Jump to content

CMB

Members
  • Posts

    6
  • Joined

  • Last visited

Reputation

0 Neutral
  1. I reformatted for 2 reasons 1, I needed my computer back ASAP and couldn't wait long for you to reply 2, My computer was infected by a backdoor trojan, which I read are impossible to completely remove without a format so everything is fine now, feel free to close the thread
  2. Quick scan log Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Database version: 8354 Windows 6.1.7600 (Safe Mode) Internet Explorer 8.0.7600.16385 12/12/2011 1:34:40 PM log Scan type: Quick scan Objects scanned: 200610 Time elapsed: 1 minute(s), 40 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: c:\Users\Cameron\AppData\Roaming\4E7E.exe (Trojan.Ransom.BP) -> No action taken. Combo fix log ComboFix 11-12-11.02 - Cameron 12/12/2011 13:36:33.2.2 - x86 NETWORK Microsoft Windows 7 Ultimate 6.1.7600.0.1252.61.1033.18.2046.1604 [GMT 11:00] Running from: c:\users\Cameron\Downloads\ComboFix.exe SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Cameron\AppData\Roaming\5C06.exe c:\users\Cameron\AppData\Roaming\6190.tmp c:\users\Cameron\AppData\Roaming\6D85.exe c:\users\Cameron\AppData\Roaming\7D3C.exe c:\users\Cameron\AppData\Roaming\934C.exe c:\users\Cameron\AppData\Roaming\Luuyuj.exe . . ((((((((((((((((((((((((( Files Created from 2011-11-12 to 2011-12-12 ))))))))))))))))))))))))))))))) . . 2011-12-12 02:40 . 2011-12-12 02:40 -------- d-----w- c:\users\Cameron\AppData\Local\temp 2011-12-12 02:40 . 2011-12-12 02:40 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2011-12-12 02:40 . 2011-12-12 02:40 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-12-12 02:35 . 2011-12-12 02:35 54016 ----a-w- c:\windows\system32\drivers\kpftlxv.sys 2011-12-12 02:31 . 2011-12-12 02:31 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{08F5D63C-9675-49D0-AA60-19DE84B9A831}\offreg.dll 2011-12-11 01:58 . 2011-12-11 03:46 -------- d-----w- c:\program files\The Elder Scrolls V Skyrim 2011-11-27 21:30 . 2011-11-27 21:30 -------- d-----w- c:\users\Cameron\AppData\Roaming\Malwarebytes 2011-11-27 21:30 . 2011-11-27 21:30 -------- d-----w- c:\programdata\Malwarebytes 2011-11-27 21:30 . 2011-12-12 02:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-11-27 21:30 . 2011-08-31 06:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-11-26 21:44 . 2011-11-26 21:44 131072 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll 2011-11-26 21:44 . 2011-11-26 21:44 131072 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll 2011-11-26 21:44 . 2011-11-26 21:44 131072 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll 2011-11-26 21:44 . 2011-11-26 21:44 131072 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll 2011-11-26 21:44 . 2011-11-26 21:44 131072 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll 2011-11-26 21:44 . 2011-11-26 21:44 131072 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll 2011-11-26 21:44 . 2011-11-26 21:44 131072 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll 2011-11-26 21:44 . 2011-11-26 21:44 -------- d-----w- c:\program files\QuickTime 2011-11-26 01:14 . 2005-06-14 16:00 102400 ----a-w- c:\windows\system32\tsccvid.dll 2011-11-25 21:44 . 2011-11-25 21:44 -------- d-----w- c:\program files\PerkPlanner 2011-11-23 22:31 . 2011-11-23 22:31 -------- d-----w- c:\program files\Blockland 2011-11-13 09:00 . 2011-11-13 09:01 -------- d-----w- c:\program files\Oracle 2011-11-13 09:00 . 2011-11-13 09:00 -------- d-----w- c:\program files\Common Files\Java 2011-11-13 08:58 . 2011-10-18 10:50 632320 ----a-w- c:\windows\system32\npdeployJava1.dll 2011-11-13 08:14 . 2011-11-11 23:52 270142 ----a-w- C:\Minecraft.exe . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-11-27 22:37 . 2011-11-05 00:55 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-11-14 02:19 . 2011-11-06 21:54 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys 2011-11-06 21:54 . 2011-11-06 21:54 53248 ----a-r- c:\users\Cameron\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe 2011-11-05 02:34 . 2011-11-05 02:34 691696 ----a-w- c:\windows\system32\drivers\sptd.sys 2011-10-18 10:50 . 2011-11-11 23:55 561664 ----a-w- c:\windows\system32\deployJava1.dll 2011-10-17 15:28 . 2011-11-04 06:28 6668624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{08F5D63C-9675-49D0-AA60-19DE84B9A831}\mpengine.dll 2011-10-15 08:53 . 2011-11-05 08:35 6350144 ----a-w- c:\windows\system32\nvcpl.dll 2011-10-15 08:53 . 2011-11-05 08:35 602432 ----a-w- c:\windows\system32\easyupdatusapiu.dll 2011-10-15 08:53 . 2011-11-05 08:35 3840320 ----a-w- c:\windows\system32\nvsvc.dll 2011-10-15 08:53 . 2011-11-05 08:35 203072 ----a-w- c:\windows\system32\nvmctray.dll 2011-10-15 08:53 . 2011-11-05 08:35 123712 ----a-w- c:\windows\system32\nvshext.dll 2011-10-15 08:53 . 2011-11-05 08:35 1136448 ----a-w- c:\windows\system32\nvvsvc.exe 2011-10-15 08:53 . 2011-11-05 08:34 919872 ----a-w- c:\windows\system32\nvdispco32.dll 2011-10-15 08:53 . 2011-11-05 08:34 877376 ----a-w- c:\windows\system32\nvgenco32.dll 2011-10-15 08:53 . 2011-11-05 08:34 61248 ----a-w- c:\windows\system32\OpenCL.dll 2011-10-15 08:53 . 2011-11-05 08:34 5578560 ----a-w- c:\windows\system32\nvcuda.dll 2011-10-15 08:53 . 2011-11-05 08:34 2458432 ----a-w- c:\windows\system32\nvapi.dll 2011-10-15 08:53 . 2011-11-05 08:34 2401088 ----a-w- c:\windows\system32\nvcuvid.dll 2011-10-15 08:53 . 2011-11-05 08:34 2099520 ----a-w- c:\windows\system32\nvcuvenc.dll 2011-10-15 08:53 . 2011-11-05 08:34 18871616 ----a-w- c:\windows\system32\nvoglv32.dll 2011-10-15 08:53 . 2011-11-05 08:34 17248576 ----a-w- c:\windows\system32\nvcompiler.dll 2011-10-15 08:53 . 2011-11-05 08:34 10327360 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys 2011-10-15 08:53 . 2009-07-13 22:09 7041856 ----a-w- c:\windows\system32\nvwgf2um.dll 2011-10-15 08:53 . 2009-06-10 21:19 13205312 ----a-w- c:\windows\system32\nvd3dum.dll 2011-10-14 13:54 . 2011-10-14 13:54 321856 ----a-w- c:\windows\system32\nvStreaming.exe 2011-11-10 12:58 . 2011-11-04 06:16 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((( SnapShot@2011-12-11_22.33.16 ))))))))))))))))))))))))))))))))))))))))) . + 2011-11-05 08:39 . 2011-12-12 00:25 26576 c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 04:55 . 2011-12-12 00:25 33950 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2011-11-04 06:05 . 2011-12-12 00:24 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2011-11-04 06:05 . 2011-12-11 21:46 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2011-11-04 06:05 . 2011-12-11 21:46 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2011-11-04 06:05 . 2011-12-12 00:24 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:41 . 2011-12-11 21:46 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:41 . 2011-12-12 00:24 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2011-11-04 06:10 . 2011-12-11 21:46 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2011-11-04 06:10 . 2011-12-12 00:24 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2011-11-04 06:10 . 2011-12-11 21:46 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2011-11-04 06:10 . 2011-12-12 00:24 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2011-11-04 06:10 . 2011-12-12 00:24 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2011-11-04 06:10 . 2011-12-11 21:46 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2011-11-04 06:10 . 2011-12-12 00:24 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2011-11-04 06:10 . 2011-12-11 21:46 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2011-11-04 06:10 . 2011-12-12 00:24 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2011-11-04 06:10 . 2011-12-11 21:46 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2011-11-04 06:10 . 2011-12-12 00:25 7740 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3232758418-2294838723-4199594620-1000_UserData.bin + 2011-12-12 02:29 . 2011-12-12 02:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2011-12-11 22:24 . 2011-12-11 22:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2011-12-12 02:29 . 2011-12-12 02:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2011-12-11 22:24 . 2011-12-11 22:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2009-07-14 02:05 . 2011-12-11 22:31 622110 c:\windows\System32\perfh009.dat + 2009-07-14 02:05 . 2011-12-12 02:34 622110 c:\windows\System32\perfh009.dat - 2009-07-14 02:05 . 2011-12-11 22:31 108232 c:\windows\System32\perfc009.dat + 2009-07-14 02:05 . 2011-12-12 02:34 108232 c:\windows\System32\perfc009.dat - 2011-11-04 06:10 . 2011-12-11 21:46 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat + 2011-11-04 06:10 . 2011-12-12 00:24 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat - 2009-07-14 04:47 . 2011-12-11 21:50 479636 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2009-07-14 04:47 . 2011-12-12 01:27 479636 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2011-11-05 08:36 . 2011-12-12 01:27 23318280 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3232758418-2294838723-4199594620-1000-12288.dat - 2011-11-05 08:36 . 2011-12-11 21:50 23318280 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3232758418-2294838723-4199594620-1000-12288.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E11DB59D-5008-42ff-9069-535843BC0BE1}] 2011-09-16 02:46 367384 ----a-w- c:\program files\Logitech\ScrollApp\LogiSmooth.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1387288] "LogiScrollApp"="c:\program files\Logitech\ScrollApp\KhalScroll.exe" [2011-09-16 45848] "Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "NCInstallQueue"="netman.dll" [2009-07-14 280576] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2011-09-27 19:03 66328 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll . [HKLM\~\startupfolder\C:^Users^Cameron^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk] path=c:\users\Cameron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup backupExtension=.Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Q{!;n%bf^-:"i{}~8nn%@+0|[:-$?[] c:\windows\System32\install\server.exe [?] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0] 2008-06-11 11:43 640376 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher] 2008-06-11 15:25 37232 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager] 2008-08-13 20:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0ENQBO] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon] 2011-09-26 20:22 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] 2009-10-30 11:57 369200 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] 2006-10-26 13:47 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2011-10-09 07:06 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware] 2011-08-31 06:00 449608 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2007-04-26 22:41 282624 ----a-w- c:\program files\QuickTime\qttask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2011-09-30 01:19 252296 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-11-05 691696] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152] R2 mi-raysat_3dsmax2010_32;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit;c:\program files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe [2009-03-12 86016] R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-14 381248] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x] R4 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-14 284016] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776] . . . ------- Supplementary Scan ------- . uInternet Settings,ProxyOverride = *.local IE: Append to existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert link target to existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.254 FF - ProfilePath - c:\users\Cameron\AppData\Roaming\Mozilla\Firefox\Profiles\v6rwpdvy.default\ . - - - - ORPHANS REMOVED - - - - . HKCU-Run-Luuyuj - c:\users\Cameron\AppData\Roaming\Luuyuj.exe SSODL-Windows Task Services-c:\users\Cameron\AppData\Roaming\6CD7.exe - (no file) . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2011-12-12 13:41:59 ComboFix-quarantined-files.txt 2011-12-12 02:41 ComboFix2.txt 2011-12-11 22:34 . Pre-Run: 642,224,717,824 bytes free Post-Run: 641,871,835,136 bytes free . - - End Of File - - 7B4CD2A38713895EAF1FD90FDC3B0BBA DDS Log . DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 10.2.1 Run by Cameron at 13:45:05 on 2011-12-12 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.61.1033.18.2046.1207 [GMT 11:00] . SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\ctfmon.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\system32\notepad.exe C:\Windows\explorer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uInternet Settings,ProxyOverride = *.local BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GR469A~1.DLL BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.0 runtime\bin\jp2ssv.dll BHO: Logitech Scroll App: {e11db59d-5008-42ff-9069-535843bc0be1} - c:\program files\logitech\scrollapp\LogiSmooth.dll BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming mRun: [LogiScrollApp] c:\program files\logitech\scrollapp\KhalScroll.exe mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript mRunOnce: [NCInstallQueue] rundll32 netman.dll,ProcessQueue mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) IE: Append to existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert link target to existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab TCP: DhcpNameServer = 192.168.1.254 TCP: Interfaces\{215D1F73-2E3A-427A-B96C-78503BF63428} : DhcpNameServer = 192.168.1.254 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GRA32A~1.DLL Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GR469A~1.DLL . ================= FIREFOX =================== . FF - ProfilePath - c:\users\cameron\appdata\roaming\mozilla\firefox\profiles\v6rwpdvy.default\ FF - plugin: c:\program files\java\jre7\bin\new_plugin\npjp2.dll FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll FF - plugin: c:\program files\oracle\javafx 2.0 runtime\bin\new_plugin\npjp2.dll FF - plugin: c:\windows\system32\npdeployJava1.dll FF - plugin: c:\windows\system32\npmproxy.dll . ============= SERVICES / DRIVERS =============== . R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-11 139776] S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-11-28 366152] S2 mi-raysat_3dsmax2010_32;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit;c:\program files\autodesk\3ds max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe [2009-3-12 86016] S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-11-5 2253120] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2011-10-15 381248] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-11-28 22216] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-12-12 41272] S4 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\common files\adobe\adobe version cue cs4\server\bin\VersionCueCS4.exe [2008-8-15 284016] . =============== Created Last 30 ================ . 2011-12-12 02:43:57 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-12-12 02:42:01 -------- d-sh--w- C:\$RECYCLE.BIN 2011-12-12 02:42:00 -------- d-----w- c:\users\cameron\appdata\local\temp 2011-12-12 02:35:14 54016 ----a-w- c:\windows\system32\drivers\kpftlxv.sys 2011-12-12 02:31:39 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{08f5d63c-9675-49d0-aa60-19de84b9a831}\offreg.dll 2011-12-11 22:28:02 98816 ----a-w- c:\windows\sed.exe 2011-12-11 22:28:02 518144 ----a-w- c:\windows\SWREG.exe 2011-12-11 22:28:02 256000 ----a-w- c:\windows\PEV.exe 2011-12-11 22:28:02 208896 ----a-w- c:\windows\MBR.exe 2011-12-11 19:47:45 -------- d-----w- c:\windows\pss 2011-12-11 01:58:25 -------- d-----w- c:\program files\The Elder Scrolls V Skyrim 2011-11-27 21:30:56 -------- d-----w- c:\users\cameron\appdata\roaming\Malwarebytes 2011-11-27 21:30:42 -------- d-----w- c:\programdata\Malwarebytes 2011-11-27 21:30:39 22216 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-11-27 21:30:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-11-26 21:44:43 131072 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll 2011-11-26 21:44:43 131072 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll 2011-11-26 21:44:43 131072 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll 2011-11-26 21:44:43 131072 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll 2011-11-26 21:44:43 131072 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll 2011-11-26 21:44:43 131072 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll 2011-11-26 21:44:43 131072 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll 2011-11-26 01:14:05 102400 ----a-w- c:\windows\system32\tsccvid.dll 2011-11-25 21:44:23 -------- d-----w- c:\program files\PerkPlanner 2011-11-23 22:31:56 -------- d-----w- c:\program files\Blockland 2011-11-13 09:00:53 -------- d-----w- c:\program files\Oracle 2011-11-13 08:58:50 632320 ----a-w- c:\windows\system32\npdeployJava1.dll 2011-11-13 08:14:19 270142 ----a-w- C:\Minecraft.exe . ==================== Find3M ==================== . 2011-11-27 22:37:32 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-11-14 02:19:59 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys 2011-11-05 02:34:05 691696 ----a-w- c:\windows\system32\drivers\sptd.sys 2011-10-18 10:50:24 561664 ----a-w- c:\windows\system32\deployJava1.dll 2011-10-14 13:54:52 321856 ----a-w- c:\windows\system32\nvStreaming.exe . ============= FINISH: 13:45:13.24 ===============
  3. I ran a flash scan, this was the result: Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Database version: 8354 Windows 6.1.7600 (Safe Mode) Internet Explorer 8.0.7600.16385 12/12/2011 1:28:12 PM mbam-log-2011-12-12 (13-28-09).txt Scan type: Flash scan Objects scanned: 136761 Time elapsed: 28 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 1 Registry Values Infected: 2 Registry Data Items Infected: 2 Folders Infected: 0 Files Infected: 5 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\Software\DC3_FEXEC (Malware.Trace) -> No action taken. Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Microsoft DLL Registration (Backdoor.Agent) -> Value: Microsoft DLL Registration -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MicroUpdate (Backdoor.Agent.DC) -> Value: MicroUpdate -> No action taken. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Backdoor.Agent.DC) -> Bad: (C:\Users\Cameron\Documents\MSDCSC\msdcsc.exe) Good: () -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\Windows\system32\userinit.exe,C:\Users\Cameron\Documents\MSDCSC\msdcsc.exe) Good: (userinit.exe) -> No action taken. Folders Infected: (No malicious items detected) Files Infected: c:\Users\Cameron\AppData\Local\temp\dclogs\2011-12-12-2.dc (Stolen.Data) -> No action taken. c:\Users\Cameron\AppData\Local\temp\TESV.exe (Trojan.Zlob) -> No action taken. c:\Users\Cameron\AppData\Roaming\regsrv64.exe (Backdoor.Agent) -> No action taken. c:\Users\Cameron\documents\MSDCSC\msdcsc.exe (Backdoor.Agent.DC) -> No action taken. c:\Users\Cameron\my documents\MSDCSC\msdcsc.exe (Trojan.Agent) -> No action taken.
  4. Sorry for the consecutive posts, more information 3 new services have added themselves to the startup tab of msconfig, they're the following: C:\Users\Cameron\Documents\MSDCSC\msdcsc.exe C:\Users\Cameron\AppData\Roaming\Luuyuj.exe C:\Users\Cameron\AppData\Roaming\regsrv64.exe and another service which has a weird name with lots of symbols (not enabled) located at C:\Windows\System32\install\server.exe
  5. Some additional information, Shortly after I posted here, I tried to check my post to see if anyone had replied and I received a firefox error reporting that it could not find the server. I checked on one of those "is it down or is it just me" websites, and it reported malwarebytes.org was up. I've booted into safe mode and now it's working again, so I think the malware is affecting which websites I can connect to. I also tried to run a flash scan shortly before I booted into safe mode, and malwarebyes stopped responding.
  6. My PC is infected by a trojan, and I've run malwarebytes to remove it (in safe mode) but usually after 10 minutes or so of using my computer in non safe mode, the trojan reappears and various processes start up that begin to lag my computer. DDS.txt is below, ATTACH.txt is attached . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 10.2.1 Run by Cameron at 11:25:11 on 2011-12-12 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.61.1033.18.2046.1269 [GMT 11:00] . SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe C:\Windows\system32\sppsvc.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskhost.exe C:\Program Files\Logitech\SetPointP\SetPoint.exe C:\Program Files\Logitech\ScrollApp\KhalScroll.exe C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uInternet Settings,ProxyOverride = *.local BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GR469A~1.DLL BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.0 runtime\bin\jp2ssv.dll BHO: Logitech Scroll App: {e11db59d-5008-42ff-9069-535843bc0be1} - c:\program files\logitech\scrollapp\LogiSmooth.dll BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming mRun: [LogiScrollApp] c:\program files\logitech\scrollapp\KhalScroll.exe mRunOnce: [NCInstallQueue] rundll32 netman.dll,ProcessQueue mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) IE: Append to existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert link target to existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab TCP: DhcpNameServer = 192.168.1.254 TCP: Interfaces\{215D1F73-2E3A-427A-B96C-78503BF63428} : DhcpNameServer = 192.168.1.254 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GRA32A~1.DLL Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll SSODL: Windows Task Services - c:\users\cameron\appdata\roaming\6CD7.exe - No File SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GR469A~1.DLL Hosts: 127.0.0.1 http //www.virustotal.com . ================= FIREFOX =================== . FF - ProfilePath - c:\users\cameron\appdata\roaming\mozilla\firefox\profiles\v6rwpdvy.default\ FF - plugin: c:\program files\java\jre7\bin\new_plugin\npjp2.dll FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll FF - plugin: c:\program files\oracle\javafx 2.0 runtime\bin\new_plugin\npjp2.dll FF - plugin: c:\windows\system32\npdeployJava1.dll FF - plugin: c:\windows\system32\npmproxy.dll . ============= SERVICES / DRIVERS =============== . R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128] R2 mi-raysat_3dsmax2010_32;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit;c:\program files\autodesk\3ds max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe [2009-3-12 86016] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2011-10-15 381248] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-11 139776] S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-11-28 366152] S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-11-5 2253120] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-11-28 22216] S4 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\common files\adobe\adobe version cue cs4\server\bin\VersionCueCS4.exe [2008-8-15 284016] . =============== Created Last 30 ================ . 2011-12-11 23:00:44 90112 ----a-w- c:\users\cameron\appdata\roaming\934C.exe 2011-12-11 23:00:39 135168 ----a-w- c:\users\cameron\appdata\roaming\7D3C.exe 2011-12-11 23:00:31 331776 ----a-w- c:\users\cameron\appdata\roaming\6190.tmp 2011-12-11 22:34:25 -------- d-sh--w- C:\$RECYCLE.BIN 2011-12-11 22:34:24 -------- d-----w- c:\users\cameron\appdata\local\temp 2011-12-11 22:28:02 98816 ----a-w- c:\windows\sed.exe 2011-12-11 22:28:02 518144 ----a-w- c:\windows\SWREG.exe 2011-12-11 22:28:02 256000 ----a-w- c:\windows\PEV.exe 2011-12-11 22:28:02 208896 ----a-w- c:\windows\MBR.exe 2011-12-11 19:47:45 -------- d-----w- c:\windows\pss 2011-12-11 01:58:25 -------- d-----w- c:\program files\The Elder Scrolls V Skyrim 2011-11-27 21:30:56 -------- d-----w- c:\users\cameron\appdata\roaming\Malwarebytes 2011-11-27 21:30:42 -------- d-----w- c:\programdata\Malwarebytes 2011-11-27 21:30:39 22216 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-11-27 21:30:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-11-26 21:44:43 131072 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll 2011-11-26 21:44:43 131072 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll 2011-11-26 21:44:43 131072 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll 2011-11-26 21:44:43 131072 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll 2011-11-26 21:44:43 131072 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll 2011-11-26 21:44:43 131072 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll 2011-11-26 21:44:43 131072 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll 2011-11-26 01:14:05 102400 ----a-w- c:\windows\system32\tsccvid.dll 2011-11-25 21:44:23 -------- d-----w- c:\program files\PerkPlanner 2011-11-23 22:31:56 -------- d-----w- c:\program files\Blockland 2011-11-13 09:00:53 -------- d-----w- c:\program files\Oracle 2011-11-13 08:58:50 632320 ----a-w- c:\windows\system32\npdeployJava1.dll 2011-11-13 08:14:19 270142 ----a-w- C:\Minecraft.exe . ==================== Find3M ==================== . 2011-11-27 22:37:32 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-11-14 02:19:59 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys 2011-11-05 02:34:05 691696 ----a-w- c:\windows\system32\drivers\sptd.sys 2011-10-18 10:50:24 561664 ----a-w- c:\windows\system32\deployJava1.dll 2011-10-14 13:54:52 321856 ----a-w- c:\windows\system32\nvStreaming.exe . ============= FINISH: 11:25:35.65 =============== Attach.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.