Jump to content

z270

Members
  • Posts

    9
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Hey, I did what you asked. But once again Combofix stopped my interent from functioning (I tried uninstalling my network driver and whatever I could find on google, via phone; nothing worked) and messed around with my settings once again. I just went ahead and reformatted again :/ since I know what was causing hte infection, hopefully this time everything will be fine. Sorry for the trouble and thanks!
  2. SystemLook 30.07.11 by jpshortstuff Log created at 22:45 on 19/09/2012 by Arya Administrator - Elevation successful ========== Filefind ========== Searching for "lsass.exe" C:\Windows\System32\lsass.exe --a---- 31232 bytes [05:00 18/09/2012] [06:33 17/11/2011] C118A82CD78818C29AB228366EBF81C3 C:\Windows\SysWOW64\lsass.exe ---h--- 32256 bytes [23:34 19/09/2012] [01:45 09/09/2012] EDE7875E5237FE99B729EE4EA66885A4 C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16385_none_023f7c69767c3edd\lsass.exe --a---- 31232 bytes [23:20 13/07/2009] [01:39 14/07/2009] 0793F40B9B8A1BDD266296409DBD91EA C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16484_none_023e7e05767d22ad\lsass.exe --a---- 31232 bytes [23:20 13/07/2009] [01:39 14/07/2009] 0793F40B9B8A1BDD266296409DBD91EA C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16915_none_028b374176436a30\lsass.exe --a---- 31232 bytes [05:00 18/09/2012] [07:05 17/11/2011] 156F6159457D0AA7E59B62681B56EB90 C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.17035_none_02756f8b7653d554\lsass.exe --a---- 31232 bytes [05:00 18/09/2012] [07:05 17/11/2011] 156F6159457D0AA7E59B62681B56EB90 C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.20594_none_02bd4ae48fa2de68\lsass.exe --a---- 31232 bytes [23:20 13/07/2009] [01:39 14/07/2009] 0793F40B9B8A1BDD266296409DBD91EA C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.21092_none_02bb2a0a8fa4d398\lsass.exe --a---- 31232 bytes [05:00 18/09/2012] [06:42 17/11/2011] D21BD47E528CD62E79311FB5DF0150E6 C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.21225_none_0309de288f695654\lsass.exe --a---- 31232 bytes [05:00 18/09/2012] [05:30 02/06/2012] BF63CE11A25F3509129888710D5111FC C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17514_none_04709031736ac277\lsass.exe --a---- 31232 bytes [23:20 13/07/2009] [01:39 14/07/2009] 0793F40B9B8A1BDD266296409DBD91EA C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17725_none_0466c45b7371f20d\lsass.exe --a---- 31232 bytes [05:00 18/09/2012] [06:33 17/11/2011] C118A82CD78818C29AB228366EBF81C3 C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17856_none_044756c773895c5e\lsass.exe --a---- 31232 bytes [05:00 18/09/2012] [06:33 17/11/2011] C118A82CD78818C29AB228366EBF81C3 C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.21861_none_04c1204e8cb39c3f\lsass.exe --a---- 31232 bytes [05:00 18/09/2012] [06:20 17/11/2011] 0A10B74FBB437FF9A23F1D5DE4446A83 C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22010_none_04f609a88c8c279c\lsass.exe --a---- 31232 bytes [05:00 18/09/2012] [07:51 04/06/2012] 79C908CAA6F43021EB05F4C733A927D1 -= EOF =-
  3. Sorry it seems that hte formating was lost.
  4. I uploaded the lsass.exe (C:\Windows\SysWOW64\lsass.exe) to virustotal for a scan: https://www.virustotal.com/file/5733db5597d48b6e0a573e25b856455bb7f5ca17cf06f51bee109a8a0adaf27b/analysis/1348108329/ SHA256: 5733db5597d48b6e0a573e25b856455bb7f5ca17cf06f51bee109a8a0adaf27b SHA1: 3e98503d45b59936493fb795f447eb65efabb62d MD5: ede7875e5237fe99b729ee4ea66885a4 File size: 31.5 KB ( 32256 bytes ) File name: lsass.exe File type: Win32 EXE Detection ratio: 21 / 43 Analysis date: 2012-09-20 02:32:09 UTC ( 0 minutes ago ) 0 0 More details Antivirus Result Update Agnitum - 20120919 AhnLab-V3 - 20120919 AntiVir TR/Kazy.90857.2 20120920 Antiy-AVL - 20120911 Avast MSIL:Downloader-GA [Trj] 20120920 AVG Generic29.BAEA 20120920 BitDefender Gen:Variant.Kazy.90857 20120920 ByteHero - 20120919 CAT-QuickHeal - 20120918 ClamAV - 20120919 Commtouch - 20120920 Comodo UnclassifiedMalware 20120920 DrWeb - 20120920 Emsisoft Backdoor.MSIL!IK 20120919 eSafe - 20120919 ESET-NOD32 - 20120919 F-Prot - 20120920 F-Secure Gen:Variant.Kazy.90857 20120920 Fortinet W32/Jorik_Arcdoor.BDA!tr 20120920 GData Gen:Variant.Kazy.90857 20120920 Ikarus Backdoor.MSIL 20120920 Jiangmin - 20120919 K7AntiVirus Trojan 20120919 Kaspersky Trojan.Win32.Jorik.Arcdoor.bda 20120920 Kingsoft - 20120918 McAfee Artemis!EDE7875E5237 20120920 McAfee-GW-Edition Artemis!EDE7875E5237 20120919 Microsoft - 20120920 Norman W32/Suspicious_Gen4.BBZJR 20120918 nProtect - 20120919 Panda Trj/OCJ.A 20120919 PCTools - 20120920 Rising - 20120919 Sophos - 20120920 SUPERAntiSpyware Trojan.Agent/Gen-Falint 20120911 Symantec - 20120920 TheHacker - 20120918 TotalDefense - 20120919 TrendMicro TROJ_SPNR.07II12 20120920 TrendMicro-HouseCall TROJ_SPNR.07II12 20120920 VBA32 Trojan.Jorik.Arcdoor.bda 20120919 VIPRE Trojan.Win32.Generic!BT 20120920 ViRobot - 20120919
  5. It seems that something I am installing is causing the problem. Once again I saw that lsass.exe was acting funny so I ran combofix again. This is the log: ComboFix 12-09-18.07 - Arya 19/09/2012 20:36:33.1.4 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1252.2.1033.18.4095.2690 [GMT -4:00] Running from: c:\users\Arya\Downloads\Programs\ComboFix.exe SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files (x86)\Common Files\lsass.exe c:\users\Arya\AppData\Roaming\lsass.exe D:\install.exe . c:\windows\SysWow64\lsass.exe . . . is infected!! . . ((((((((((((((((((((((((( Files Created from 2012-08-20 to 2012-09-20 ))))))))))))))))))))))))))))))) . . 2012-09-19 23:52 . 2012-09-19 23:52 -------- d-----w- c:\program files (x86)\CDisplayEx 2012-09-19 23:37 . 2012-09-19 23:37 560184 ----a-w- c:\windows\system32\drivers\sptd.sys 2012-09-19 23:37 . 2012-09-19 23:37 -------- d-----w- c:\program files (x86)\DAEMON Tools Lite 2012-09-19 23:36 . 2012-09-19 23:36 -------- d-----w- c:\programdata\DAEMON Tools Lite 2012-09-19 23:34 . 2012-09-19 23:34 -------- d-----w- c:\program files (x86)\Internet Download Manager 2012-09-19 23:34 . 2012-09-09 01:45 32256 ---h--w- c:\windows\SysWow64\lsass.exe 2012-09-19 04:38 . 2012-09-19 04:38 -------- d-----w- c:\program files (x86)\FastStone Image Viewer 2012-09-19 04:18 . 2012-09-19 04:19 -------- d-----w- c:\program files (x86)\Common Files\Adobe 2012-09-19 02:04 . 2006-12-08 16:02 251672 ----a-w- c:\windows\SysWow64\xactengine2_5.dll 2012-09-19 01:53 . 2012-09-19 01:53 -------- d-----w- c:\program files (x86)\Common Files\Skype 2012-09-19 01:53 . 2012-09-19 01:53 -------- d-----r- c:\program files (x86)\Skype 2012-09-19 01:53 . 2012-09-19 01:53 -------- d-----w- c:\programdata\Skype 2012-09-19 00:57 . 2012-09-19 00:57 419840 ----a-w- c:\windows\system32\wrap_oal.dll 2012-09-19 00:57 . 2012-09-19 00:57 413696 ----a-w- c:\windows\SysWow64\wrap_oal.dll 2012-09-19 00:57 . 2012-09-19 00:57 133632 ----a-w- c:\windows\system32\OpenAL32.dll 2012-09-19 00:57 . 2012-09-19 00:57 110592 ----a-w- c:\windows\SysWow64\OpenAL32.dll 2012-09-19 00:57 . 2009-04-02 15:33 2873820 ------w- c:\windows\SysWow64\Sens_oal.dll 2012-09-19 00:24 . 2012-09-19 00:24 -------- d-----w- c:\program files (x86)\Microsoft.NET 2012-09-19 00:16 . 2012-09-19 00:16 -------- d-----w- c:\program files (x86)\MSXML 4.0 2012-09-19 00:15 . 2012-09-19 00:56 -------- d-----w- c:\program files (x86)\Common Files\Steam 2012-09-19 00:14 . 2012-09-20 00:32 -------- d-----w- c:\program files (x86)\Steam 2012-09-19 00:10 . 2003-06-13 03:25 7062 ----a-w- c:\windows\SysWow64\audiopid.vxd 2012-09-19 00:09 . 2012-09-19 00:09 -------- d-----w- c:\program files (x86)\Common Files\Creative 2012-09-19 00:09 . 2012-09-19 00:58 -------- d--h--w- c:\program files (x86)\Creative Installation Information 2012-09-19 00:09 . 2009-04-02 15:38 1908736 ------w- c:\windows\system32\Sens_oal.dll 2012-09-19 00:08 . 2012-09-19 00:08 -------- d-----w- c:\program files (x86)\Common Files\Creative Labs Shared 2012-09-19 00:08 . 2012-09-19 00:58 -------- d-----w- c:\program files\Creative 2012-09-19 00:07 . 2012-09-19 00:56 -------- d-----w- c:\programdata\Creative 2012-09-19 00:07 . 2009-03-26 18:48 190976 ----a-w- c:\windows\system32\APOMgr64.DLL 2012-09-19 00:07 . 2009-03-26 18:46 148480 ----a-w- c:\windows\SysWow64\APOMngr.DLL 2012-09-19 00:07 . 2009-02-06 22:53 89088 ----a-w- c:\windows\system32\CmdRtr64.DLL 2012-09-19 00:07 . 2009-02-06 22:52 73728 ----a-w- c:\windows\SysWow64\CmdRtr.DLL 2012-09-19 00:06 . 2012-09-19 00:56 -------- d-----w- c:\program files (x86)\Creative 2012-09-19 00:06 . 2005-06-15 15:09 10752 ----a-w- c:\windows\system32\INRES.DLL 2012-09-19 00:06 . 2005-06-15 15:07 11264 ----a-w- c:\windows\SysWow64\INRES.DLL 2012-09-19 00:06 . 2012-09-19 00:06 -------- d-----w- c:\programdata\WEBREG 2012-09-19 00:06 . 2009-07-14 01:41 257024 ----a-w- c:\windows\system32\Spool\prtprocs\x64\hpzppw72.dll 2012-09-19 00:04 . 2012-09-19 00:04 -------- d-----w- c:\programdata\HP Product Assistant 2012-09-18 23:42 . 2012-09-18 23:42 -------- d-----w- c:\program files (x86)\Common Files\Hewlett-Packard 2012-09-18 23:42 . 2012-09-18 23:42 -------- d-----w- c:\program files (x86)\Common Files\HP 2012-09-18 23:41 . 2012-09-18 23:43 -------- d-----w- c:\program files (x86)\HP 2012-09-18 23:40 . 2012-09-19 00:06 -------- d-----w- c:\programdata\HP 2012-09-18 23:40 . 2009-07-08 10:51 966656 ----a-w- c:\windows\system32\hposwia_p01a.dll 2012-09-18 23:40 . 2009-07-08 10:51 642360 ----a-w- c:\windows\system32\hpzids40.dll 2012-09-18 23:40 . 2009-07-08 10:51 551424 ----a-w- c:\windows\system32\hppldcoi.dll 2012-09-18 23:40 . 2009-07-08 10:51 512512 ----a-w- c:\windows\system32\hposc_p01a.dll 2012-09-18 23:40 . 2009-07-08 10:51 1411584 ----a-w- c:\windows\system32\hpost_p01a.dll 2012-09-18 23:00 . 2010-11-20 09:03 3584 ----a-w- c:\windows\system32\drivers\en-US\vpchbus.sys.mui 2012-09-18 22:57 . 2012-09-18 22:58 -------- d-----w- c:\program files\Windows XP Mode 2012-09-18 22:44 . 2007-05-07 22:19 85504 ----a-w- c:\windows\SysWow64\DeathAdder64.cpl 2012-09-18 22:44 . 2010-10-01 04:16 13312 ----a-w- c:\windows\system32\drivers\VKbms.sys 2012-09-18 22:44 . 2010-09-30 00:45 6656 ----a-w- c:\windows\system32\drivers\hidkmdf.sys 2012-09-18 22:44 . 2010-03-23 20:37 12032 ----a-w- c:\windows\system32\drivers\danew.sys 2012-09-18 22:44 . 2012-09-18 22:44 -------- d-----w- c:\program files (x86)\Razer 2012-09-18 21:43 . 2012-08-23 00:58 112640 ----a-w- c:\windows\SysWow64\ff_vfw.dll 2012-09-18 21:43 . 2012-08-23 00:56 47616 ----a-w- c:\windows\SysWow64\ff_acm.acm 2012-09-18 21:43 . 2012-09-18 21:43 -------- d-----w- c:\program files (x86)\ffdshow 2012-09-18 21:41 . 2012-09-18 21:41 -------- d-----w- c:\program files (x86)\Haali 2012-09-18 21:39 . 2012-09-18 21:39 -------- d-----w- c:\program files (x86)\LAV Filters 2012-09-18 18:46 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys 2012-09-18 18:46 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys 2012-09-18 18:45 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-09-18 18:45 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys 2012-09-18 18:45 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS 2012-09-18 18:45 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll 2012-09-18 18:45 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll 2012-09-18 18:10 . 2012-09-18 18:10 73136 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-09-18 18:10 . 2012-09-18 18:10 696240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-09-18 18:10 . 2012-09-18 18:10 -------- d-----w- c:\windows\SysWow64\Macromed 2012-09-18 18:10 . 2012-09-18 18:10 -------- d-----w- c:\windows\system32\Macromed 2012-09-18 18:08 . 2012-08-28 05:49 9310152 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{162B6E4E-ED5C-40AC-981A-58443699DF5D}\mpengine.dll 2012-09-18 18:06 . 2012-09-18 18:06 -------- d-----w- c:\windows\system32\SPReview 2012-09-18 18:05 . 2012-09-18 18:05 -------- d-----w- c:\windows\system32\EventProviders 2012-09-18 18:03 . 2010-11-20 13:26 1632256 ----a-w- c:\windows\system32\dwmcore.dll 2012-09-18 18:02 . 2010-11-20 12:21 363008 ----a-w- c:\windows\SysWow64\wbemcomn.dll 2012-09-18 18:02 . 2010-11-20 12:21 189952 ----a-w- c:\program files (x86)\Windows Portable Devices\sqmapi.dll 2012-09-18 18:02 . 2010-11-20 12:19 606208 ----a-w- c:\windows\SysWow64\wbem\fastprox.dll 2012-09-18 18:01 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll 2012-09-18 18:01 . 2010-11-20 13:27 244736 ----a-w- c:\program files\Windows Portable Devices\sqmapi.dll 2012-09-18 18:01 . 2010-11-20 13:27 244736 ----a-w- c:\windows\system32\sqmapi.dll 2012-09-18 17:52 . 2012-09-18 17:52 -------- d-----w- c:\program files\7-Zip 2012-09-18 16:57 . 2012-09-19 23:52 -------- d-sh--w- c:\windows\Installer 2012-09-18 16:57 . 2012-09-18 17:25 -------- d-----w- c:\programdata\NVIDIA 2012-09-18 16:57 . 2012-08-30 16:18 891240 ----a-w- c:\windows\system32\nvvsvc.exe 2012-09-18 16:57 . 2012-08-30 16:18 63336 ----a-w- c:\windows\system32\nvshext.dll 2012-09-18 16:57 . 2012-08-30 16:18 118120 ----a-w- c:\windows\system32\nvmctray.dll 2012-09-18 16:57 . 2012-08-30 16:18 3487434 ----a-w- c:\windows\system32\nvcoproc.bin 2012-09-18 16:57 . 2012-08-30 16:18 3266920 ----a-w- c:\windows\system32\nvsvc64.dll 2012-09-18 16:57 . 2012-08-30 16:17 6198120 ----a-w- c:\windows\system32\nvcpl.dll 2012-09-18 16:57 . 2012-08-30 19:14 60776 ----a-w- c:\windows\system32\OpenCL.dll 2012-09-18 16:57 . 2012-08-30 19:14 52584 ----a-w- c:\windows\SysWow64\OpenCL.dll 2012-09-18 16:57 . 2012-09-18 16:57 -------- d-----w- c:\programdata\NVIDIA Corporation 2012-09-18 16:57 . 2012-09-18 17:25 -------- d-----w- c:\program files (x86)\NVIDIA Corporation 2012-09-18 16:55 . 2012-09-18 17:25 -------- d-----w- c:\program files\NVIDIA Corporation 2012-09-18 16:54 . 2012-09-18 16:54 -------- d-----w- C:\NVIDIA 2012-09-18 08:18 . 2012-09-18 04:25 -------- d-----w- c:\windows\Panther 2012-09-18 06:30 . 2011-02-19 12:05 1139200 ----a-w- c:\windows\system32\FntCache.dll 2012-09-18 06:30 . 2011-02-19 12:04 902656 ----a-w- c:\windows\system32\d2d1.dll 2012-09-18 06:30 . 2011-02-19 06:30 739840 ----a-w- c:\windows\SysWow64\d2d1.dll 2012-09-18 06:30 . 2012-09-18 06:30 -------- d-----w- c:\programdata\Malwarebytes 2012-09-18 06:23 . 2012-09-18 06:23 -------- d-----w- c:\windows\SysWow64\Wat 2012-09-18 06:23 . 2012-09-18 06:23 -------- d-----w- c:\windows\system32\Wat 2012-09-18 05:12 . 2012-09-18 05:12 -------- d-----w- c:\programdata\SUPERAntiSpyware.com 2012-09-18 05:06 . 2012-08-31 04:43 64462936 ----a-w- c:\windows\system32\MRT.exe 2012-09-18 05:03 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys 2012-09-18 05:03 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll 2012-09-18 05:03 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll 2012-09-18 05:03 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll 2012-09-18 05:03 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll 2012-09-18 05:03 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll 2012-09-18 05:03 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll 2012-09-18 04:59 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll 2012-09-18 04:58 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll 2012-09-18 04:57 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll 2012-09-18 04:57 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll 2012-09-18 04:57 . 2011-02-23 04:55 90624 ----a-w- c:\windows\system32\drivers\bowser.sys 2012-09-18 04:51 . 2011-05-03 05:29 976896 ----a-w- c:\windows\system32\inetcomm.dll 2012-09-18 04:51 . 2011-05-03 04:30 741376 ----a-w- c:\windows\SysWow64\inetcomm.dll 2012-09-18 04:51 . 2011-02-18 10:51 31232 ----a-w- c:\windows\system32\prevhost.exe 2012-09-18 04:51 . 2011-02-18 05:39 31232 ----a-w- c:\windows\SysWow64\prevhost.exe 2012-09-18 04:51 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll 2012-09-18 04:51 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll 2012-09-18 04:51 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll 2012-09-18 04:51 . 2011-11-05 04:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2012-09-18 04:50 . 2012-05-14 05:26 956928 ----a-w- c:\windows\system32\localspl.dll . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-09-18 18:27 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll 2012-09-18 18:27 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-09-19 1353080] "IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2012-09-09 3524032] "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-08-28 3671904] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-09-07 43608] "DeathAdder"="c:\program files (x86)\Razer\DeathAdder\razerhid.exe" [2011-03-21 248320] "P17RunE"="P17RunE.dll" [2008-03-28 14848] "Microsoft Corporation Search Indexer"="c:\windows\system32\lsass.exe" [2012-09-09 32256] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944] R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2012-09-19 79360] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 vpcuxd;USB Virtualization Stub Service;c:\windows\system32\DRIVERS\vpcuxd.sys [2010-11-20 16384] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-09-18 1255736] S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960] S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2012-08-02 158944] S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\DRIVERS\l160x64.sys [2009-10-13 61440] S3 danewFltr;NewDeathAdder Mouse;c:\windows\system32\drivers\danew.sys [2010-03-23 12032] S3 VKbms;Virtual HID Minidriver;c:\windows\system32\DRIVERS\VKbms.sys [2010-10-01 13312] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension] @="{CDC95B92-E27C-4745-A8C5-64A52A78855D}" [HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}] 2012-02-08 00:49 23432 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-03-27 12459112] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm TCP: DhcpNameServer = 192.168.1.1 DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab FF - ProfilePath - c:\users\Arya\AppData\Roaming\Mozilla\Firefox\Profiles\kkdqri70.default-1348016445399\ FF - prefs.js: browser.startup.homepage - chrome://speeddial/content/speeddial.xul . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKCU-Run-Microsoft Corporation Search Indexer - c:\users\Arya\AppData\Roaming\lsass.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}] @Denied: (A 2) (Everyone) @="IFlashBroker3" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe . ************************************************************************** . Completion time: 2012-09-19 20:47:49 - machine was rebooted ComboFix-quarantined-files.txt 2012-09-20 00:47 . Pre-Run: 23,606,964,224 bytes free Post-Run: 25,926,258,688 bytes free . - - End Of File - - 04F79462920FF685EDF4FB2741C2DEC2 From what I see, lsass.exe was created right before Internet Download Manager, which I think has the trojan. Combofix however screws up my system somehow (puts random folders in places, stops my internet from functioning and starts displaying $RECYCLE.BIN folders in my drives which I am hesitant to delete. So I did a restore point ($RECYCLE.BIN is still there though) and installed malwarebytes. The following two logs are from teh scans: Malwarebytes Anti-Malware 1.65.0.1400 www.malwarebytes.org Database version: v2012.09.20.01 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Arya :: PERSIA [administrator] 19/09/2012 9:25:20 PM mbam-log-2012-09-19 (21-25-20).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 197239 Time elapsed: 1 minute(s), 58 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 2 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Microsoft Corporation Search Indexer (Trojan.Delf) -> Data: "C:\Users\Arya\AppData\Roaming\lsass.exe" -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Microsoft Corporation Search Indexer (Trojan.Agent) -> Data: "C:\Windows\system32\lsass.exe" -> Quarantined and deleted successfully. Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 3 C:\Users\Arya\AppData\Roaming\lsass.exe (Trojan.Delf) -> Quarantined and deleted successfully. C:\Users\Arya\AppData\Local\Temp\lsass.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Program Files (x86)\Common Files\lsass.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully. (end) Malwarebytes Anti-Malware 1.65.0.1400 www.malwarebytes.org Database version: v2012.09.20.01 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Arya :: PERSIA [administrator] 19/09/2012 9:28:02 PM mbam-log-2012-09-19 (21-28-02).txt Scan type: Full scan (C:\|D:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 418491 Time elapsed: 32 minute(s), 2 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Going to do a quickscan now.
  6. Alright, thanks for your help. Have a good day! Please close this thread now.
  7. Awesome. I don't need to check the files on the other partition either? Thanks MrCharlie
  8. RogueKiller: RogueKiller V8.0.3 [09/13/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Arya [Admin rights] Mode : Scan -- Date : 09/18/2012 17:54:23 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 3 ¤¤¤ [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST3500320AS ATA Device +++++ --- User --- [MBR] 2affabbd9e10be9ab0a63e758d26d6f4 [bSP] 8e5db028d4964658b6060ac891226926 : Windows 7 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 59900 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 122882048 | Size: 416938 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1].txt >> RKreport[1].txt AdwCleaner # AdwCleaner v2.002 - Logfile created 09/18/2012 at 17:54:51 # Updated 16/09/2012 by Xplode # Operating system : Windows 7 Professional Service Pack 1 (64 bits) # User : Arya - PERSIA # Boot Mode : Normal # Running from : C:\Users\Arya\Desktop\adwcleaner.exe # Option [search] ***** [services] ***** ***** [Files / Folders] ***** ***** [Registry] ***** ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16421 [OK] Registry is clean. -\\ Mozilla Firefox v15.0.1 (en-US) Profile name : default File : C:\Users\Arya\AppData\Roaming\Mozilla\Firefox\Profiles\2i8bwflo.default\prefs.js [OK] File is clean. ************************* AdwCleaner[R1].txt - [689 octets] - [18/09/2012 17:54:51] ########## EOF - C:\AdwCleaner[R1].txt - [748 octets] ##########
  9. Hi there, Last night I accidentally installed the babylon tool bar and it brought with something called browser manager that started to mess up my computer. I couldnt use the process manager and my antivirus and IP blocker both stopped run (ESET and PeerBlock). Previously, lsass.exe was also infected, though I didn't know about that until after the babylon incident (I ran combofix and it found it, but couldn't fix it). I have my drive set into two partitions, one for the OS and another for personal files. I didn't have time to try to fix the OS so I simply reinstalled windows (deleted the old OS partition/formated it from the windows 7 install disk, which I don't think actually erases the data, simply marks the clusters as free?). I just want to make sure there arent any traces of the old malware carrying over somehow (perhaps from files on my other partition). I installed both Malwarebytes and superantispyware and ran them both without finding anything. Perhaps I'm a bit anal but I thought Id ask you guys if there is anything else I can do to check. Cheers and thank you! . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 Run by Arya at 13:36:32 on 2012-09-18 Microsoft Windows 7 Professional 6.1.7600.0.1252.2.1033.18.4095.2408 [GMT -4:00] . SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe C:\Windows\system32\sppsvc.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\system32\wuauclt.exe C:\Windows\system32\svchost.exe -k SDRSVC C:\Windows\system32\wbengine.exe C:\Windows\system32\vssvc.exe C:\Windows\System32\svchost.exe -k swprv C:\Windows\System32\vds.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . mWinlogon: Userinit=userinit.exe mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{82B35ED5-47FC-4DFB-80A9-35C138FEECDB} : DhcpNameServer = 192.168.1.1 mRun-x64: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Arya\AppData\Roaming\Mozilla\Firefox\Profiles\2i8bwflo.default\ . ============= SERVICES / DRIVERS =============== . R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;C:\Windows\system32\DRIVERS\l160x64.sys --> C:\Windows\system32\DRIVERS\l160x64.sys [?] S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] . =============== Created Last 30 ================ . 2012-09-18 16:56:50 971624 ----a-w- C:\Windows\System32\nvumdshimx.dll 2012-09-18 16:55:20 -------- d-----w- C:\Program Files\NVIDIA Corporation 2012-09-18 16:54:58 -------- d-----w- C:\NVIDIA 2012-09-18 08:18:03 -------- d-----w- C:\Windows\Panther 2012-09-18 06:30:27 1135104 ----a-w- C:\Windows\System32\FntCache.dll 2012-09-18 06:30:25 -------- d-----w- C:\Users\Arya\AppData\Roaming\Malwarebytes 2012-09-18 06:30:18 -------- d-----w- C:\ProgramData\Malwarebytes 2012-09-18 06:23:42 -------- d-----w- C:\Windows\SysWow64\Wat 2012-09-18 06:23:42 -------- d-----w- C:\Windows\System32\Wat 2012-09-18 05:54:48 367104 ----a-w- C:\Windows\System32\wcncsvc.dll 2012-09-18 05:54:47 276992 ----a-w- C:\Windows\SysWow64\wcncsvc.dll 2012-09-18 05:35:41 311808 ----a-w- C:\Windows\System32\msv1_0.dll 2012-09-18 05:35:41 257024 ----a-w- C:\Windows\SysWow64\msv1_0.dll 2012-09-18 05:23:23 14336 ----a-w- C:\Windows\System32\drivers\sffp_sd.sys 2012-09-18 05:18:00 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll 2012-09-18 05:18:00 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll 2012-09-18 05:18:00 48960 ----a-w- C:\Windows\System32\netfxperf.dll 2012-09-18 05:18:00 444752 ----a-w- C:\Windows\System32\mscoree.dll 2012-09-18 05:18:00 320352 ----a-w- C:\Windows\System32\PresentationHost.exe 2012-09-18 05:18:00 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll 2012-09-18 05:18:00 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe 2012-09-18 05:18:00 1942856 ----a-w- C:\Windows\System32\dfshim.dll 2012-09-18 05:18:00 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll 2012-09-18 05:18:00 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll 2012-09-18 05:12:48 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com 2012-09-18 05:03:10 80896 ----a-w- C:\Windows\System32\imagehlp.dll 2012-09-18 05:03:10 5120 ----a-w- C:\Windows\SysWow64\wmi.dll 2012-09-18 05:03:10 5120 ----a-w- C:\Windows\System32\wmi.dll 2012-09-18 05:03:10 22896 ----a-w- C:\Windows\System32\drivers\fs_rec.sys 2012-09-18 05:03:10 220672 ----a-w- C:\Windows\System32\wintrust.dll 2012-09-18 05:03:10 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll 2012-09-18 05:03:10 158720 ----a-w- C:\Windows\SysWow64\imagehlp.dll 2012-09-18 05:01:29 243712 ----a-w- C:\Windows\System32\drivers\ks.sys 2012-09-18 04:59:59 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll 2012-09-18 04:58:59 223448 ----a-w- C:\Windows\System32\drivers\fvevol.sys 2012-09-18 04:57:59 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys 2012-09-18 04:57:59 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll 2012-09-18 04:57:59 634368 ----a-w- C:\Windows\System32\msvcrt.dll 2012-09-18 04:57:58 112000 ----a-w- C:\Windows\System32\consent.exe 2012-09-18 04:51:26 976896 ----a-w- C:\Windows\System32\inetcomm.dll 2012-09-18 04:51:26 740864 ----a-w- C:\Windows\SysWow64\inetcomm.dll 2012-09-18 04:51:08 31232 ----a-w- C:\Windows\SysWow64\prevhost.exe 2012-09-18 04:51:08 31232 ----a-w- C:\Windows\System32\prevhost.exe 2012-09-18 04:51:05 1739160 ----a-w- C:\Windows\System32\ntdll.dll 2012-09-18 04:51:05 1292592 ----a-w- C:\Windows\SysWow64\ntdll.dll 2012-09-18 04:51:00 2048 ----a-w- C:\Windows\SysWow64\tzres.dll 2012-09-18 04:51:00 2048 ----a-w- C:\Windows\System32\tzres.dll 2012-09-18 04:49:39 9728 ----a-w- C:\Windows\SysWow64\sscore.dll 2012-09-18 04:49:39 236032 ----a-w- C:\Windows\System32\srvsvc.dll 2012-09-18 04:47:55 77312 ----a-w- C:\Windows\System32\packager.dll 2012-09-18 04:47:55 67072 ----a-w- C:\Windows\SysWow64\packager.dll 2012-09-18 04:45:20 2622464 ----a-w- C:\Windows\System32\wucltux.dll 2012-09-18 04:45:16 99840 ----a-w- C:\Windows\System32\wudriver.dll 2012-09-18 04:45:11 36864 ----a-w- C:\Windows\System32\wuapp.exe 2012-09-18 04:45:11 186752 ----a-w- C:\Windows\System32\wuwebv.dll 2012-09-18 04:38:53 315904 ----a-w- C:\Windows\SysWow64\Difxf8ee.rra 2012-09-18 04:38:53 1976920 ------w- C:\Windows\SysWow64\xRaidSetup.exe 2012-09-18 04:38:53 162392 ------w- C:\Windows\SysWow64\xRaidAPI.dll 2012-09-18 04:38:48 -------- d-----w- C:\Windows\RaidTool 2012-09-18 04:38:31 753664 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll 2012-09-18 04:38:31 69714 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll 2012-09-18 04:38:31 63488 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ISBEW64.exe 2012-09-18 04:38:31 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe 2012-09-18 04:38:31 274432 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll 2012-09-18 04:38:31 184320 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll 2012-09-18 04:38:30 331908 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll 2012-09-18 04:38:30 200836 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll 2012-09-18 04:27:18 53248 ----a-w- C:\Windows\SysWow64\CSVer.dll 2012-09-18 04:27:11 -------- d-----w- C:\Intel . ==================== Find3M ==================== . 2012-08-30 19:14:00 9066344 ----a-w- C:\Windows\System32\nvcuda.dll 2012-08-30 16:18:05 891240 ----a-w- C:\Windows\System32\nvvsvc.exe 2012-08-30 16:18:05 63336 ----a-w- C:\Windows\System32\nvshext.dll 2012-08-30 16:18:05 118120 ----a-w- C:\Windows\System32\nvmctray.dll 2012-08-30 16:18:04 3487434 ----a-w- C:\Windows\System32\nvcoproc.bin 2012-08-30 16:18:01 3266920 ----a-w- C:\Windows\System32\nvsvc64.dll 2012-08-30 16:17:59 6198120 ----a-w- C:\Windows\System32\nvcpl.dll 2012-08-02 17:55:04 574464 ----a-w- C:\Windows\System32\d3d10level9.dll 2012-08-02 17:05:42 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll 2012-07-18 17:31:12 3146752 ----a-w- C:\Windows\System32\win32k.sys 2012-07-04 22:01:38 58880 ----a-w- C:\Windows\System32\browcli.dll 2012-07-04 22:01:38 136704 ----a-w- C:\Windows\System32\browser.dll 2012-07-04 21:23:55 41472 ----a-w- C:\Windows\SysWow64\browcli.dll . ============= FINISH: 13:36:48.19 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Professional Boot Device: \Device\HarddiskVolume1 Install Date: 18/09/2012 12:25:03 AM System Uptime: 18/09/2012 12:58:42 PM (1 hours ago) . Motherboard: ASUSTeK Computer INC. | | P5K Processor: Intel® Core2 Quad CPU Q9450 @ 2.66GHz | LGA775 | 2664/333mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 58 GiB total, 37.445 GiB free. D: is FIXED (NTFS) - 407 GiB total, 91.743 GiB free. E: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: Description: Multimedia Audio Controller Device ID: PCI\VEN_1102&DEV_0007&SUBSYS_10131102&REV_00\4&1542FBD&0&10F0 Manufacturer: Name: Multimedia Audio Controller PNP Device ID: PCI\VEN_1102&DEV_0007&SUBSYS_10131102&REV_00\4&1542FBD&0&10F0 Service: . Class GUID: {4d36e96b-e325-11ce-bfc1-08002be10318} Description: Standard PS/2 Keyboard Device ID: ACPI\PNP0303\4&20D7719E&0 Manufacturer: (Standard keyboards) Name: Standard PS/2 Keyboard PNP Device ID: ACPI\PNP0303\4&20D7719E&0 Service: i8042prt . Class GUID: Description: USB Camera-B4.04.27.1 Device ID: USB\VID_1415&PID_2000&MI_00\6&237E75F4&0&0000 Manufacturer: Name: USB Camera-B4.04.27.1 PNP Device ID: USB\VID_1415&PID_2000&MI_00\6&237E75F4&0&0000 Service: . ==== System Restore Points =================== . RP1: 18/09/2012 12:38:40 AM - Installed JMicron JMB36X Driver RP2: 18/09/2012 12:45:01 AM - Windows Update RP3: 18/09/2012 12:58:13 AM - Windows Update RP4: 18/09/2012 1:01:06 AM - Windows Update RP5: 18/09/2012 2:30:29 AM - Windows Update . ==== Installed Programs ====================== . JMicron JMB36X Driver Mozilla Firefox 15.0.1 (x86 en-US) NVIDIA PhysX Realtek High Definition Audio Driver . ==== Event Viewer Messages From Past Week ======== . 18/09/2012 2:28:46 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80242016: Update for Internet Explorer 8 Compatibility View List for Windows 7 for x64-based Systems (KB2598845). 18/09/2012 2:28:46 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80242016: Security Update for Internet Explorer 8 for Windows 7 for x64-based Systems (KB2544521). 18/09/2012 2:26:23 AM, Error: Service Control Manager [7023] - 18/09/2012 2:22:07 AM, Error: Service Control Manager [7043] - The Windows Modules Installer service did not shut down properly after receiving a preshutdown control. . ==== End Of File =========================== Forgot to note that lsass.exe kept trying to contact with a certain address, though I blocked it with ESET. The times I did let it through, ESET blocked the access anyways as a bad link.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.