07-13 11:02 - 2012-07-13 11:02 - 00017311 ____A C:\Users\The Man\Desktop\DDS.txt
2012-07-13 10:59 - 2012-07-13 10:59 - 00000332 ____A C:\Users\The Man\Desktop\GMer.log
2012-07-13 10:53 - 2012-07-13 10:53 - 00607260 ___RA (Swearware) C:\Users\The Man\Desktop\dds.scr
2012-07-13 10:52 - 2012-07-13 10:51 - 35691608 ____A (COMODO) C:\Users\The Man\Desktop\cispremium_installer_x86.exe
2012-07-13 10:47 - 2012-07-13 10:47 - 00302592 ____A C:\Users\The Man\Desktop\gnecouhf.exe
2012-07-13 10:47 - 2012-07-13 10:47 - 00001829 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2012-07-13 10:47 - 2006-11-02 02:23 - 00002577 ____A C:\Windows\System32\config.nt
2012-07-13 10:43 - 2012-07-13 10:42 - 89340632 ____A C:\Users\The Man\Desktop\avast_free_antivirus_setup.exe
2012-07-12 09:06 - 2012-04-06 08:27 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-07-12 09:06 - 2011-05-26 09:51 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-07-12 08:33 - 2012-07-12 08:33 - 00476936 ____A (Sun Microsystems, Inc.) C:\Windows\System32\npdeployJava1.dll
2012-07-12 08:33 - 2012-02-25 12:06 - 00157448 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaws.exe
2012-07-12 08:33 - 2012-02-25 12:06 - 00149256 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaw.exe
2012-07-12 08:33 - 2012-02-25 12:06 - 00149256 ____A (Sun Microsystems, Inc.) C:\Windows\System32\java.exe
2012-07-12 08:33 - 2010-09-11 10:57 - 00472840 ____A (Sun Microsystems, Inc.) C:\Windows\System32\deployJava1.dll
2012-07-11 16:18 - 2010-01-20 07:39 - 00002052 ____A C:\Users\The Man\Desktop\Google Chrome.lnk
2012-07-11 09:23 - 2012-07-11 09:23 - 00069968 ____A C:\Windows\System32\Drivers\2b166bab857722d2.sys
2012-07-09 18:25 - 2006-11-02 04:51 - 01313072 ____A C:\Windows\WindowsUpdate.log
2012-07-09 18:24 - 2012-07-09 18:24 - 00038400 ____A (DeLOCK) C:\Users\The Man\0i763f66bz.exe
2012-07-03 10:46 - 2009-12-03 04:35 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-07-03 08:21 - 2012-07-13 10:47 - 00721000 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2012-07-03 08:21 - 2012-07-13 10:47 - 00353688 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2012-07-03 08:21 - 2012-07-13 10:47 - 00227648 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
2012-07-03 08:21 - 2012-07-13 10:47 - 00057656 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2012-07-03 08:21 - 2012-07-13 10:47 - 00054232 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2012-07-03 08:21 - 2012-07-13 10:47 - 00041224 ____A (AVAST Software) C:\Windows\avastSS.scr
2012-07-03 08:21 - 2012-07-13 10:47 - 00035928 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr.sys
2012-07-03 08:21 - 2012-07-13 10:47 - 00021256 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
2012-06-30 14:42 - 2012-06-30 14:42 - 00002073 ____A C:\Users\Public\Desktop\Google Earth.lnk
2012-06-29 18:11 - 2009-01-29 20:10 - 00000000 ____A C:\Windows\System32\Drivers\lvuvc.hs
2012-06-27 14:33 - 2012-06-27 14:33 - 00933256 ____A (DivX, LLC) C:\Users\The Man\Downloads\DivXWebPlayerInstaller.exe
2012-06-27 08:27 - 2012-06-27 08:27 - 00000741 ____A C:\Users\Public\Desktop\Guild Wars 2.lnk
2012-06-22 13:11 - 2008-07-03 18:50 - 00510438 ____A C:\Windows\DirectX.log
2012-06-20 12:19 - 2011-12-29 12:31 - 00000925 ____A C:\Users\The Man\Desktop\Dropbox.lnk
2012-05-26 17:22 - 2006-11-02 04:46 - 02366720 ____A C:\Windows\System32\FNTCACHE.DAT
2012-05-22 17:23 - 2008-06-18 20:04 - 00059088 ____A C:\Users\The Man\AppData\Local\GDIPFONTCACHEV1.DAT
2012-05-20 20:00 - 2008-07-22 14:54 - 00045962 ____A C:\Windows\DPINST.LOG
2012-05-19 12:55 - 2011-05-03 22:18 - 00035559 ____A C:\Windows\setupact.log
2012-05-19 12:52 - 2006-11-02 02:22 - 44564480 ____A C:\Windows\System32\config\components_previous
2012-05-19 12:52 - 2006-11-02 02:22 - 39321600 ____A C:\Windows\System32\config\software_previous
2012-05-19 12:52 - 2006-11-02 02:22 - 35913728 ____A C:\Windows\System32\config\system_previous
2012-05-19 12:52 - 2006-11-02 02:22 - 00262144 ____A C:\Windows\System32\config\security_previous
2012-05-19 12:52 - 2006-11-02 02:22 - 00262144 ____A C:\Windows\System32\config\sam_previous
2012-05-19 12:52 - 2006-11-02 02:22 - 00262144 ____A C:\Windows\System32\config\default_previous
2012-05-13 23:44 - 2009-04-30 17:47 - 00283304 ____A C:\Windows\System32\PnkBstrB.xtr
2012-05-13 23:44 - 2008-06-19 20:48 - 00140800 ____A C:\Windows\System32\Drivers\PnkBstrK.sys
2012-05-13 23:44 - 2008-06-19 20:46 - 00283304 ____A C:\Windows\System32\PnkBstrB.exe
2012-05-13 23:43 - 2008-06-19 20:46 - 00280904 ____A C:\Windows\System32\PnkBstrB.ex0
2012-05-12 18:28 - 2012-03-17 10:58 - 00000895 ____A C:\Users\Public\Desktop\Livestream Procaster.lnk
2012-05-12 17:30 - 2010-07-23 06:09 - 00108772 ___AH C:\Windows\System32\mlfcache.dat
2012-05-03 16:23 - 2012-05-03 16:23 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_WinUSB_01005.Wdf
2012-04-27 09:48 - 2010-06-22 08:38 - 00001830 ____A C:\Users\The Man\AppData\Roaming\ImperatorProfile0.dat


ZeroAccess:
C:\Windows\Installer\{0b1584b4-677e-80a2-0359-20e052729584}
C:\Windows\Installer\{0b1584b4-677e-80a2-0359-20e052729584}\@
C:\Windows\Installer\{0b1584b4-677e-80a2-0359-20e052729584}\L
C:\Windows\Installer\{0b1584b4-677e-80a2-0359-20e052729584}\U
C:\Windows\Installer\{0b1584b4-677e-80a2-0359-20e052729584}\U\00000001.@
C:\Windows\Installer\{0b1584b4-677e-80a2-0359-20e052729584}\U\80000000.@
C:\Windows\Installer\{0b1584b4-677e-80a2-0359-20e052729584}\U\800000cb.@

ZeroAccess:
C:\Users\The Man\AppData\Local\{0b1584b4-677e-80a2-0359-20e052729584}
C:\Users\The Man\AppData\Local\{0b1584b4-677e-80a2-0359-20e052729584}\@
C:\Users\The Man\AppData\Local\{0b1584b4-677e-80a2-0359-20e052729584}\L
C:\Users\The Man\AppData\Local\{0b1584b4-677e-80a2-0359-20e052729584}\U

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 8737764F4FD36D6808EE80578409C843 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 16%
Total physical RAM: 3069.88 MB
Available physical RAM: 2577.72 MB
Total Pagefile: 2826.52 MB
Available Pagefile: 2660.29 MB
Total Virtual: 2047.88 MB
Available Virtual: 1990.35 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:430.26 GB) (Free:72.69 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: () (Fixed) (Total:35.5 GB) (Free:35.41 GB) NTFS
3 Drive e: (VISTA_32_ULTIMATE) (CDROM) (Total:2.86 GB) (Free:0 GB) UDF
4 Drive f: (My Book) (Fixed) (Total:298.02 GB) (Free:27.9 GB) FAT32
5 Drive g: (FIRELITE) (Fixed) (Total:55.91 GB) (Free:11.51 GB) FAT32
6 Drive h: () (Removable) (Total:1.89 GB) (Free:1.89 GB) FAT
11 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 466 GB 1017 KB
Disk 1 Online 298 GB 1528 KB
Disk 2 Online 56 GB 6190 KB
Disk 3 Online 1937 MB 0 B
Disk 4 No Media 0 B 0 B
Disk 5 No Media 0 B 0 B
Disk 6 No Media 0 B 0 B
Disk 7 No Media 0 B 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 430 GB 1024 KB
Partition 2 Primary 35 GB 430 GB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 430 GB Healthy

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 7 D NTFS Partition 35 GB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 298 GB 32 KB

==================================================================================

Disk: 1
Partition 1
Type : 0C
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 9 F My Book FAT32 Partition 298 GB Healthy

==================================================================================

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 56 GB 32 KB

==================================================================================

Disk: 2
Partition 1
Type : 0B
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 G FIRELITE FAT32 Partition 56 GB Healthy

==================================================================================

Partitions of Disk 3:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1933 MB 4032 KB

==================================================================================

Disk: 3
Partition 1
Type : 0E
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 7 H FAT Removable 1933 MB Healthy

==================================================================================

==========================================================

Last Boot: 2012-07-13 22:09

======================= End Of Log ==========================
 
Sorry for the double post but I managed to rebuild my boot loader and got the machine to load correctly. If you require any new logs because of this, let me know. Thanks.
 
In Vista or Windows 7: Boot to System Recovery Options and run FRST.
In Windows XP: Please boot to UBCD and run FRST.
Type the following in the edit box after "Search:".

services.exe

Click Search button and post the log (Search.txt) it makes to your reply.
 
Here is the requested log:

Farbar Recovery Scan Tool Version: 13-07-2012
Ran by SYSTEM at 2012-07-15 12:40:23
Running from G:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe
[2011-10-27 10:56] - [2009-04-10 20:28] - 0279552 ____A (Microsoft Corporation) D4E6D91C1349B7BFB3599A6ADA56851B

C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2011-10-27 09:49] - [2008-01-18 20:33] - 0279040 ____A (Microsoft Corporation) 2B336AB6286D6C81FA02CBAB914E3C6C

C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6000.16386_none_cd28fe6bd05df036\services.exe
[2006-11-02 00:35] - [2006-11-02 01:45] - 0279552 ____A (Microsoft Corporation) 329CF3C97CE4C19375C8ABCABAE258B0

C:\Windows\System32\services.exe
[2011-10-27 10:56] - [2009-04-10 20:28] - 0279552 ____A (Microsoft Corporation) 8737764F4FD36D6808EE80578409C843

=== End Of Search ===
 
Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the UBCD.
Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Next...

Restart normally.

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.exe
  • Double-click on the Rkill icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.
Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 

Attachments

  • fixlist.txt
    836 bytes · Views: 1
Here is the fixlog:

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 13-07-2012
Ran by SYSTEM at 2012-07-15 17:32:14 Run:1
Running from F:\

==============================================

HKEY_LOCAL_MACHINE\System\ControlSet004\Control\Session Manager\SubSystems\\Windows No ZeroAccess entry found.
C:\Windows\System32\consrv.dll not found.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Regedit32 Value deleted successfully.
2b166bab857722d2 service deleted successfully.
kohvmykv service deleted successfully.
svbfory service deleted successfully.
C:\Windows\System32\Drivers\2b166bab857722d2.sys moved successfully.
C:\Users\The Man\0i763f66bz.exe moved successfully.
C:\Windows\Installer\{0b1584b4-677e-80a2-0359-20e052729584} moved successfully.
C:\Users\The Man\AppData\Local\{0b1584b4-677e-80a2-0359-20e052729584} moved successfully.
C:\Windows\System32\services.exe moved successfully.
C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe copied successfully to C:\Windows\System32\services.exe

==== End of Fixlog ====

And the Combofix log:

ComboFix 12-07-14.01 - The Man 07/15/2012 17:40:50.1.4 - x86
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.3070.2015 [GMT -5:00]
Running from: c:\users\The Man\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\desktop.ini
c:\program files\Search Toolbar
c:\program files\Search Toolbar\SearchToolbar.dll
c:\programdata\D81EDBF9-D167-4011-B77D-211DF920EB80
c:\users\The Man\0i763f66bz.exe
c:\users\The Man\AppData\Roaming\698e8de9c79e614b8d6a96b5ce9682e6-i686.cache-2
c:\users\The Man\D20284-001-001.exe
c:\users\The Man\D20286-001-001.exe
c:\windows\iun6002.exe
c:\windows\TEMP\logishrd\LVPrcInj11.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-06-16 to 2012-07-16 )))))))))))))))))))))))))))))))
.
.
2012-07-15 22:51 . 2012-07-16 01:54 -------- d-----w- c:\users\The Man\AppData\Local\temp
2012-07-15 22:51 . 2012-07-15 22:51 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-07-15 22:51 . 2012-07-15 22:51 -------- d-----w- c:\users\UpdatusUser.TheMan\AppData\Local\temp
2012-07-14 08:59 . 2012-07-14 08:59 -------- d-----w- C:\FRST
2012-07-13 18:46 . 2012-07-13 18:46 -------- d-----w- c:\programdata\AVAST Software
2012-07-13 18:46 . 2012-07-13 18:46 -------- d-----w- c:\program files\AVAST Software
2012-07-12 16:33 . 2012-07-12 16:33 476936 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-07-12 16:31 . 2012-07-12 16:31 -------- d-----w- c:\programdata\McAfee
2012-07-11 13:30 . 2012-07-11 13:30 -------- d-----w- c:\program files\LogMeIn Hamachi
2012-06-27 22:45 . 2012-06-27 22:45 -------- d-----w- c:\users\The Man\AppData\Local\DDMSettings
2012-06-27 22:43 . 2012-06-27 22:43 -------- d-----w- c:\program files\Common Files\DivX Shared
2012-06-27 22:33 . 2012-06-27 22:45 -------- d-----w- c:\programdata\DivX
2012-06-27 16:27 . 2012-06-27 18:26 -------- d-----w- c:\program files\Guild Wars 2
2012-06-23 01:49 . 2012-06-23 01:49 -------- d-----w- c:\programdata\BioWare
2012-06-23 01:49 . 2012-06-23 01:49 -------- d-----w- c:\users\The Man\AppData\Local\EA Core
2012-06-22 21:12 . 2012-06-22 21:12 -------- d-----w- c:\program files\Common Files\Adobe AIR
2012-06-22 21:11 . 2012-06-22 21:11 -------- d-----w- c:\program files\Common Files\BioWare
2012-06-20 20:20 . 2012-06-20 20:20 -------- d-----w- c:\program files\Dropbox
2012-06-18 17:08 . 2012-06-18 17:08 -------- d-----w- c:\users\The Man\AppData\Local\Macromedia
2012-06-18 17:08 . 2012-06-18 17:08 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll
2012-06-18 17:08 . 2012-06-18 17:08 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-12 17:06 . 2012-04-06 16:27 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-12 17:06 . 2011-05-26 17:51 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-12 16:33 . 2010-09-11 18:57 472840 ----a-w- c:\windows\system32\deployJava1.dll
2012-07-03 18:46 . 2009-12-03 12:35 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-14 07:44 . 2008-06-20 04:48 140800 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2012-05-14 07:44 . 2009-05-01 01:47 283304 ----a-w- c:\windows\system32\PnkBstrB.xtr
2012-05-14 07:44 . 2008-06-20 04:46 283304 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-05-14 07:43 . 2008-06-20 04:46 280904 ----a-w- c:\windows\system32\PnkBstrB.ex0
2012-06-18 17:08 . 2011-05-11 07:21 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\The Man\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\The Man\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\The Man\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\The Man\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-11-06 323392]
"igndlm.exe"="c:\program files\Download Manager\DLM.exe" [2009-05-15 1103216]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-10-31 4702208]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"Copperhead"="c:\program files\Razer\Copperhead\razerhid.exe" [2005-11-25 155648]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-06-27 1996200]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
.
c:\users\The Man\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\The Man\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux5"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-01-20 15:38 135664 ----atw- c:\users\The Man\AppData\Local\Google\Update\GoogleUpdate.exe
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 17:06]
.
2012-07-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-06-30 22:41]
.
2012-07-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-06-30 22:41]
.
2012-07-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1418986884-3954040137-1992069185-1000Core.job
- c:\users\The Man\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-20 15:38]
.
2012-07-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1418986884-3954040137-1992069185-1000UA.job
- c:\users\The Man\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-20 15:38]
.
2012-07-16 c:\windows\Tasks\User_Feed_Synchronization-{906C7088-80A5-4AAB-AC2A-94D7CBA20F8B}.job
- c:\windows\system32\msfeedssync.exe [2011-10-28 16:39]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
Trusted Zone: motive.com\patttbc.att
DPF: {2B658B62-1B6F-4CFF-8A7C-225B7BB15336} - hxxp://www.dotbook.jp/crochet/download/T-TimeCrochet.cab
FF - ProfilePath - c:\users\The Man\AppData\Roaming\Mozilla\Firefox\Profiles\2jofzfx4.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us&tb_uuid=100000000000000002&tb_oid=05-05-2010&tb_mrud=05-05-2010
FF - prefs.js: browser.startup.homepage - www.google.com
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
FF - user.js: browser.sessionstore.resume_from_crash - false
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{1392b8d2-5c05-419f-a8f6-b9f15a596612} - (no file)
WebBrowser-{1392B8D2-5C05-419F-A8F6-B9F15A596612} - (no file)
HKCU-Run-0i763f66bz - c:\users\The Man\0i763f66bz.exe
HKLM-Run-ATT-SST_McciTrayApp - c:\program files\ATT-SST\McciTrayApp.exe
MSConfigStartUp-VeohPlugin - c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
AddRemove-Freecorder5.11 - c:\program files\Freecorder\uninstall.exe
AddRemove-pcsx2-r4600 - c:\users\The Man\Desktop\PCSX2 0.9.8\Uninst-pcsx2-r4600.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-15 20:53
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\users\THEMAN~1\AppData\Local\Temp\ArmUI.ini 163994 bytes
c:\users\THEMAN~1\AppData\Local\Temp\div27DD.tmp\div286B.tmp 31762 bytes
c:\users\THEMAN~1\AppData\Local\Temp\div27DD.tmp\div71DA.tmp 174672 bytes
c:\users\THEMAN~1\AppData\Local\Temp\div27DD.tmp\divB179.tmp 31762 bytes
c:\users\THEMAN~1\AppData\Local\Temp\div27DD.tmp\divC93E.tmp 163840 bytes
.
scan completed successfully
hidden files: 5
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1418986884-3954040137-1992069185-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:d7,7c,31,c9,1a,d1,82,ff,06,94,5c,54,cc,e7,19,69,85,d4,f8,0f,ef,2c,29,
25,50,07,a8,50,aa,2e,be,46,5e,3f,d1,6d,27,6a,db,f0,4a,0a,cb,0c,3b,d3,88,c2,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50
.
[HKEY_USERS\S-1-5-21-1418986884-3954040137-1992069185-1000\Software\SecuROM\License information*]
"datasecu"=hex:8e,a6,45,00,d3,74,a2,fe,fb,63,69,10,e4,57,55,eb,45,a3,1f,ec,25,
33,6d,ef,ec,65,c0,0a,db,b2,fd,86,7a,be,ea,f1,34,b7,40,a6,a5,0d,dc,21,43,9c,\
"rkeysecu"=hex:88,1c,58,f1,ab,9a,68,61,be,7e,a8,1d,53,9f,e2,d8
.
[HKEY_LOCAL_MACHINE\system\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(5748)
c:\users\The Man\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
c:\program files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\windows\SYSTEM32\WISPTIS.EXE
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\DAZ 3D\Content Management Service\ContentManagementServer.exe
c:\program files\LogMeIn Hamachi\hamachi-2.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\Wacom_Tablet.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\DRIVERS\xaudio.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
c:\windows\SYSTEM32\WISPTIS.EXE
c:\windows\system32\WTablet\Wacom_TabletUser.exe
c:\program files\NVIDIA Corporation\Display\nvtray.exe
c:\windows\system32\Wacom_Tablet.exe
c:\windows\system32\conime.exe
c:\windows\RtHDVCpl.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\SLUI.exe
.
**************************************************************************
.
Completion time: 2012-07-15 20:59:34 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-16 01:59
.
Pre-Run: 95,599,288,320 bytes free
Post-Run: 90,580,860,928 bytes free
.
- - End Of File - - 86892071B668B68F771E997594940FF2
 
1. Please open Notepad (Start>All Programs>Accessories>Notepad).

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code: 
File::
c:\users\THEMAN~1\AppData\Local\Temp\ArmUI.ini 

Folder::
c:\users\THEMAN~1\AppData\Local\Temp\div27DD.tmp

ClearJavaCache::


3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScript.gif



6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
 
Here's the latest log from ComboFix:

ComboFix 12-07-16.01 - The Man 07/17/2012 5:05.2.4 - x86
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.3070.1663 [GMT -5:00]
Running from: c:\users\The Man\Desktop\ComboFix.exe
Command switches used :: c:\users\The Man\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\THEMAN~1\AppData\Local\Temp\ArmUI.ini"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Infected copy of c:\windows\system32\userinit.exe was found and disinfected
Restored copy from - c:\windows\erdnt\cache\userinit.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-06-17 to 2012-07-17 )))))))))))))))))))))))))))))))
.
.
2012-07-17 10:16 . 2012-07-17 10:20 -------- d-----w- c:\users\The Man\AppData\Local\temp
2012-07-17 10:16 . 2012-07-17 10:16 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-07-17 10:16 . 2012-07-17 10:16 -------- d-----w- c:\users\UpdatusUser.TheMan\AppData\Local\temp
2012-07-17 10:16 . 2012-07-17 10:16 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-07-17 10:16 . 2012-07-17 10:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-17 09:55 . 2012-07-17 09:57 -------- d-----w- C:\DayZ-1.7.2.3
2012-07-14 08:59 . 2012-07-14 08:59 -------- d-----w- C:\FRST
2012-07-13 18:46 . 2012-07-13 18:46 -------- d-----w- c:\programdata\AVAST Software
2012-07-13 18:46 . 2012-07-13 18:46 -------- d-----w- c:\program files\AVAST Software
2012-07-12 16:33 . 2012-07-12 16:33 476936 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-07-12 16:31 . 2012-07-12 16:31 -------- d-----w- c:\programdata\McAfee
2012-07-11 13:30 . 2012-07-11 13:30 -------- d-----w- c:\program files\LogMeIn Hamachi
2012-06-27 22:45 . 2012-06-27 22:45 -------- d-----w- c:\users\The Man\AppData\Local\DDMSettings
2012-06-27 22:43 . 2012-06-27 22:43 -------- d-----w- c:\program files\Common Files\DivX Shared
2012-06-27 22:33 . 2012-06-27 22:45 -------- d-----w- c:\programdata\DivX
2012-06-27 16:27 . 2012-06-27 18:26 -------- d-----w- c:\program files\Guild Wars 2
2012-06-23 01:49 . 2012-06-23 01:49 -------- d-----w- c:\programdata\BioWare
2012-06-23 01:49 . 2012-06-23 01:49 -------- d-----w- c:\users\The Man\AppData\Local\EA Core
2012-06-22 21:12 . 2012-06-22 21:12 -------- d-----w- c:\program files\Common Files\Adobe AIR
2012-06-22 21:11 . 2012-06-22 21:11 -------- d-----w- c:\program files\Common Files\BioWare
2012-06-20 20:20 . 2012-06-20 20:20 -------- d-----w- c:\program files\Dropbox
2012-06-18 17:08 . 2012-06-18 17:08 -------- d-----w- c:\users\The Man\AppData\Local\Macromedia
2012-06-18 17:08 . 2012-06-18 17:08 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll
2012-06-18 17:08 . 2012-06-18 17:08 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-12 17:06 . 2012-04-06 16:27 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-12 17:06 . 2011-05-26 17:51 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-12 16:33 . 2010-09-11 18:57 472840 ----a-w- c:\windows\system32\deployJava1.dll
2012-07-03 18:46 . 2009-12-03 12:35 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-14 07:44 . 2008-06-20 04:48 140800 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2012-05-14 07:44 . 2009-05-01 01:47 283304 ----a-w- c:\windows\system32\PnkBstrB.xtr
2012-05-14 07:44 . 2008-06-20 04:46 283304 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-05-14 07:43 . 2008-06-20 04:46 280904 ----a-w- c:\windows\system32\PnkBstrB.ex0
2012-06-18 17:08 . 2011-05-11 07:21 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\The Man\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\The Man\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\The Man\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\The Man\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-11-06 323392]
"igndlm.exe"="c:\program files\Download Manager\DLM.exe" [2009-05-15 1103216]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-10-31 4702208]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"Copperhead"="c:\program files\Razer\Copperhead\razerhid.exe" [2005-11-25 155648]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-06-27 1996200]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
.
c:\users\The Man\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\The Man\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux5"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-01-20 15:38 135664 ----atw- c:\users\The Man\AppData\Local\Google\Update\GoogleUpdate.exe
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 17:06]
.
2012-07-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-06-30 22:41]
.
2012-07-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-06-30 22:41]
.
2012-07-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1418986884-3954040137-1992069185-1000Core.job
- c:\users\The Man\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-20 15:38]
.
2012-07-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1418986884-3954040137-1992069185-1000UA.job
- c:\users\The Man\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-20 15:38]
.
2012-07-17 c:\windows\Tasks\User_Feed_Synchronization-{906C7088-80A5-4AAB-AC2A-94D7CBA20F8B}.job
- c:\windows\system32\msfeedssync.exe [2011-10-28 16:39]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
Trusted Zone: motive.com\patttbc.att
DPF: {2B658B62-1B6F-4CFF-8A7C-225B7BB15336} - hxxp://www.dotbook.jp/crochet/download/T-TimeCrochet.cab
FF - ProfilePath - c:\users\The Man\AppData\Roaming\Mozilla\Firefox\Profiles\2jofzfx4.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us&tb_uuid=100000000000000002&tb_oid=05-05-2010&tb_mrud=05-05-2010
FF - prefs.js: browser.startup.homepage - www.google.com
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
FF - user.js: browser.sessionstore.resume_from_crash - false
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
.
**************************************************************************
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1418986884-3954040137-1992069185-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:d7,7c,31,c9,1a,d1,82,ff,06,94,5c,54,cc,e7,19,69,85,d4,f8,0f,ef,2c,29,
25,50,07,a8,50,aa,2e,be,46,5e,3f,d1,6d,27,6a,db,f0,4a,0a,cb,0c,3b,d3,88,c2,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50
.
[HKEY_USERS\S-1-5-21-1418986884-3954040137-1992069185-1000\Software\SecuROM\License information*]
"datasecu"=hex:8e,a6,45,00,d3,74,a2,fe,fb,63,69,10,e4,57,55,eb,45,a3,1f,ec,25,
33,6d,ef,ec,65,c0,0a,db,b2,fd,86,7a,be,ea,f1,34,b7,40,a6,a5,0d,dc,21,43,9c,\
"rkeysecu"=hex:88,1c,58,f1,ab,9a,68,61,be,7e,a8,1d,53,9f,e2,d8
.
[HKEY_LOCAL_MACHINE\system\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(3576)
c:\users\The Man\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
c:\program files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\windows\SYSTEM32\WISPTIS.EXE
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\DAZ 3D\Content Management Service\ContentManagementServer.exe
c:\program files\LogMeIn Hamachi\hamachi-2.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\Wacom_Tablet.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\DRIVERS\xaudio.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\SYSTEM32\WISPTIS.EXE
c:\windows\system32\WTablet\Wacom_TabletUser.exe
c:\windows\system32\Wacom_Tablet.exe
c:\program files\NVIDIA Corporation\Display\nvtray.exe
c:\windows\system32\conime.exe
c:\windows\RtHDVCpl.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Razer\Copperhead\razerofa.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
.
**************************************************************************
.
Completion time: 2012-07-17 05:27:31 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-17 10:27
ComboFix2.txt 2012-07-16 01:59
.
Pre-Run: 81,862,213,632 bytes free
Post-Run: 81,971,892,224 bytes free
.
- - End Of File - - F36BC584D43626B684C4DD897B36E9E4
 
Looks good :)

Any current issues?

=====================================

I can see some traces of Avast but I don't see it running.
If you uninstalled it please reinstall it.

====================================

Download Malwarebytes' Anti-Malware (MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.
NOTE. If you already have MBAM installed, update it before running the scan.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer IF MBAM asks you to do so.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

================================

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
Status
Not open for further replies.

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
797
uber_beetle
uber_beetle
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni
A
Infected: Antivirus says it's Trojan:Script/Wacatac.H!ml
Replies
12
Views
2K
adidaman27
A

Latest posts

Back