trojanmana

Members
  • Content Count

    24
  • Joined

  • Last visited

Everything posted by trojanmana

  1. my advanced system optimizer is finding infections. [color="10478a"][b]trojan-backdoor.bifrose[/b][/color][color="c00a0a"] (Backdoor[/color]) [b][color="10478a"]Status [/color][/b]: Quarantined [b]Infected registry keys/values detected[/b] hkey_current_user\software\wget [color="10478a"][b]trojan-spy.banker[/b][/color][color="c00a0a"] (Trojan Spy[/color]) [b][color="10478a"]Status [/color][/b]: Quarantined [b]Infected registry keys/values detected[/b] hkey_local_machine\system\currentcontrolset\services\catchme hkey_local_machine\system\currentcontrolset\services\catchme!type hkey_local_machine\system\currentcontrolset\services\catchme!errorcontrol hkey_local_machine\system\currentcontrolset\services\catchme!start hkey_local_machine\system\currentcontrolset\services\catchme!imagepath hkey_local_machine\system\currentcontrolset\services\catchme!group [color="10478a"][b]monitoring.employees-pc-monitor[/b][/color][color="c00a0a"] (Monitoring Tool[/color]) [b][color="10478a"]Status [/color][/b]: Quarantined [b]Infected registry keys/values detected[/b] hkey_users\s-1-5-18\software\microsoft\windows\currentversion\policies\system [color="10478a"][b]trojan.downloader[/b][/color][color="c00a0a"] (Trojan[/color]) [b][color="10478a"]Status [/color][/b]: Quarantined [b]Infected files detected[/b] [b]FileName: [/b]c:\windows\erdnt\cache64\winlogon.exe [b]MD5: [/b]1151b1baa6f350b1db6598e0fea7c457[b](390656 Bytes)[/b] [b]Signature[/b]
  2. it was able to finish and didnt find anything. ill run it again.
  3. hi, i am sitll having issues. internet explorer is starting by itself. also when i click links it takes me to random sites.
  4. please seee attached log for eset- very small log for some reason
  5. . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] AppInit_DLLs=c:\progra~2\KASPER~1\KASPER~2\mzvkbd3.dll c:\progra~2\KASPER~1\KASPER~2\sbhook.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] aux=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-] TkBellExe="c:\program files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot Adobe Reader Speed Launcher="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" Adobe ARM="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" QuickTime Task="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime iTunesHelper="c:\program files (x86)\iTunes\iTunesHelper.exe" . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] DisableMonitoring=dword:00000001 . R2 ASO3DiskOptimizer;ASO3DiskOptimizer;c:\program files (x86)\Advanced System Optimizer 3\ASO3DefragSrv64.exe [2011-11-10 263480] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-20 136176] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-20 136176] R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [x] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880] R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] S0 viamrx64;viamrx64;c:\windows\system32\DRIVERS\viamrx64.sys [x] S0 videX64;videX64;c:\windows\system32\DRIVERS\videX64.sys [x] S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [x] S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [x] S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184] S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - ASWMBR *Deregistered* - aswMBR . Contents of the 'Scheduled Tasks' folder . 2011-11-16 c:\windows\Tasks\ASO-AutoCheckUpdate7Days.job - c:\program files (x86)\Advanced System Optimizer 3\CheckUpdate.exe [2011-11-16 00:08] . 2011-11-15 c:\windows\Tasks\Google Software Updater.job - c:\program files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-07-20 14:51] . 2011-11-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-20 22:58] . 2011-11-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-20 22:58] . 2011-11-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1159727113-3215902153-4262205293-1000Core.job - c:\users\trojan\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-20 22:47]
  6. ComboFix 11-11-15.06 - trojan 11/15/2011 23:43:05.1.1 - x64 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.1023.431 [GMT -8:00] Running from: c:\users\trojan\Desktop\ComboFix.exe AV: Kaspersky Internet Security *Disabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06} FW: Kaspersky Internet Security *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D} SP: Kaspersky Internet Security *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2011-10-16 to 2011-11-16 ))))))))))))))))))))))))))))))) . . 2011-11-16 08:15 . 2011-11-16 08:15 -------- d-----w- c:\users\postgres\AppData\Local\temp 2011-11-16 08:15 . 2011-11-16 08:15 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-11-16 04:12 . 2011-11-10 00:09 18744 ----a-w- c:\windows\system32\roboot64.exe 2011-11-16 04:12 . 2010-10-06 20:25 16896 ----a-w- c:\windows\system32\sasnative64.exe 2011-11-16 04:11 . 2011-11-16 04:12 -------- d-----w- c:\program files (x86)\Advanced System Optimizer 3 2011-11-15 03:26 . 2011-11-15 03:26 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5DB27C78-721E-47DF-A058-E2AF26913B90}\offreg.dll 2011-11-14 03:35 . 2011-11-14 03:34 55384 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2011-11-14 03:28 . 2011-11-15 03:10 -------- d-----w- c:\programdata\Lavasoft 2011-11-14 03:17 . 2011-11-14 03:17 388096 ----a-r- c:\users\trojan\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-11-14 03:17 . 2011-11-14 03:17 -------- d-----w- c:\program files (x86)\Trend Micro 2011-11-12 07:46 . 2011-11-12 07:47 -------- d-----w- c:\program files\CCleaner 2011-11-12 07:44 . 2011-11-14 02:46 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2011-11-12 07:44 . 2011-11-14 02:46 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2011-11-12 07:42 . 2011-11-14 15:22 -------- d-----w- c:\program files\SUPERAntiSpyware 2011-11-11 12:02 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5DB27C78-721E-47DF-A058-E2AF26913B90}\mpengine.dll 2011-11-09 21:29 . 2011-10-01 05:45 886784 ----a-w- c:\program files\Common Files\System\wab32.dll 2011-11-09 21:29 . 2011-10-01 04:37 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll 2011-11-09 21:29 . 2011-09-29 16:29 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys 2011-11-09 21:29 . 2011-09-29 04:03 3144704 ----a-w- c:\windows\system32\win32k.sys 2011-11-06 09:44 . 2011-11-10 03:25 -------- d-----w- c:\program files (x86)\Seagate 2011-11-06 09:10 . 2011-11-10 03:25 -------- d-----w- c:\programdata\PCPitstop 2011-11-06 08:35 . 2011-11-06 08:36 -------- d-----w- c:\users\trojan\AppData\Roaming\QuickScan 2011-11-04 05:46 . 2011-11-04 05:46 -------- d-----w- c:\users\trojan\AppData\Local\AIM Toolbar 2011-10-18 10:06 . 2011-10-18 10:06 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-11-14 00:53 . 2010-08-09 01:10 1664 ----a-w- c:\windows\system32\ASOROSet.bin 2011-10-01 03:25 . 2011-10-12 13:58 1638912 ----a-w- c:\windows\system32\mshtml.tlb 2011-10-01 02:42 . 2011-10-12 13:58 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb 2011-08-31 06:05 . 2011-08-31 06:05 96104 ----a-w- c:\windows\system32\dns-sd.exe 2011-08-31 06:05 . 2011-08-31 06:05 85864 ----a-w- c:\windows\system32\dnssd.dll 2011-08-31 06:05 . 2011-08-31 06:05 83816 ----a-w- c:\windows\SysWow64\dns-sd.exe 2011-08-31 06:05 . 2011-08-31 06:05 73064 ----a-w- c:\windows\SysWow64\dnssd.dll 2011-08-27 05:37 . 2011-10-12 13:57 861696 ----a-w- c:\windows\system32\oleaut32.dll 2011-08-27 05:37 . 2011-10-12 13:57 331776 ----a-w- c:\windows\system32\oleacc.dll 2011-08-27 04:26 . 2011-10-12 13:57 233472 ----a-w- c:\windows\SysWow64\oleacc.dll 2011-08-27 04:26 . 2011-10-12 13:57 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll 2011-08-20 05:37 . 2011-10-12 13:59 1188864 ----a-w- c:\windows\system32\wininet.dll 2011-08-20 04:31 . 2011-10-12 13:59 981504 ----a-w- c:\windows\SysWow64\wininet.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MSSOverlay] @="{b75ab0c8-03d5-4592-9821-a48d54d66b14}" [HKEY_CLASSES_ROOT\CLSID\{b75ab0c8-03d5-4592-9821-a48d54d66b14}] 8/26/2005 17:31 57344 ----a-w- c:\windows\System32\MssShellExt.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] msnmsgr="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080] MusicManager="c:\users\trojan\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [2011-06-15 12817920] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] mxomssmenu="c:\program files (x86)\Maxtor\OneTouch Status\maxmenumgr.exe" [2005-10-06 57344] mssSort="c:\program files (x86)\Maxtor\Maxtor Quick Start\msssort.exe" [2005-07-15 1335296] AppleSyncNotifier="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240] BCSSync="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] AVP="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe" [2010-12-11 352976] APSDaemon="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240] iTunesHelper="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-10 421736] Adobe Reader Speed Launcher="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] ConsentPromptBehaviorAdmin= 0 (0x0) ConsentPromptBehaviorUser= 3 (0x3) EnableUIADesktopToggle= 0 (0x0) PromptOnSecureDesktop= 0 (0x0) . [HKEY_L
  7. aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software Run date: 2011-11-15 22:32:10 ----------------------------- 22:32:10.471 OS Version: Windows x64 6.1.7601 Service Pack 1 22:32:10.471 Number of processors: 1 586 0xC00 22:32:10.471 ComputerName: TROJAN-PC UserName: trojan 22:32:17.208 Initialize success 22:32:43.335 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005a 22:32:43.351 Disk 0 Vendor: WDC_WD16 02.0 Size: 152627MB BusType: 8 22:32:45.367 Disk 0 MBR read successfully 22:32:45.370 Disk 0 MBR scan 22:32:45.374 Disk 0 Windows 7 default MBR code 22:32:45.377 Service scanning 22:32:46.885 Service kl1 C:\Windows\system32\DRIVERS\kl1.sys **LOCKED** 5 22:32:46.890 Service kl2 C:\Windows\system32\DRIVERS\kl2.sys **LOCKED** 5 22:32:46.896 Service KLIM6 C:\Windows\system32\DRIVERS\klim6.sys **LOCKED** 5 22:32:46.928 Service klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys **LOCKED** 5 22:32:48.478 Modules scanning 22:32:48.485 Disk 0 trace - called modules: 22:32:48.501 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa80021e7334]<< 22:32:48.506 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80021ba790] 22:32:48.515 3 CLASSPNP.SYS[fffff8800160143f] -> nt!IofCallDriver -> \Device\0000005a[0xfffffa80017379c0] 22:32:48.524 \Driver\viamrx64[0xfffffa800172c7f0] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0xfffffa80021e7334 22:32:48.531 Scan finished successfully 22:33:36.544 Disk 0 MBR has been saved successfully to "\\MAXTORDRIVE\Videos\MBR.dat" 22:33:36.560 The log file has been saved successfully to "\\MAXTORDRIVE\Videos\aswMBR.txt"
  8. . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-09-30.01) . Microsoft Windows 7 Ultimate Boot Device: \Device\HarddiskVolume1 Install Date: 7/20/2010 3:15:17 PM System Uptime: 11/14/2011 7:21:42 PM (24 hours ago) . Motherboard: ASUSTeK Computer Inc. | | K8VSEDX Processor: AMD Athlon(tm) 64 Processor 3400+ | Socket 754 | 2403/200mhz . ==== Disk Partitions ========================= . A: is Removable C: is FIXED (NTFS) - 149 GiB total, 94.351 GiB free. D: is CDROM (UDF) . ==== Disabled Device Manager Items ============= . Class GUID: Description: RAID Controller Device ID: PCI\VEN_105A&DEV_3373&SUBSYS_80F51043&REV_02\3&267A616A&0&40 Manufacturer: Name: RAID Controller PNP Device ID: PCI\VEN_105A&DEV_3373&SUBSYS_80F51043&REV_02\3&267A616A&0&40 Service: . ==== System Restore Points =================== . RP217: 11/9/2011 7:38:14 PM - Windows Update RP218: 11/11/2011 3:00:37 AM - Windows Update RP219: 11/11/2011 11:24:42 PM - Removed Windows Media Player Firefox Plugin RP220: 11/13/2011 4:33:32 PM - Advanced System Optimizer - First Install RP221: 11/13/2011 6:28:24 PM - Advanced System Optimizer - System Protector 11/13/2011 6:28:13 PM RP222: 11/13/2011 7:15:46 PM - Installed HiJackThis RP223: 11/13/2011 7:25:17 PM - Installed Ad-Aware RP224: 11/13/2011 7:27:05 PM - Installed Ad-Aware RP225: 11/14/2011 6:22:53 PM - Advanced System Optimizer RP226: 11/14/2011 7:07:33 PM - Removed Ad-Aware . ==== Installed Programs ====================== . Adobe AIR Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Reader 9.4.6 AIM 7 AOL Messaging Toolbar Apple Application Support Apple Mobile Device Support Apple Software Update BitLord 1.1 Bonjour CCleaner Definition update for Microsoft Office 2010 (KB982726) 32-Bit Edition Download Updater (AOL LLC) Google Chrome Google Update Helper Google Updater HiJackThis iCloud iTunes Java Auto Updater Java(TM) 6 Update 23 Kaspersky Internet Security 2011 Lexmark 810 Series Maxtor Quick Start Microsoft .NET Framework 1.1 Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft Choice Guard Microsoft IntelliPoint 8.0 Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office Groove MUI (English) 2010 Microsoft Office InfoPath MUI (English) 2010 Microsoft Office Office 64-bit Components 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Professional Plus 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared 64-bit MUI (English) 2010 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Word MUI (English) 2010 Microsoft Silverlight Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 MobileMe Control Panel Mozilla Firefox 8.0 (x86 en-US) MSVCRT Music Manager NVIDIA Drivers Octoshape add-in for Adobe Flash Player PerformanceTest v7.0 PerformanceTest v7.0 (64-bit) Picasa 3 PVSonyDll QuickTime Safari Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft Excel 2010 (KB2553070) Security Update for Microsoft Office 2010 (KB2553091) Security Update for Microsoft Office 2010 (KB2553096) Security Update for Microsoft SharePoint Workspace 2010 (KB2566445) Update for Microsoft Office 2010 (KB2494150) Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553092) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2553455) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition Update for Microsoft Outlook Social Connector (KB2583935) VLC media player 1.1.7 Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Family Safety Windows Live Messenger Windows Live Sign-in Assistant Windows Live Upload Tool Windows Media Player Firefox Plugin WinRAR archiver . ==== Event Viewer Messages From Past Week ======== . 11/9/2011 1:45:44 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit. 11/14/2011 7:42:47 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume . 11/14/2011 7:24:37 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 11/14/2011 7:21:55 PM, Error: volmgr [46] - Crash dump initialization failed! 11/14/2011 7:21:51 PM, Error: Microsoft-Windows-Kernel-Processor-Power [6] - Some processor performance power management features have been disabled due to a known firmware problem. Check with the computer manufacturer for updated firmware. 11/14/2011 7:19:04 PM, Error: Service Control
  9. DDS (Ver_2011-09-30.01) - NTFS_AMD64 Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_23 Run by trojan at 19:18:50 on 2011-11-15 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.1023.423 [GMT -8:00] . AV: Kaspersky Internet Security *Disabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Kaspersky Internet Security *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB} FW: Kaspersky Internet Security *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\taskhost.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\system32\lxbscoms.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\sppsvc.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe C:\Program Files (x86)\Maxtor\OneTouch Status\MaxMenuMgr.exe C:\Program Files (x86)\Maxtor\Maxtor Quick Start\msssort.exe C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtblfs.exe C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE C:\Windows\system32\taskhost.exe c:\program files (x86)\aim toolbar\aimtbServer.exe C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.msn.com mStart Page = hxxp://www.msn.com uURLSearchHooks: AOL Messaging Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll mURLSearchHooks: AOL Messaging Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll BHO: AOL Messaging Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll TB: AOL Messaging Toolbar: {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll<span class="Apple-tab-span" style="white-space:pre">
  10. DDS (Ver_2011-09-30.01) - NTFS_AMD64 Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_23 Run by trojan at 11:48:56 on 2011-11-15 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.1023.157 [GMT -8:00] . AV: Kaspersky Internet Security *Disabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Kaspersky Internet Security *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB} FW: Kaspersky Internet Security *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\taskhost.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\system32\lxbscoms.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\sppsvc.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe C:\Program Files (x86)\Maxtor\OneTouch Status\MaxMenuMgr.exe C:\Program Files (x86)\Maxtor\Maxtor Quick Start\msssort.exe C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtblfs.exe C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe C:\Windows\system32\taskhost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe c:\program files (x86)\aim toolbar\aimtbServer.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\conhost.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.msn.com mStart Page = hxxp://www.msn.com uURLSearchHooks: AOL Messaging Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll mURLSearchHooks: AOL Messaging Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll BHO: AOL Messaging Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll TB: AOL Messaging Toolbar: {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll TB: AOL Messaging Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background uRun: [MusicManager] "C:\Users\trojan\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" uRun: [Google Update] "C:\Users\trojan\AppData\Local\Google\Update\GoogleUpdate.exe" /c mRun: [mxomssmenu] "C:\Program Files (x86)\Maxtor\OneTouch Status\maxmenumgr.exe" mRun: [mssSort] C:\Program Files (x86)\Maxtor\Maxtor Quick Start\msssort.exe mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe" mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:0 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 mPolicies-System: PromptOnSecureDesktop = dword:0 IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll . INFO: HKCU has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . . INFO: HKLM has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} - hxxp://utilities.pcpitstop.com/DiskMD3/DiskMD3Ctrl.dll DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab TCP: NameServer = 192.168.1.254 TCP: Interfaces\{18A8FB4E-82C2-444B-A306-2E3DAE03D657} : DHCPNameServer = 192.168.1.254 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL SSODL: WebCheck - <orphaned> SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL x64-BHO: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll x64-BHO: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\ievkbd.dll x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL x64-BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL x64-BHO: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtbbho.dll x64-Run: [LXBSCATS] rundll32 C:\Windows\System32\spool\DRIVERS\x64\3\LXBStime.dll,RunDLLEntry x64-Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll x64-IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtbbho.dll x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtbbho.dll . INFO: x64-HKLM has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL x64-Notify: klogon - C:\Windows\System32\klogon.dll x64-SSODL: WebCheck - <orphaned> x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL Hosts: 127.0.0.1 www.spywareinfoforum.com . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\trojan\AppData\Roaming\Mozilla\Firefox\Profiles\luw180xk.default\ FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll FF - plugin: C:\Users\trojan\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll . ============= SERVICES / DRIVERS =============== . R0 viamrx64;viamrx64;C:\Windows\System32\drivers\viamrx64.sys [2011-3-15 162928] R0 videX64;videX64;C:\Windows\System32\drivers\videX64.sys [2010-2-11 15000] R1 kl2;kl2;C:\Windows\System32\drivers\kl2.sys [2010-6-9 11864] R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2010-4-22 27736] R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-9-28 395264] S?2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe -r --> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe -r [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2010-7-21 61288] S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-4-28 704872] S3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2009-11-2 22544] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2011-6-8 20992] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-8 59392] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011-8-2 51712] . =============== File Associations =============== . FileExt: .bat: batfile=NOTEPAD.EXE %1 FileExt: .cmd: cmdfile=NOTEPAD.EXE %1 FileExt: .com: comfile=NOTEPAD.EXE %1 FileExt: .pif: piffile=NOTEPAD.EXE %1 FileExt: .txt: Applications\EXCEL.EXE="C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE" "%1" [UserChoice] FileExt: .vbe: VBEFile=NOTEPAD.EXE %1 FileExt: .vbs: VBSFile=NOTEPAD.EXE %1 FileExt: .js: JSFile=NOTEPAD.EXE %1 FileExt: .jse: JSEFile=NOTEPAD.EXE %1 FileExt: .wsf: WSFFile=NOTEPAD.EXE %1 . =============== Created Last 30 ================ . 11/15/2011 3:26 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5DB27C78-721E-47DF-A058-E2AF26913B90}\offreg.dll 11/14/2011 3:35 55384 ----a-w- C:\Windows\System32\drivers\SBREDrv.sys 11/14/2011 3:17 388096 ----a-r- C:\Users\trojan\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 11/14/2011 3:17 -------- d-----w- C:\Program Files (x86)\Trend Micro 11/12/2011 7:46 -------- d-----w- C:\Program Files\CCleaner 11/12/2011 7:44 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy 11/12/2011 7:44 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 11/12/2011 7:42 -------- d-----w- C:\Program Files\SUPERAntiSpyware 11/11/2011 12:02 8570192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5DB27C78-721E-47DF-A058-E2AF26913B90}\mpengine.dll 11/9/2011 21:29 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll 11/9/2011 21:29 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll 11/9/2011 21:29 1923952 ----a-w- C:\Windows\System32\drivers\tcpip.sys 11/9/2011 21:29 3144704 ----a-w- C:\Windows\System32\win32k.sys 11/6/2011 9:44 -------- d-----w- C:\Program Files (x86)\Seagate 11/6/2011 9:10 -------- d-----w- C:\ProgramData\PCPitstop 11/6/2011 8:35 -------- d-----w- C:\Users\trojan\AppData\Roaming\QuickScan 11/4/2011 5:46 -------- d-----w- C:\Users\trojan\AppData\Local\AIM Toolbar 10/17/2011 2:55 18139008 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSO.DLL . ==================== Find3M ==================== . 11/14/2011 0:53 1664 ----a-w- C:\Windows\System32\ASOROSet.bin 10/1/2011 3:25 1638912 ----a-w- C:\Windows\System32\mshtml.tlb 10/1/2011 2:42 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb 8/31/2011 6:05 96104 ----a-w- C:\Windows\System32\dns-sd.exe 8/31/2011 6:05 85864 ----a-w- C:\Windows\System32\dnssd.dll 8/31/2011 6:05 83816 ----a-w- C:\Windows\SysWow64\dns-sd.exe 8/31/2011 6:05 73064 ----a-w- C:\Windows\SysWow64\dnssd.dll 8/27/2011 5:37 861696 ----a-w- C:\Windows\System32\oleaut32.dll 8/27/2011 5:37 331776 ----a-w- C:\Windows\System32\oleacc.dll 8/27/2011 4:26 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll 8/27/2011 4:26 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll 8/20/2011 5:37 1188864 ----a-w- C:\Windows\System32\wininet.dll 8/20/2011 4:31 981504 ----a-w- C:\Windows\SysWow64\wininet.dll . ============= FINISH: 11:53:21.20 ===============
  11. MBRCheck, version 1.2.3 (c) 2010, AD Command-line: Windows Version: Windows 7 Ultimate Edition Windows Information: Service Pack 1 (build 7601), 64-bit Logical Drives Mask: 0x0000000d Kernel Drivers (total 153): 0x02A1B000 \SystemRoot\system32\ntoskrnl.exe 0x03004000 \SystemRoot\system32\hal.dll 0x00BB6000 \SystemRoot\system32\kdcom.dll 0x00C0A000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll 0x00C17000 \SystemRoot\system32\PSHED.dll 0x00C2B000 \SystemRoot\system32\CLFS.SYS 0x00C89000 \SystemRoot\system32\CI.dll 0x00D49000 \SystemRoot\system32\drivers\Wdf01000.sys 0x00DED000 \SystemRoot\system32\drivers\WDFLDR.SYS 0x00E77000 \SystemRoot\system32\drivers\ACPI.sys 0x00ECE000 \SystemRoot\system32\drivers\WMILIB.SYS 0x00ED7000 \SystemRoot\system32\drivers\msisadrv.sys 0x00EE1000 \SystemRoot\system32\drivers\pci.sys 0x00F14000 \SystemRoot\system32\drivers\vdrvroot.sys 0x00F21000 \SystemRoot\System32\drivers\partmgr.sys 0x00F36000 \SystemRoot\system32\drivers\volmgr.sys 0x00F4B000 \SystemRoot\System32\drivers\volmgrx.sys 0x00FA7000 \SystemRoot\system32\drivers\viaide.sys 0x00FAF000 \SystemRoot\system32\drivers\PCIIDEX.SYS 0x00FBF000 \SystemRoot\system32\DRIVERS\videX64.sys 0x00FC7000 \SystemRoot\System32\drivers\mountmgr.sys 0x00E00000 \SystemRoot\system32\drivers\vmbus.sys 0x00E3C000 \SystemRoot\system32\drivers\winhv.sys 0x00E50000 \SystemRoot\system32\drivers\atapi.sys 0x010CE000 \SystemRoot\system32\drivers\ataport.SYS 0x010F8000 \SystemRoot\system32\DRIVERS\vsmraid.sys 0x01122000 \SystemRoot\system32\DRIVERS\storport.sys 0x01185000 \SystemRoot\system32\DRIVERS\viamrx64.sys 0x011B0000 \SystemRoot\system32\drivers\amdxata.sys 0x01000000 \SystemRoot\system32\drivers\fltmgr.sys 0x0104C000 \SystemRoot\system32\drivers\fileinfo.sys 0x01243000 \SystemRoot\System32\Drivers\Ntfs.sys 0x01060000 \SystemRoot\System32\Drivers\msrpc.sys 0x01200000 \SystemRoot\System32\Drivers\ksecdd.sys 0x01403000 \SystemRoot\System32\Drivers\cng.sys 0x01475000 \SystemRoot\System32\drivers\pcw.sys 0x01486000 \SystemRoot\System32\Drivers\Fs_Rec.sys 0x01490000 \SystemRoot\system32\drivers\ndis.sys 0x01583000 \SystemRoot\system32\drivers\NETIO.SYS 0x011BB000 \SystemRoot\System32\Drivers\ksecpkg.sys 0x016E3000 \SystemRoot\System32\drivers\tcpip.sys 0x018E7000 \SystemRoot\System32\drivers\fwpkclnt.sys 0x01931000 \SystemRoot\system32\drivers\vmstorfl.sys 0x01941000 \SystemRoot\system32\drivers\volsnap.sys 0x0198D000 \SystemRoot\System32\Drivers\spldr.sys 0x01995000 \SystemRoot\System32\drivers\rdyboost.sys 0x019CF000 \SystemRoot\System32\Drivers\mup.sys 0x01A28000 \SystemRoot\system32\DRIVERS\kl1.sys 0x02187000 \SystemRoot\System32\drivers\hwpolicy.sys 0x02190000 \SystemRoot\system32\DRIVERS\gagp30kx.sys 0x021A4000 \SystemRoot\System32\DRIVERS\fvevol.sys 0x021DE000 \SystemRoot\system32\DRIVERS\disk.sys 0x01600000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS 0x01630000 \SystemRoot\system32\drivers\cdrom.sys 0x0348F000 \SystemRoot\system32\DRIVERS\klif.sys 0x03525000 \SystemRoot\System32\Drivers\Null.SYS 0x0352E000 \SystemRoot\System32\Drivers\Beep.SYS 0x03535000 \SystemRoot\System32\drivers\vga.sys 0x03543000 \SystemRoot\System32\drivers\VIDEOPRT.SYS 0x03568000 \SystemRoot\System32\drivers\watchdog.sys 0x03578000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0x03581000 \SystemRoot\system32\drivers\rdpencdd.sys 0x0358A000 \SystemRoot\system32\drivers\rdprefmp.sys 0x03593000 \SystemRoot\System32\Drivers\Msfs.SYS 0x0359E000 \SystemRoot\System32\Drivers\Npfs.SYS 0x035AF000 \SystemRoot\system32\DRIVERS\tdx.sys 0x035D1000 \SystemRoot\system32\DRIVERS\TDI.SYS 0x035DE000 \SystemRoot\system32\DRIVERS\kl2.sys 0x03400000 \SystemRoot\system32\drivers\afd.sys 0x0165A000 \SystemRoot\System32\DRIVERS\netbt.sys 0x035E5000 \SystemRoot\system32\DRIVERS\wfplwf.sys 0x01A00000 \SystemRoot\system32\DRIVERS\pacer.sys 0x035EE000 \SystemRoot\system32\DRIVERS\klim6.sys 0x0169F000 \SystemRoot\system32\DRIVERS\netbios.sys 0x016AE000 \SystemRoot\system32\DRIVERS\serial.sys 0x019E1000 \SystemRoot\system32\DRIVERS\wanarp.sys 0x016CB000 \SystemRoot\system32\drivers\termdd.sys 0x044D2000 \SystemRoot\system32\DRIVERS\rdbss.sys 0x04523000 \SystemRoot\system32\drivers\nsiproxy.sys 0x0452F000 \SystemRoot\system32\drivers\mssmbios.sys 0x0453A000 \SystemRoot\System32\drivers\discache.sys 0x04549000 \SystemRoot\system32\drivers\csc.sys 0x045CC000 \SystemRoot\System32\Drivers\dfsc.sys 0x045EA000 \SystemRoot\system32\DRIVERS\blbdrive.sys 0x04400000 \SystemRoot\system32\DRIVERS\tunnel.sys 0x050A5000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys 0x05B69000 \SystemRoot\system32\DRIVERS\nvBridge.kmd 0x04210000 \SystemRoot\System32\drivers\dxgkrnl.sys 0x04304000 \SystemRoot\System32\drivers\dxgmms1.sys 0x0434A000 \SystemRoot\system32\drivers\1394ohci.sys 0x04388000 \SystemRoot\system32\DRIVERS\yk62x64.sys 0x043ED000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys 0x04200000 \SystemRoot\system32\DRIVERS\usbuhci.sys 0x05B6B000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0x05BC1000 \SystemRoot\system32\DRIVERS\usbehci.sys 0x05BD2000 \SystemRoot\system32\drivers\i8042prt.sys 0x05BF0000 \SystemRoot\system32\drivers\kbdclass.sys 0x05000000 \SystemRoot\system32\DRIVERS\fdc.sys 0x0500D000 \SystemRoot\system32\DRIVERS\parport.sys 0x0502A000 \SystemRoot\system32\DRIVERS\serenum.sys 0x05036000 \SystemRoot\system32\drivers\ac97via.sys 0x0505E000 \SystemRoot\system32\drivers\portcls.sys 0x04426000 \SystemRoot\system32\drivers\drmk.sys 0x04448000 \SystemRoot\system32\drivers\ks.sys 0x043FA000 \SystemRoot\system32\drivers\ksthunk.sys 0x0448B000 \SystemRoot\system32\DRIVERS\amdk8.sys 0x044A2000 \SystemRoot\system32\drivers\CompositeBus.sys 0x044B2000 \SystemRoot\system32\DRIVERS\AgileVpn.sys 0x0121B000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0x021F4000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0x04644000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0x04673000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0x0468E000 \SystemRoot\system32\DRIVERS\raspptp.sys 0x046AF000 \SystemRoot\system32\DRIVERS\rassstp.sys 0x046C9000 \SystemRoot\system32\DRIVERS\rdpbus.sys 0x046D4000 \SystemRoot\system32\drivers\mouclass.sys 0x046E3000 \SystemRoot\system32\drivers\swenum.sys 0x046E5000 \SystemRoot\system32\drivers\umbus.sys 0x046F7000 \SystemRoot\system32\DRIVERS\usbhub.sys 0x04751000 \SystemRoot\system32\DRIVERS\flpydisk.sys 0x0475C000 \SystemRoot\System32\Drivers\NDProxy.SYS 0x04771000 \SystemRoot\system32\DRIVERS\udfs.sys 0x047C6000 \SystemRoot\system32\drivers\hidusb.sys 0x047D4000 \SystemRoot\system32\drivers\HIDCLASS.SYS 0x047ED000 \SystemRoot\system32\drivers\HIDPARSE.SYS 0x047F6000 \SystemRoot\system32\drivers\USBD.SYS 0x04600000 \SystemRoot\system32\DRIVERS\mouhid.sys 0x00090000 \SystemRoot\System32\win32k.sys 0x0461B000 \SystemRoot\System32\drivers\Dxapi.sys 0x04627000 \SystemRoot\system32\DRIVERS\monitor.sys 0x004B0000 \SystemRoot\System32\TSDDD.dll 0x00650000 \SystemRoot\System32\cdd.dll 0x00950000 \SystemRoot\System32\ATMFD.DLL 0x02A4D000 \SystemRoot\system32\drivers\luafv.sys 0x02A70000 \SystemRoot\system32\drivers\WudfPf.sys 0x02A91000 \SystemRoot\system32\DRIVERS\lltdio.sys 0x02AA6000 \SystemRoot\system32\DRIVERS\rspndr.sys 0x02ABE000 \SystemRoot\system32\drivers\HTTP.sys 0x02B87000 \SystemRoot\system32\DRIVERS\bowser.sys 0x02BA5000 \SystemRoot\System32\drivers\mpsdrv.sys 0x02BBD000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0x03A1E000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys 0x03A6C000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys 0x03A90000 \SystemRoot\system32\drivers\peauth.sys 0x03B36000 \SystemRoot\System32\Drivers\secdrv.SYS 0x03B41000 \SystemRoot\System32\DRIVERS\srvnet.sys 0x03B72000 \SystemRoot\System32\drivers\tcpipreg.sys 0x03B84000 \SystemRoot\System32\DRIVERS\srv2.sys 0x04CCE000 \SystemRoot\System32\DRIVERS\srv.sys 0x04D66000 \SystemRoot\system32\drivers\spsys.sys 0x76D40000 \Windows\System32\ntdll.dll 0x48380000 \Windows\System32\smss.exe 0xFF060000 \Windows\System32\apisetschema.dll Processes (total 46): 0 System Idle Process 4 System 376 C:\Windows\System32\smss.exe 464 csrss.exe 520 C:\Windows\System32\wininit.exe 532 csrss.exe 588 C:\Windows\System32\services.exe 596 C:\Windows\System32\lsass.exe 604 C:\Windows\System32\lsm.exe 672 C:\Windows\System32\winlogon.exe 788 C:\Windows\System32\svchost.exe 872 C:\Windows\System32\svchost.exe 988 C:\Windows\System32\svchost.exe 356 C:\Windows\System32\svchost.exe 480 C:\Windows\System32\svchost.exe 1120 C:\Windows\System32\svchost.exe 1256 C:\Windows\System32\svchost.exe 1504 C:\Windows\System32\spoolsv.exe 1544 C:\Windows\System32\svchost.exe 1568 C:\Windows\System32\taskhost.exe 1696 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 1792 C:\Program Files\Bonjour\mDNSResponder.exe 1880 C:\Windows\System32\lxbscoms.exe 2208 C:\Windows\System32\svchost.exe 2504 C:\Windows\System32\sppsvc.exe 2680 C:\Windows\System32\svchost.exe 2656 C:\Windows\System32\dwm.exe 3000 C:\Windows\explorer.exe 2164 C:\Program Files\Microsoft IntelliPoint\ipoint.exe 2296 C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe 2752 C:\Program Files (x86)\Maxtor\OneTouch Status\MaxMenuMgr.exe 2016 C:\Program Files (x86)\Maxtor\Maxtor Quick Start\msssort.exe 2240 C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe 956 C:\Program Files (x86)\iTunes\iTunesHelper.exe 3892 C:\Program Files\iPod\bin\iPodService.exe 3964 C:\Windows\System32\svchost.exe 3932 C:\Users\trojan\AppData\Local\Google\Chrome\Application\chrome.exe 2416 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtblfs.exe 3564 C:\Program Files (x86)\AIM Toolbar\aimtbServer.exe 3536 C:\Windows\System32\audiodg.exe 2672 C:\Program Files (x86)\Mozilla Firefox\firefox.exe 2708 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe 528 dllhost.exe 740 dllhost.exe 3612 C:\Users\trojan\Downloads\MBRCheck.exe 3432 C:\Windows\System32\conhost.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS) PhysicalDrive0 Model Number: WDC WD1600JD-00GBB0, Rev: 02.0 Size Device Name MBR Status -------------------------------------------- 149 GB \\.\PhysicalDrive0 MBR Code Faked! SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79 Found non-standard or infected MBR. Enter 'Y' and hit ENTER for more options, or 'N' to exit: Done! Done!
  12. Hello, I can not run the program dds. . It opens in note book with a bunch of weird text. i ###### down all my antivirus programs and it is still not working.
  13. I have a question. how do you disable script blocker? thank you!
  14. any idea why i cant cut and paste the log to here? I just attached the file.
  15. Hi All, First time poster. I believe I have some kind of malware, virus etc. symptoms 1) Internet explorer randomly starts. I go to task bar and close it and it starts again. 2) randomly plays sound - commercials of some kind 3) takes me to random sites when i press on links. doesnt matter which browser i am using . chrome, firefox 4) something happened to all my start button shortcuts. it is empty i've cleaned my computer with everything and IE is still popping up randomly even when i close it.