Jump to content

Aquarius1993

Members
  • Posts

    6
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Heres the combo.txt after the above scan! ComboFix 13-05-22.01 - user 05/24/2013 0:28.2.1 - x64 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.1918.1215 [GMT 5.5:30] Running from: c:\users\user\Desktop\ComboFix.exe Command switches used :: c:\users\user\Desktop\CFScript.txt SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . FILE :: "c:\windows\\SystemRoot\System32\Drivers\cdafb340281089c5.sys" "c:\windows\system32\HtsysmNT.sys" "c:\windows\SystemRoot\System32\Drivers\cdafb340281089c5.sys" . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_CDAFB340281089C5 -------\Service_cdafb340281089c5 -------\Service_Htsysm . . ((((((((((((((((((((((((( Files Created from 2013-04-23 to 2013-05-23 ))))))))))))))))))))))))))))))) . . 2013-05-23 19:07 . 2013-05-23 19:07 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2013-05-23 19:07 . 2013-05-23 19:07 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-05-23 19:07 . 2013-05-23 19:07 -------- d-----w- c:\users\1\AppData\Local\temp 2013-05-23 06:54 . 2013-05-23 06:54 -------- d-----w- c:\windows\SysWow64\searchplugins 2013-05-23 06:54 . 2013-05-23 06:54 -------- d-----w- c:\windows\SysWow64\Extensions 2013-05-23 06:53 . 2013-05-23 06:53 -------- d-----w- c:\programdata\BrowserProtect 2013-05-23 06:53 . 2013-05-23 06:53 -------- d-----w- c:\users\user\AppData\Roaming\BabSolution 2013-05-23 06:53 . 2013-05-23 19:10 -------- d-----w- c:\users\user\AppData\Roaming\Yontoo 2013-05-23 06:53 . 2013-05-23 06:53 -------- d-----w- c:\program files (x86)\Yontoo 2013-05-23 06:53 . 2013-05-23 06:53 -------- d-----w- c:\users\user\AppData\Roaming\Delta 2013-05-23 06:53 . 2013-05-23 06:53 -------- d-----w- c:\program files (x86)\Delta 2013-05-23 06:52 . 2013-05-23 06:53 -------- d-----w- c:\programdata\Tarma Installer 2013-05-23 06:52 . 2013-05-23 06:52 -------- d-----w- c:\users\user\AppData\Roaming\Babylon 2013-05-23 06:52 . 2013-05-23 06:52 -------- d-----w- c:\programdata\Babylon 2013-05-23 06:51 . 2013-05-23 06:51 -------- d-----w- c:\users\user\AppData\Roaming\DSite 2013-05-21 19:53 . 2013-05-22 08:08 -------- d-----w- c:\users\user\AppData\Roaming\Wise Game Booster 2013-05-21 19:53 . 2013-05-21 19:53 41 ----a-w- C:\user.js 2013-05-21 19:53 . 2013-05-21 19:53 -------- d-----w- c:\program files (x86)\tuvaro 2013-05-21 19:53 . 2013-05-21 19:53 -------- d-----w- c:\users\user\AppData\Roaming\tuvaro 2013-05-21 19:08 . 2013-05-23 19:10 -------- d-----w- c:\users\user\AppData\Roaming\Wise Care 365 2013-05-21 19:07 . 2013-05-21 19:53 -------- d-----w- c:\program files (x86)\Wise 2013-05-21 18:28 . 2013-05-22 16:51 -------- d-----w- c:\users\user\AppData\Roaming\WinDefenders 2013-05-21 13:25 . 2013-05-21 13:26 -------- d-----w- c:\users\user\AppData\Roaming\FBpKz 2013-05-20 19:10 . 2013-05-20 19:10 -------- d-sh--w- c:\users\user\AppData\Roaming\msnmsg 2013-05-14 19:04 . 2013-05-14 19:04 -------- d-----w- c:\program files (x86)\Common Files\Skype 2013-05-09 10:22 . 2013-05-09 10:22 -------- d-----w- c:\users\user\AppData\Roaming\Proxifier 2013-05-09 10:19 . 2012-11-22 13:27 76392 ----a-w- c:\windows\system32\PrxerDrv.dll 2013-05-09 10:19 . 2012-11-22 13:27 57448 ----a-w- c:\windows\system32\PrxerNsp.dll 2013-05-09 10:19 . 2012-11-22 13:27 103016 ----a-w- c:\windows\system32\ProxifierShellExt.dll 2013-05-09 10:19 . 2012-11-22 13:27 70248 ----a-w- c:\windows\SysWow64\PrxerDrv.dll 2013-05-09 10:19 . 2012-11-22 13:27 56424 ----a-w- c:\windows\SysWow64\PrxerNsp.dll 2013-05-09 10:19 . 1997-06-06 10:22 11264 ----a-w- c:\windows\SysWow64\SPORDER.DLL 2013-05-09 10:19 . 2012-11-22 13:27 91240 ----a-w- c:\windows\SysWow64\ProxifierShellExt.dll 2013-05-08 16:36 . 2013-05-08 16:36 -------- d-----w- c:\users\user\AppData\Roaming\Malwarebytes 2013-05-08 16:36 . 2013-05-08 16:36 -------- d-----w- c:\programdata\Malwarebytes 2013-05-08 16:36 . 2013-04-04 09:20 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-05-08 16:36 . 2013-05-08 16:36 -------- d-----w- c:\users\user\AppData\Local\Programs 2013-04-28 06:08 . 2013-04-28 06:08 -------- d-sh--w- c:\users\user\AppData\Local\ms-drivers 2013-04-28 06:07 . 2013-04-28 06:07 -------- d-sh--w- c:\users\user\AppData\Local\icsxml . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-05-23 19:09 . 2011-12-14 12:59 4194304 ----a-w- c:\windows\ServiceProfiles\NetworkService\msmqlog.bin 2013-05-15 12:07 . 2012-04-08 08:52 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-05-15 12:07 . 2011-09-12 16:20 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\program files (x86)\free-downloads.net\tbfree.dll" [2009-12-31 2349080] . [HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{28387537-e3f9-4ed7-860c-11e69af4a8a0}] 2011-01-24 15:45 89008 ----a-w- c:\progra~2\IMESHA~1\MediaBar\ToolBar\imeshdtxmltbpi.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}] 2010-12-09 07:21 3911776 ----a-w- c:\program files (x86)\ConduitEngine\ConduitEngine.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{312f84fb-8970-4fd3-bddb-7012eac4afc9}] 2013-01-19 04:41 707728 ----a-w- c:\progra~2\VIDEOD~2\bar\2.bin\4zbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{474597C5-AB09-49d6-A4D5-2E8D7341384E}] c:\progra~2\IMESHA~1\MediaBar\Datamngr\IEBHO.dll [bU] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{5CB02877-EFBC-4317-B608-9E24B11BAB40}] c:\program files (x86)\tuvaro\tuvaro\1.8.17.1\bh\tuvaro.dll [bU] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{77245F75-3D8C-40CD-8F64-F9AA1388406F}] 2011-01-24 10:24 2670080 ------w- c:\program files (x86)\TheChatPhone Toolbar\tbcore3.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}] 2010-12-09 07:21 3911776 ----a-w- c:\program files (x86)\BitTorrentBar\tbBitT.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}] 2013-05-20 10:02 295832 ----a-w- c:\program files (x86)\Delta\delta\1.8.21.5\bh\delta.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{c547c6c2-561b-4169-a2a5-20ba771ca93b}] 2013-01-19 04:41 62864 ----a-w- c:\program files (x86)\VideoDownloadConverter_4z\bar\2.bin\4zSrcAs.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] 2010-02-04 11:20 1197448 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}] 2009-12-31 06:23 2349080 ----a-w- c:\program files (x86)\free-downloads.net\tbfree.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}] 2013-05-21 22:40 197920 ----a-w- c:\program files (x86)\Yontoo\YontooIEClient.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files (x86)\BitTorrentBar\tbBitT.dll" [2010-12-09 3911776] "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776] "{01193D00-C7F9-4C26-92A2-1CA91F170068}"= "c:\program files (x86)\TheChatPhone Toolbar\tbcore3.dll" [2011-01-24 2670080] "{28387537-e3f9-4ed7-860c-11e69af4a8a0}"= "c:\progra~2\IMESHA~1\MediaBar\ToolBar\imeshdtxmltbpi.dll" [2011-01-24 89008] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448] "{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\program files (x86)\free-downloads.net\tbfree.dll" [2009-12-31 2349080] "{48586425-6bb7-4f51-8dc6-38c88e3ebb58}"= "c:\program files (x86)\VideoDownloadConverter_4z\bar\2.bin\4zbar.dll" [2013-01-19 707728] "{82E1477C-B154-48D3-9891-33D83C26BCD3}"= "c:\program files (x86)\Delta\delta\1.8.21.5\deltaTlbr.dll" [2013-05-20 284056] . [HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}] . [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}] . [HKEY_CLASSES_ROOT\clsid\{01193d00-c7f9-4c26-92a2-1ca91f170068}] [HKEY_CLASSES_ROOT\TBSB02381.TBSB02381.3] [HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}] [HKEY_CLASSES_ROOT\TBSB02381.TBSB02381] . [HKEY_CLASSES_ROOT\clsid\{28387537-e3f9-4ed7-860c-11e69af4a8a0}] . [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] . [HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}] . [HKEY_CLASSES_ROOT\clsid\{48586425-6bb7-4f51-8dc6-38c88e3ebb58}] . [HKEY_CLASSES_ROOT\clsid\{82e1477c-b154-48d3-9891-33d83c26bcd3}] [HKEY_CLASSES_ROOT\delta.deltadskBnd.1] [HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] [HKEY_CLASSES_ROOT\delta.deltadskBnd] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DownloadAccelerator"="c:\program files (x86)\DAP\DAP.EXE" [2011-06-20 2918576] "AlcoholAutomount"="c:\program files (x86)\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe" [2010-08-20 33120] "Akamai NetSession Interface"="c:\users\user\AppData\Local\Akamai\netsession_win.exe" [2013-01-26 4480768] "SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2011-11-23 652048] "Facebook Update"="c:\users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-13 138096] "BitTorrent"="e:\bit torrent\BitTorrent.exe" [2013-01-19 980376] "DAEMON Tools Pro Agent"="e:\devil may cry 4\DAEMON Tools Pro\DTAgent.exe" [2012-04-26 3111744] "Yontoo Desktop"="c:\users\user\AppData\Roaming\Yontoo\YontooDesktop.exe" [2013-05-21 47392] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016] "HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208] "VideoDownloadConverter Search Scope Monitor"="c:\progra~2\VIDEOD~2\bar\2.bin\4zsrchmn.exe" [2013-01-19 42536] "VideoDownloadConverter_4z Browser Plugin Loader"="c:\progra~2\VIDEOD~2\bar\2.bin\4zbrmon.exe" [2013-01-19 30096] . c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Monitor Ink Alerts - HP Deskjet 2510 series.lnk - c:\windows\system32\RunDll32.exe [2009-7-14 45568] OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~3\browse~2\261249~1.132\{c16c1~1\browse~1.dll c:\progra~3\browse~2\261249~1.132\{c16c1~1\browserprotect.dll c:\progra~3\browse~2\261249~1.132\{c16c1~1\browserprotect.dll "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-02-28 161384] R2 WiseBootAssistant;Wise Boot Assistant;c:\program files (x86)\Wise\Wise Care 365\BootTime.exe [2013-04-25 580232] R3 1394hub;1394 Enabled Hub;c:\windows\System32\svchost.exe [2009-07-14 27136] R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2010-10-27 79680] R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2010-12-20 20552] R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x] R3 GGSAFERDriver;GGSAFER Driver;g:\garena\Garena Plus\Room\safedrv.sys [x] R3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe [2009-07-14 27136] R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2010-10-27 125416] R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2009-09-21 16392] R3 WatAdminSvc;WatAdminSvc;c:\windows\system32\Wat\WatAdminSvc.exe [2011-01-17 1255736] S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-06-27 283200] S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136] S2 BrowserProtect;BrowserProtect;c:\programdata\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe [2013-03-22 2787280] S2 MBAMScheduler;MBAMScheduler;g:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376] S2 MBAMService;MBAMService;g:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-14 381248] S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-02-23 2886528] S2 VideoDownloadConverter_4zService;VideoDownloadConverterService;c:\progra~2\VIDEOD~2\bar\2.bin\4zbarsvc.exe [2013-01-19 42504] S2 Yontoo Desktop Updater;Yontoo Desktop Updater;c:\program files (x86)\Yontoo\Y2Desktop.Updater.exe [2013-05-21 23552] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 25928] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-22 347680] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper Akamai REG_MULTI_SZ Akamai iissvcs REG_MULTI_SZ w3svc was apphost REG_MULTI_SZ apphostsvc . Contents of the 'Scheduled Tasks' folder . 2013-05-23 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-08 12:07] . 2013-05-23 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3959381687-140292068-3679446934-1000Core.job - c:\users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-01-13 08:39] . 2013-05-23 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3959381687-140292068-3679446934-1000UA.job - c:\users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-01-13 08:39] . 2013-05-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3959381687-140292068-3679446934-1000Core.job - c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-19 06:52] . 2013-05-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3959381687-140292068-3679446934-1000UA.job - c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-19 06:52] . 2013-05-23 c:\windows\Tasks\Wise Care 365.job - c:\program files (x86)\Wise\Wise Care 365\WiseTray.exe [2013-05-21 09:27] . 2013-05-21 c:\windows\Tasks\Wise Turbo Checker.job - c:\program files (x86)\Wise\Wise Care 365\WiseTurbo.exe [2013-05-21 07:34] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}] 2011-03-24 06:46 398000 ----a-w- c:\program files (x86)\DAP\DAPIELoader64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-19 827392] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = about:blank mStart Page = hxxp://www.link2india.net?hp=IN-1000-23022013162126 mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local> IE: &Clean Traces - c:\program files (x86)\DAP\Privacy Package\dapcleanerie.htm IE: &Download with &DAP - c:\program files (x86)\DAP\dapextie.htm IE: Download &all with DAP - c:\program files (x86)\DAP\dapextie2.htm IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.1 Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~2\DAP\dapie.dll Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~2\DAP\dapie.dll . - - - - ORPHANS REMOVED - - - - . Toolbar-10 - (no file) Wow6432Node-HKLM-Run-<NO NAME> - (no file) WebBrowser-{88C7F2AA-F93F-432C-8F0E-B7D85967A527} - (no file) WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file) WebBrowser-{01193D00-C7F9-4C26-92A2-1CA91F170068} - (no file) AddRemove-Proxifier_is1 - g:\proxy\Proxifier\unins000.exe AddRemove-{C3F3165C-74D3-6FDB-3274-14FDA8698CFA} - c:\programdata\Browse2save\uninstall.exe . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai] "ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_ca0e279.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\MySQL] "ImagePath"="\"f:\program files (x86)\MySQL\MySQL Server 5.1\bin\mysqld\" --defaults-file=\"f:\program files (x86)\MySQL\MySQL Server 5.1\my.ini\" MySQL" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-3959381687-140292068-3679446934-1000_Classes\Wow6432Node\CLSID\{4c0f9d35-34f2-4bfb-8db6-314360861751}] @Denied: (Full) (Everyone) @Allowed: (Read) (RestrictedCode) "Model"=dword:0000006b "Therad"=dword:0000001e "MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26, 38,95,44,c3,4d,9e,47,61,a7,8f,c3,a2,2b,82,39,31,c7,df,50,a0,80,c8,d6,8b,51,\ . [HKEY_USERS\S-1-5-21-3959381687-140292068-3679446934-1000_Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}] @Denied: (Full) (Everyone) @Allowed: (Read) (RestrictedCode) "scansk"=hex(0):68,93,80,bf,dd,a0,f2,6a,98,ee,b7,97,1a,c2,37,4a,18,51,5f,42,94, 0c,a8,a9,e0,bc,29,18,af,f4,1e,a2,cf,50,9a,08,9e,23,60,a0,00,00,00,00,00,00,\ . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . f:\program files (x86)\MySQL\MySQL Server 5.1\bin\mysqld.exe c:\program files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe g:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe e:\devil may cry 4\DAEMON Tools Pro\DTShellHlp.exe c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\datamngrUI.exe c:\program files (x86)\VideoDownloadConverter_4z\bar\2.bin\4zbrmon.exe c:\windows\SysWOW64\mdm.exe c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe . ************************************************************************** . Completion time: 2013-05-24 00:44:45 - machine was rebooted ComboFix-quarantined-files.txt 2013-05-23 19:14 ComboFix2.txt 2013-05-23 07:10 . Pre-Run: 18,439,319,552 bytes free Post-Run: 18,161,930,240 bytes free . - - End Of File - - FF2890C494CFD6140147C9C3DC189BD0
  2. TDSSKiller.2.8.17.0_23.05.2013_11.29.39_log.txt
  3. combofix.txt - ComboFix 13-05-22.01 - user 05/23/2013 12:29:30.1.1 - x64 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.1918.1109 [GMT 5.5:30] Running from: c:\users\user\Desktop\ComboFix.exe SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\Browse2save c:\programdata\Browse2save\5128af1101074.tlb c:\programdata\Browse2save\data\Browse2save.dat c:\programdata\Browse2save\settings.ini c:\programdata\Browse2save\uninstall.exe c:\programdata\Microsoft\Windows\Start Menu\Programs\Browse2save c:\programdata\Microsoft\Windows\Start Menu\Programs\Browse2save\Browse2save.lnk c:\programdata\Microsoft\Windows\Start Menu\Programs\Browse2save\Uninstall.lnk c:\users\user\123.jpg c:\users\user\AppData\Roaming\7cf6r.exe c:\users\user\AppData\Roaming\Adobe140.exe c:\users\user\AppData\Roaming\Adobe331.exe c:\users\user\AppData\Roaming\Adobe629.exe c:\users\user\AppData\Roaming\Adobe688.exe c:\users\user\AppData\Roaming\Adobe814.exe c:\users\user\AppData\Roaming\D2AEB11IML.exe c:\users\user\AppData\Roaming\jqi4j.exe c:\windows\msvcr71.dll c:\windows\system\VI30AUT.DLL c:\windows\SysWow64\networkdlllsp.dll G:\setup.exe . . ((((((((((((((((((((((((( Files Created from 2013-04-23 to 2013-05-23 ))))))))))))))))))))))))))))))) . . 2013-05-23 06:54 . 2013-05-23 06:54 -------- d-----w- c:\windows\SysWow64\searchplugins 2013-05-23 06:54 . 2013-05-23 06:54 -------- d-----w- c:\windows\SysWow64\Extensions 2013-05-23 06:53 . 2013-05-23 06:53 -------- d-----w- c:\programdata\BrowserProtect 2013-05-23 06:53 . 2013-05-23 06:53 -------- d-----w- c:\users\user\AppData\Roaming\BabSolution 2013-05-23 06:53 . 2013-05-23 06:53 -------- d-----w- c:\users\user\AppData\Roaming\Yontoo 2013-05-23 06:53 . 2013-05-23 06:53 -------- d-----w- c:\program files (x86)\Yontoo 2013-05-23 06:53 . 2013-05-23 06:53 -------- d-----w- c:\users\user\AppData\Roaming\Delta 2013-05-23 06:53 . 2013-05-23 06:53 -------- d-----w- c:\program files (x86)\Delta 2013-05-23 06:52 . 2013-05-23 06:53 -------- d-----w- c:\programdata\Tarma Installer 2013-05-23 06:52 . 2013-05-23 06:52 -------- d-----w- c:\users\user\AppData\Roaming\Babylon 2013-05-23 06:52 . 2013-05-23 06:52 -------- d-----w- c:\programdata\Babylon 2013-05-23 06:51 . 2013-05-23 06:51 -------- d-----w- c:\users\user\AppData\Roaming\DSite 2013-05-21 19:53 . 2013-05-22 08:08 -------- d-----w- c:\users\user\AppData\Roaming\Wise Game Booster 2013-05-21 19:53 . 2013-05-21 19:53 41 ----a-w- C:\user.js 2013-05-21 19:53 . 2013-05-21 19:53 -------- d-----w- c:\program files (x86)\tuvaro 2013-05-21 19:53 . 2013-05-21 19:53 -------- d-----w- c:\users\user\AppData\Roaming\tuvaro 2013-05-21 19:08 . 2013-05-23 06:29 -------- d-----w- c:\users\user\AppData\Roaming\Wise Care 365 2013-05-21 19:07 . 2013-05-21 19:53 -------- d-----w- c:\program files (x86)\Wise 2013-05-21 18:28 . 2013-05-22 16:51 -------- d-----w- c:\users\user\AppData\Roaming\WinDefenders 2013-05-21 13:25 . 2013-05-21 13:26 -------- d-----w- c:\users\user\AppData\Roaming\FBpKz 2013-05-20 19:10 . 2013-05-20 19:10 -------- d-sh--w- c:\users\user\AppData\Roaming\msnmsg 2013-05-14 19:04 . 2013-05-14 19:04 -------- d-----w- c:\program files (x86)\Common Files\Skype 2013-05-09 10:22 . 2013-05-09 10:22 -------- d-----w- c:\users\user\AppData\Roaming\Proxifier 2013-05-09 10:19 . 2012-11-22 13:27 76392 ----a-w- c:\windows\system32\PrxerDrv.dll 2013-05-09 10:19 . 2012-11-22 13:27 57448 ----a-w- c:\windows\system32\PrxerNsp.dll 2013-05-09 10:19 . 2012-11-22 13:27 103016 ----a-w- c:\windows\system32\ProxifierShellExt.dll 2013-05-09 10:19 . 2012-11-22 13:27 70248 ----a-w- c:\windows\SysWow64\PrxerDrv.dll 2013-05-09 10:19 . 2012-11-22 13:27 56424 ----a-w- c:\windows\SysWow64\PrxerNsp.dll 2013-05-09 10:19 . 1997-06-06 10:22 11264 ----a-w- c:\windows\SysWow64\SPORDER.DLL 2013-05-09 10:19 . 2012-11-22 13:27 91240 ----a-w- c:\windows\SysWow64\ProxifierShellExt.dll 2013-05-08 16:36 . 2013-05-08 16:36 -------- d-----w- c:\users\user\AppData\Roaming\Malwarebytes 2013-05-08 16:36 . 2013-05-08 16:36 -------- d-----w- c:\programdata\Malwarebytes 2013-05-08 16:36 . 2013-04-04 09:20 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-05-08 16:36 . 2013-05-08 16:36 -------- d-----w- c:\users\user\AppData\Local\Programs 2013-04-28 06:08 . 2013-04-28 06:08 -------- d-sh--w- c:\users\user\AppData\Local\ms-drivers 2013-04-28 06:07 . 2013-04-28 06:07 -------- d-sh--w- c:\users\user\AppData\Local\icsxml . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-05-23 06:41 . 2013-03-11 04:37 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FFC9F587-80C4-4A73-8ABB-26A1A2AEFDE1}\offreg.dll 2013-05-23 06:29 . 2011-12-14 12:59 4194304 ----a-w- c:\windows\ServiceProfiles\NetworkService\msmqlog.bin 2013-05-15 12:07 . 2012-04-08 08:52 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-05-15 12:07 . 2011-09-12 16:20 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\program files (x86)\free-downloads.net\tbfree.dll" [2009-12-31 2349080] . [HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{28387537-e3f9-4ed7-860c-11e69af4a8a0}] 2011-01-24 15:45 89008 ----a-w- c:\progra~2\IMESHA~1\MediaBar\ToolBar\imeshdtxmltbpi.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}] 2010-12-09 07:21 3911776 ----a-w- c:\program files (x86)\ConduitEngine\ConduitEngine.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{312f84fb-8970-4fd3-bddb-7012eac4afc9}] 2013-01-19 04:41 707728 ----a-w- c:\progra~2\VIDEOD~2\bar\2.bin\4zbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{77245F75-3D8C-40CD-8F64-F9AA1388406F}] 2011-01-24 10:24 2670080 ------w- c:\program files (x86)\TheChatPhone Toolbar\tbcore3.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}] 2010-12-09 07:21 3911776 ----a-w- c:\program files (x86)\BitTorrentBar\tbBitT.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}] 2013-05-20 10:02 295832 ----a-w- c:\program files (x86)\Delta\delta\1.8.21.5\bh\delta.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{c547c6c2-561b-4169-a2a5-20ba771ca93b}] 2013-01-19 04:41 62864 ----a-w- c:\program files (x86)\VideoDownloadConverter_4z\bar\2.bin\4zSrcAs.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] 2010-02-04 11:20 1197448 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}] 2009-12-31 06:23 2349080 ----a-w- c:\program files (x86)\free-downloads.net\tbfree.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}] 2013-05-21 22:40 197920 ----a-w- c:\program files (x86)\Yontoo\YontooIEClient.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files (x86)\BitTorrentBar\tbBitT.dll" [2010-12-09 3911776] "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776] "{01193D00-C7F9-4C26-92A2-1CA91F170068}"= "c:\program files (x86)\TheChatPhone Toolbar\tbcore3.dll" [2011-01-24 2670080] "{28387537-e3f9-4ed7-860c-11e69af4a8a0}"= "c:\progra~2\IMESHA~1\MediaBar\ToolBar\imeshdtxmltbpi.dll" [2011-01-24 89008] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448] "{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\program files (x86)\free-downloads.net\tbfree.dll" [2009-12-31 2349080] "{48586425-6bb7-4f51-8dc6-38c88e3ebb58}"= "c:\program files (x86)\VideoDownloadConverter_4z\bar\2.bin\4zbar.dll" [2013-01-19 707728] "{82E1477C-B154-48D3-9891-33D83C26BCD3}"= "c:\program files (x86)\Delta\delta\1.8.21.5\deltaTlbr.dll" [2013-05-20 284056] . [HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}] . [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}] . [HKEY_CLASSES_ROOT\clsid\{01193d00-c7f9-4c26-92a2-1ca91f170068}] [HKEY_CLASSES_ROOT\TBSB02381.TBSB02381.3] [HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}] [HKEY_CLASSES_ROOT\TBSB02381.TBSB02381] . [HKEY_CLASSES_ROOT\clsid\{28387537-e3f9-4ed7-860c-11e69af4a8a0}] . [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] . [HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}] . [HKEY_CLASSES_ROOT\clsid\{48586425-6bb7-4f51-8dc6-38c88e3ebb58}] . [HKEY_CLASSES_ROOT\clsid\{82e1477c-b154-48d3-9891-33d83c26bcd3}] [HKEY_CLASSES_ROOT\delta.deltadskBnd.1] [HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] [HKEY_CLASSES_ROOT\delta.deltadskBnd] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DownloadAccelerator"="c:\program files (x86)\DAP\DAP.EXE" [2011-06-20 2918576] "AlcoholAutomount"="c:\program files (x86)\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe" [2010-08-20 33120] "Akamai NetSession Interface"="c:\users\user\AppData\Local\Akamai\netsession_win.exe" [2013-01-26 4480768] "SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2011-11-23 652048] "Facebook Update"="c:\users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-13 138096] "BitTorrent"="e:\bit torrent\BitTorrent.exe" [2013-01-19 980376] "DAEMON Tools Pro Agent"="e:\devil may cry 4\DAEMON Tools Pro\DTAgent.exe" [2012-04-26 3111744] "Yontoo Desktop"="c:\users\user\AppData\Roaming\Yontoo\YontooDesktop.exe" [2013-05-21 47392] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016] "HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208] "VideoDownloadConverter Search Scope Monitor"="c:\progra~2\VIDEOD~2\bar\2.bin\4zsrchmn.exe" [2013-01-19 42536] "VideoDownloadConverter_4z Browser Plugin Loader"="c:\progra~2\VIDEOD~2\bar\2.bin\4zbrmon.exe" [2013-01-19 30096] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce] "Del1339986"="del" [X] "Z1"="g:\mbar\mbar\mbar.exe" [2013-03-22 1398856] . c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Monitor Ink Alerts - HP Deskjet 2510 series.lnk - c:\windows\system32\RunDll32.exe [2009-7-14 45568] OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~3\browse~2\261249~1.132\{c16c1~1\browse~1.dll c:\progra~3\browse~2\261249~1.132\{c16c1~1\browserprotect.dll "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" . R0 cdafb340281089c5;syshost.exe;c:\windows\\SystemRoot\System32\Drivers\cdafb340281089c5.sys [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 Htsysm;Htsysm;c:\windows\system32\HtsysmNT.sys [x] R2 MBAMScheduler;MBAMScheduler;g:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376] R2 MBAMService;MBAMService;g:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-02-28 161384] R2 WiseBootAssistant;Wise Boot Assistant;c:\program files (x86)\Wise\Wise Care 365\BootTime.exe [2013-04-25 580232] R3 1394hub;1394 Enabled Hub;c:\windows\System32\svchost.exe [2009-07-14 27136] R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2010-10-27 79680] R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2010-12-20 20552] R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x] R3 GGSAFERDriver;GGSAFER Driver;g:\garena\Garena Plus\Room\safedrv.sys [x] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 25928] R3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe [2009-07-14 27136] R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2010-10-27 125416] R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2009-09-21 16392] R3 WatAdminSvc;WatAdminSvc;c:\windows\system32\Wat\WatAdminSvc.exe [2011-01-17 1255736] S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-06-27 283200] S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136] S2 BrowserProtect;BrowserProtect;c:\programdata\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe [2013-03-22 2787280] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-14 381248] S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-02-23 2886528] S2 VideoDownloadConverter_4zService;VideoDownloadConverterService;c:\progra~2\VIDEOD~2\bar\2.bin\4zbarsvc.exe [2013-01-19 42504] S2 Yontoo Desktop Updater;Yontoo Desktop Updater;c:\program files (x86)\Yontoo\Y2Desktop.Updater.exe [2013-05-21 23552] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-22 347680] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper Akamai REG_MULTI_SZ Akamai iissvcs REG_MULTI_SZ w3svc was apphost REG_MULTI_SZ apphostsvc . Contents of the 'Scheduled Tasks' folder . 2013-05-23 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-08 12:07] . 2013-05-22 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3959381687-140292068-3679446934-1000Core.job - c:\users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-01-13 08:39] . 2013-05-23 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3959381687-140292068-3679446934-1000UA.job - c:\users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-01-13 08:39] . 2013-05-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3959381687-140292068-3679446934-1000Core.job - c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-19 06:52] . 2013-05-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3959381687-140292068-3679446934-1000UA.job - c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-19 06:52] . 2013-05-23 c:\windows\Tasks\Wise Care 365.job - c:\program files (x86)\Wise\Wise Care 365\WiseTray.exe [2013-05-21 09:27] . 2013-05-21 c:\windows\Tasks\Wise Turbo Checker.job - c:\program files (x86)\Wise\Wise Care 365\WiseTurbo.exe [2013-05-21 07:34] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{474597C5-AB09-49d6-A4D5-2E8D7341384E}] 2011-02-08 15:47 1057160 ----a-w- c:\progra~2\IMESHA~1\MediaBar\Datamngr\x64\IEBHO.dll . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}] 2011-03-24 06:46 398000 ----a-w- c:\program files (x86)\DAP\DAPIELoader64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-19 827392] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www1.delta-search.com/?affID=119357&tt=gc_&babsrc=HP_ss&mntrId=1ED01C6F65524E48 mStart Page = hxxp://www.link2india.net?hp=IN-1000-23022013162126 mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local> IE: &Clean Traces - c:\program files (x86)\DAP\Privacy Package\dapcleanerie.htm IE: &Download with &DAP - c:\program files (x86)\DAP\dapextie.htm IE: Download &all with DAP - c:\program files (x86)\DAP\dapextie2.htm IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.1 Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~2\DAP\dapie.dll Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~2\DAP\dapie.dll . - - - - ORPHANS REMOVED - - - - . BHO-{474597C5-AB09-49d6-A4D5-2E8D7341384E} - c:\progra~2\IMESHA~1\MediaBar\Datamngr\IEBHO.dll BHO-{5CB02877-EFBC-4317-B608-9E24B11BAB40} - c:\program files (x86)\tuvaro\tuvaro\1.8.17.1\bh\tuvaro.dll Toolbar-10 - (no file) Wow6432Node-HKCU-Run-FaUpdate - c:\users\user\AppData\Roaming\Adobe140.exe Wow6432Node-HKCU-Run-Windows Live Messenger - c:\users\user\AppData\Roaming\winni.exe Wow6432Node-HKLM-Run-wmime - c:\program files (x86)\HEM\wmime.exe Wow6432Node-HKLM-Run-<NO NAME> - (no file) Toolbar-10 - (no file) WebBrowser-{88C7F2AA-F93F-432C-8F0E-B7D85967A527} - (no file) WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file) WebBrowser-{01193D00-C7F9-4C26-92A2-1CA91F170068} - (no file) AddRemove-Proxifier_is1 - g:\proxy\Proxifier\unins000.exe AddRemove-{C3F3165C-74D3-6FDB-3274-14FDA8698CFA} - c:\programdata\Browse2save\uninstall.exe AddRemove-SinAstrea Ragnarok Online Lite-Installer - g:\sin\Uninstal.exe . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai] "ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_ca0e279.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\MySQL] "ImagePath"="\"f:\program files (x86)\MySQL\MySQL Server 5.1\bin\mysqld\" --defaults-file=\"f:\program files (x86)\MySQL\MySQL Server 5.1\my.ini\" MySQL" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-3959381687-140292068-3679446934-1000_Classes\Wow6432Node\CLSID\{4c0f9d35-34f2-4bfb-8db6-314360861751}] @Denied: (Full) (Everyone) @Allowed: (Read) (RestrictedCode) "Model"=dword:0000006b "Therad"=dword:0000001e "MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26, 38,95,44,c3,4d,9e,47,61,a7,8f,c3,a2,2b,82,39,31,c7,df,50,a0,80,c8,d6,8b,51,\ . [HKEY_USERS\S-1-5-21-3959381687-140292068-3679446934-1000_Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}] @Denied: (Full) (Everyone) @Allowed: (Read) (RestrictedCode) "scansk"=hex(0):68,93,80,bf,dd,a0,f2,6a,98,ee,b7,97,1a,c2,37,4a,18,51,5f,42,94, 0c,a8,a9,e0,bc,29,18,af,f4,1e,a2,cf,50,9a,08,9e,23,60,a0,00,00,00,00,00,00,\ . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-05-23 12:40:31 ComboFix-quarantined-files.txt 2013-05-23 07:10 . Pre-Run: 18,606,780,416 bytes free Post-Run: 18,495,807,488 bytes free . - - End Of File - - DD68FB85D5E8B6B3A86F151356A540C6 Checkup.txt - Results of screen317's Security Check version 0.99.64 Windows 7 x64 (UAC is enabled) Out of date service pack!! Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.75.0.1300 Java™ 6 Update 31 Java version out of Date! Google Chrome 26.0.1410.43 Google Chrome 26.0.1410.64 ````````Process Check: objlist.exe by Laurent```````` `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0% ````````````````````End of Log``````````````````````
  4. Heres all the text files u wanted me to post sir! And i believe most of the viruses and malwares have been deleted! But i cant be sure yet till i run the pc for some more days! Ill be updating the status of my pc mbar log.txt - Malwarebytes Anti-Rootkit BETA 1.05.0.1001 www.malwarebytes.org Database version: v2013.05.23.03 Windows 7 x64 NTFS Internet Explorer 8.0.7600.16385 user :: USER-PC [administrator] 5/23/2013 11:55:34 AM mbar-log-2013-05-23 (11-55-34).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 30689 Time elapsed: 13 minute(s), 22 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 3 HKCU\SOFTWARE\CLASSES\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9} (Hijack.Trojan.Siredef.C) -> Delete on reboot. HKCU\SOFTWARE\CLASSES\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9}\INPROCSERVER32 (Trojan.Zaccess) -> Delete on reboot. HKCU\SOFTWARE\VB AND VBA PROGRAM SETTINGS\SrvID (Malware.Trace) -> Delete on reboot. Registry Values Detected: 1 HKCU\SOFTWARE\CLASSES\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9}\INPROCSERVER32| (Trojan.Zaccess) -> Data: C:\$Recycle.Bin\S-1-5-21-3959381687-140292068-3679446934-1000\$b7c766c47caaad738dd33da63a0e3580\n. -> Delete on reboot. Registry Data Items Detected: 1 HKLM\SOFTWARE\CLASSES\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\INPROCSERVER32| (Trojan.0Access) -> Bad: (C:\$Recycle.Bin\S-1-5-18\$b7c766c47caaad738dd33da63a0e3580\n.) Good: (fastprox.dll) -> Delete on reboot. Folders Detected: 6 c:\$Recycle.Bin\S-1-5-18\$b7c766c47caaad738dd33da63a0e3580\U (Trojan.Siredef.C) -> Delete on reboot. c:\$Recycle.Bin\S-1-5-21-3959381687-140292068-3679446934-1000\$b7c766c47caaad738dd33da63a0e3580\U (Trojan.Siredef.C) -> Delete on reboot. c:\$Recycle.Bin\S-1-5-18\$b7c766c47caaad738dd33da63a0e3580\L (Trojan.Siredef.C) -> Delete on reboot. c:\$Recycle.Bin\S-1-5-21-3959381687-140292068-3679446934-1000\$b7c766c47caaad738dd33da63a0e3580\L (Trojan.Siredef.C) -> Delete on reboot. c:\$Recycle.Bin\S-1-5-18\$b7c766c47caaad738dd33da63a0e3580 (Trojan.Siredef.C) -> Delete on reboot. c:\$Recycle.Bin\S-1-5-21-3959381687-140292068-3679446934-1000\$b7c766c47caaad738dd33da63a0e3580 (Trojan.Siredef.C) -> Delete on reboot. Files Detected: 3 c:\$Recycle.Bin\S-1-5-18\$b7c766c47caaad738dd33da63a0e3580\@ (Trojan.Siredef.C) -> Delete on reboot. c:\$Recycle.Bin\S-1-5-21-3959381687-140292068-3679446934-1000\$b7c766c47caaad738dd33da63a0e3580\@ (Trojan.Siredef.C) -> Delete on reboot. c:\Users\user\AppData\Roaming\Bshades (Stolen.Data) -> Delete on reboot. (end) System log.txt - --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.05.0.1001 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7600 Windows 7 x64 Account is Administrative Internet Explorer version: 8.0.7600.16385 Java version: 1.6.0_31 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED, F:\ DRIVE_FIXED, G:\ DRIVE_FIXED CPU speed: 2.812000 GHz Memory total: 2010701824, free: 1126281216 ------------ Kernel report ------------ 05/23/2013 11:40:16 ------------ Loaded modules ----------- \SystemRoot\system32\ntoskrnl.exe \SystemRoot\system32\hal.dll \SystemRoot\system32\kdcom.dll \SystemRoot\system32\mcupdate_AuthenticAMD.dll \SystemRoot\system32\PSHED.dll \SystemRoot\system32\CLFS.SYS \SystemRoot\system32\CI.dll \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\system32\DRIVERS\vdrvroot.sys \SystemRoot\system32\DRIVERS\ACPI.sys \SystemRoot\system32\DRIVERS\WMILIB.SYS \SystemRoot\system32\DRIVERS\pci.sys \SystemRoot\System32\Drivers\sptd.sys \SystemRoot\system32\DRIVERS\msisadrv.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\system32\DRIVERS\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\system32\DRIVERS\pciide.sys \SystemRoot\system32\DRIVERS\PCIIDEX.SYS \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\system32\DRIVERS\atapi.sys \SystemRoot\system32\DRIVERS\ataport.SYS \SystemRoot\system32\DRIVERS\amdxata.sys \SystemRoot\system32\drivers\fltmgr.sys \SystemRoot\system32\drivers\fileinfo.sys \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\System32\Drivers\msrpc.sys \SystemRoot\System32\Drivers\ksecdd.sys \SystemRoot\System32\Drivers\cng.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\system32\DRIVERS\vmstorfl.sys \SystemRoot\system32\DRIVERS\volsnap.sys \SystemRoot\System32\Drivers\spldr.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\System32\drivers\hwpolicy.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\system32\DRIVERS\disk.sys \SystemRoot\system32\DRIVERS\CLASSPNP.SYS \SystemRoot\system32\DRIVERS\dtsoftbus01.sys \SystemRoot\system32\DRIVERS\cdrom.sys \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\drivers\VIDEOPRT.SYS \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\system32\drivers\rdpencdd.sys \SystemRoot\system32\drivers\rdprefmp.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\system32\drivers\afd.sys \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\DRIVERS\wfplwf.sys \SystemRoot\system32\DRIVERS\pacer.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\serial.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\system32\DRIVERS\termdd.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\system32\DRIVERS\mssmbios.sys \SystemRoot\System32\drivers\discache.sys \SystemRoot\system32\drivers\csc.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\system32\DRIVERS\blbdrive.sys \SystemRoot\system32\DRIVERS\tunnel.sys \SystemRoot\system32\DRIVERS\amdppm.sys \SystemRoot\system32\DRIVERS\atikmdag.sys \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\dxgmms1.sys \SystemRoot\system32\DRIVERS\Rt64win7.sys \SystemRoot\system32\DRIVERS\usbohci.sys \SystemRoot\system32\DRIVERS\USBPORT.SYS \SystemRoot\system32\DRIVERS\usbehci.sys \SystemRoot\system32\DRIVERS\HDAudBus.sys \SystemRoot\system32\DRIVERS\fdc.sys \SystemRoot\system32\DRIVERS\serenum.sys \SystemRoot\System32\Drivers\aekiz92j.SYS \SystemRoot\System32\Drivers\SCSIPORT.SYS \SystemRoot\System32\Drivers\aw3cmn5c.SYS \SystemRoot\system32\DRIVERS\CompositeBus.sys \SystemRoot\system32\DRIVERS\AgileVpn.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\rassstp.sys \SystemRoot\system32\DRIVERS\rdpbus.sys \SystemRoot\system32\DRIVERS\kbdclass.sys \SystemRoot\system32\DRIVERS\mouclass.sys \SystemRoot\system32\DRIVERS\swenum.sys \SystemRoot\system32\DRIVERS\ks.sys \SystemRoot\system32\DRIVERS\umbus.sys \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\system32\DRIVERS\flpydisk.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\drivers\HdAudio.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\system32\drivers\ksthunk.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\system32\DRIVERS\monitor.sys \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\Drivers\dump_dumpata.sys \SystemRoot\System32\Drivers\dump_atapi.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\system32\DRIVERS\hidusb.sys \SystemRoot\system32\DRIVERS\HIDCLASS.SYS \SystemRoot\system32\DRIVERS\HIDPARSE.SYS \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\system32\DRIVERS\usbccgp.sys \SystemRoot\system32\DRIVERS\mouhid.sys \SystemRoot\system32\DRIVERS\kbdhid.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\System32\cdd.dll \SystemRoot\system32\drivers\luafv.sys \??\C:\Windows\system32\drivers\mbam.sys \SystemRoot\system32\drivers\WudfPf.sys \??\C:\Program Files\Sandboxie\SbieDrv.sys \SystemRoot\system32\DRIVERS\lltdio.sys \SystemRoot\system32\DRIVERS\rspndr.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \SystemRoot\system32\drivers\mqac.sys \SystemRoot\system32\drivers\peauth.sys \SystemRoot\System32\Drivers\secdrv.SYS \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\System32\drivers\tcpipreg.sys \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\System32\DRIVERS\srv.sys \SystemRoot\system32\drivers\spsys.sys \SystemRoot\system32\DRIVERS\cdfs.sys \??\C:\Windows\system32\drivers\mbamchameleon.sys \??\C:\Windows\system32\drivers\mbamswissarmy.sys \Windows\System32\ntdll.dll \Windows\System32\smss.exe \Windows\System32\apisetschema.dll \Windows\System32\autochk.exe \Windows\System32\iertutil.dll \Windows\System32\nsi.dll \Windows\System32\comdlg32.dll \Windows\System32\Wldap32.dll \Windows\System32\imagehlp.dll \Windows\System32\rpcrt4.dll \Windows\System32\normaliz.dll \Windows\System32\lpk.dll \Windows\System32\imm32.dll \Windows\System32\ole32.dll \Windows\System32\wininet.dll \Windows\System32\psapi.dll \Windows\System32\shell32.dll \Windows\System32\usp10.dll \Windows\System32\oleaut32.dll \Windows\System32\user32.dll \Windows\System32\ws2_32.dll \Windows\System32\clbcatq.dll \Windows\System32\advapi32.dll \Windows\System32\sechost.dll \Windows\System32\setupapi.dll \Windows\System32\gdi32.dll \Windows\System32\msvcrt.dll \Windows\System32\msctf.dll \Windows\System32\kernel32.dll \Windows\System32\shlwapi.dll \Windows\System32\difxapi.dll \Windows\System32\urlmon.dll \Windows\System32\comctl32.dll \Windows\System32\crypt32.dll \Windows\System32\wintrust.dll \Windows\System32\cfgmgr32.dll \Windows\System32\devobj.dll ----------- End ----------- <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xfffffa800262c060 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IdeDeviceP0T1L0-7\ Lower Device Object: 0xfffffa8002523060 Lower Device Driver Name: \Driver\atapi\ Driver name found: atapi Initialization returned 0x0 Port sub-driver loaded: \??\C:\Windows\System32\drivers\ataport.sys (0x0) Load Function returned 0x0 Downloaded database version: v2013.05.23.03 Downloaded database version: v2013.05.22.01 Initializing... Done! <<<2>>> Device number: 0, partition: 2 Physical Sector Size: 512 Drive: 0, DevicePointer: 0xfffffa800262c060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa800262cb20, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa800262c060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8002542520, DeviceName: Unknown, DriverName: \Driver\ACPI\ DevicePointer: 0xfffffa8002523060, DeviceName: \Device\Ide\IdeDeviceP0T1L0-7\, DriverName: \Driver\atapi\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ Upper DeviceData: 0xfffff8a00a2d65b0, 0xfffffa800262c060, 0xfffffa80018e5790 Lower DeviceData: 0xfffff8a009ea1560, 0xfffffa8002523060, 0xfffffa800196f880 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning directory: C:\Windows\system32\drivers... <<<2>>> Device number: 0, partition: 2 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Done! Drive 0 Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: E43EF036 Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 2048 Numsec = 204800 Partition file system is NTFS Partition is bootable Partition 1 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 206848 Numsec = 163633152 Partition 2 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 163840000 Numsec = 270974976 Partition 3 type is Extended with LBA (0xf) Partition is NOT ACTIVE. Partition starts at LBA: 434814976 Numsec = 541956096 Disk Size: 500107862016 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)... Done! Performing system, memory and registry scan... Infected: c:\$Recycle.Bin\S-1-5-18\$b7c766c47caaad738dd33da63a0e3580\@ --> [Trojan.Siredef.C] Infected: c:\$Recycle.Bin\S-1-5-21-3959381687-140292068-3679446934-1000\$b7c766c47caaad738dd33da63a0e3580\@ --> [Trojan.Siredef.C] Infected: c:\Users\user\AppData\Roaming\Bshades --> [stolen.Data] Infected: HKCU\SOFTWARE\CLASSES\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9} --> [Hijack.Trojan.Siredef.C] Infected: HKCU\SOFTWARE\CLASSES\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9}\INPROCSERVER32| --> [Trojan.Zaccess] Infected: HKCU\SOFTWARE\CLASSES\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9}\INPROCSERVER32 --> [Trojan.Zaccess] Infected: HKCU\SOFTWARE\VB AND VBA PROGRAM SETTINGS\SrvID --> [Malware.Trace] Infected: c:\$Recycle.Bin\S-1-5-18\$b7c766c47caaad738dd33da63a0e3580\U --> [Trojan.Siredef.C] Infected: c:\$Recycle.Bin\S-1-5-21-3959381687-140292068-3679446934-1000\$b7c766c47caaad738dd33da63a0e3580\U --> [Trojan.Siredef.C] Infected: c:\$Recycle.Bin\S-1-5-18\$b7c766c47caaad738dd33da63a0e3580\L --> [Trojan.Siredef.C] Infected: c:\$Recycle.Bin\S-1-5-21-3959381687-140292068-3679446934-1000\$b7c766c47caaad738dd33da63a0e3580\L --> [Trojan.Siredef.C] Infected: c:\$Recycle.Bin\S-1-5-18\$b7c766c47caaad738dd33da63a0e3580 --> [Trojan.Siredef.C] Infected: c:\$Recycle.Bin\S-1-5-21-3959381687-140292068-3679446934-1000\$b7c766c47caaad738dd33da63a0e3580 --> [Trojan.Siredef.C] Infected: HKLM\SOFTWARE\CLASSES\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\INPROCSERVER32| --> [Trojan.0Access] Done! Scan finished Creating System Restore point... Scheduling clean up... <<<2>>> Device number: 0, partition: 2 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Executing an action fixdamage.exe... Success! Removal scheduling successful. System shutdown needed. System shutdown occurred ======================================= --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.05.0.1001 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7600 Windows 7 x64 Account is Administrative Internet Explorer version: 8.0.7600.16385 Java version: 1.6.0_31 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED, F:\ DRIVE_FIXED, G:\ DRIVE_FIXED CPU speed: 2.812000 GHz Memory total: 2010701824, free: 957759488 Removal queue found; removal started Removing c:\$Recycle.Bin\S-1-5-18\$b7c766c47caaad738dd33da63a0e3580\@... Removing c:\$Recycle.Bin\S-1-5-21-3959381687-140292068-3679446934-1000\$b7c766c47caaad738dd33da63a0e3580\@... Removing c:\Users\user\AppData\Roaming\Bshades... Removing c:\$Recycle.Bin\S-1-5-18\$b7c766c47caaad738dd33da63a0e3580\U... Removing c:\$Recycle.Bin\S-1-5-21-3959381687-140292068-3679446934-1000\$b7c766c47caaad738dd33da63a0e3580\U... Removing c:\$Recycle.Bin\S-1-5-18\$b7c766c47caaad738dd33da63a0e3580\L... Removing c:\$Recycle.Bin\S-1-5-21-3959381687-140292068-3679446934-1000\$b7c766c47caaad738dd33da63a0e3580\L... Removing c:\$Recycle.Bin\S-1-5-18\$b7c766c47caaad738dd33da63a0e3580... Removing c:\$Recycle.Bin\S-1-5-21-3959381687-140292068-3679446934-1000\$b7c766c47caaad738dd33da63a0e3580... Removal finished ======================================= --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.05.0.1001 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7600 Windows 7 x64 Account is Administrative Internet Explorer version: 8.0.7600.16385 Java version: 1.6.0_31 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED, F:\ DRIVE_FIXED, G:\ DRIVE_FIXED CPU speed: 2.812000 GHz Memory total: 2010701824, free: 1103736832 ------------ Kernel report ------------ 05/23/2013 12:01:06 ------------ Loaded modules ----------- \SystemRoot\system32\ntoskrnl.exe \SystemRoot\system32\hal.dll \SystemRoot\system32\kdcom.dll \SystemRoot\system32\mcupdate_AuthenticAMD.dll \SystemRoot\system32\PSHED.dll \SystemRoot\system32\CLFS.SYS \SystemRoot\system32\CI.dll \SystemRoot\system32\drivers\CLASSPNP.SYS \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\system32\DRIVERS\vdrvroot.sys \SystemRoot\system32\DRIVERS\ACPI.sys \SystemRoot\system32\DRIVERS\WMILIB.SYS \SystemRoot\system32\DRIVERS\pci.sys \SystemRoot\System32\Drivers\sptd.sys \SystemRoot\system32\DRIVERS\msisadrv.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\system32\DRIVERS\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\system32\DRIVERS\pciide.sys \SystemRoot\system32\DRIVERS\PCIIDEX.SYS \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\system32\DRIVERS\atapi.sys \SystemRoot\system32\DRIVERS\ataport.SYS \SystemRoot\system32\DRIVERS\amdxata.sys \SystemRoot\system32\drivers\fltmgr.sys \SystemRoot\system32\drivers\fileinfo.sys \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\System32\Drivers\msrpc.sys \SystemRoot\System32\Drivers\ksecdd.sys \SystemRoot\System32\Drivers\cng.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\system32\DRIVERS\vmstorfl.sys \SystemRoot\system32\DRIVERS\volsnap.sys \SystemRoot\System32\Drivers\spldr.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\System32\drivers\hwpolicy.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\system32\DRIVERS\disk.sys \SystemRoot\system32\DRIVERS\dtsoftbus01.sys \SystemRoot\system32\DRIVERS\cdrom.sys \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\drivers\VIDEOPRT.SYS \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\system32\drivers\rdpencdd.sys \SystemRoot\system32\drivers\rdprefmp.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\system32\drivers\afd.sys \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\DRIVERS\wfplwf.sys \SystemRoot\system32\DRIVERS\pacer.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\serial.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\system32\DRIVERS\termdd.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\system32\DRIVERS\mssmbios.sys \SystemRoot\System32\drivers\discache.sys \SystemRoot\system32\drivers\csc.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\system32\DRIVERS\blbdrive.sys \SystemRoot\system32\DRIVERS\tunnel.sys \SystemRoot\system32\DRIVERS\amdppm.sys \SystemRoot\system32\DRIVERS\atikmdag.sys \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\dxgmms1.sys \SystemRoot\system32\DRIVERS\Rt64win7.sys \SystemRoot\system32\DRIVERS\usbohci.sys \SystemRoot\system32\DRIVERS\USBPORT.SYS \SystemRoot\system32\DRIVERS\usbehci.sys \SystemRoot\system32\DRIVERS\HDAudBus.sys \SystemRoot\system32\DRIVERS\fdc.sys \SystemRoot\system32\DRIVERS\serenum.sys \SystemRoot\System32\Drivers\ampbp0v2.SYS \SystemRoot\System32\Drivers\SCSIPORT.SYS \SystemRoot\System32\Drivers\ady6ijno.SYS \SystemRoot\system32\DRIVERS\CompositeBus.sys \SystemRoot\system32\DRIVERS\AgileVpn.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\rassstp.sys \SystemRoot\system32\DRIVERS\rdpbus.sys \SystemRoot\system32\DRIVERS\kbdclass.sys \SystemRoot\system32\DRIVERS\mouclass.sys \SystemRoot\system32\DRIVERS\swenum.sys \SystemRoot\system32\DRIVERS\ks.sys \SystemRoot\system32\DRIVERS\umbus.sys \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\system32\DRIVERS\flpydisk.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\drivers\HdAudio.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\system32\drivers\ksthunk.sys \SystemRoot\system32\DRIVERS\hidusb.sys \SystemRoot\system32\DRIVERS\HIDCLASS.SYS \SystemRoot\system32\DRIVERS\HIDPARSE.SYS \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\system32\DRIVERS\usbccgp.sys \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\Drivers\dump_dumpata.sys \SystemRoot\System32\Drivers\dump_atapi.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\system32\DRIVERS\mouhid.sys \SystemRoot\system32\DRIVERS\kbdhid.sys \SystemRoot\system32\DRIVERS\monitor.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\System32\cdd.dll \SystemRoot\system32\drivers\luafv.sys \??\C:\Windows\system32\drivers\mbam.sys \SystemRoot\system32\drivers\WudfPf.sys \??\C:\Program Files\Sandboxie\SbieDrv.sys \SystemRoot\system32\DRIVERS\lltdio.sys \SystemRoot\system32\DRIVERS\rspndr.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \SystemRoot\system32\drivers\mqac.sys \SystemRoot\system32\drivers\peauth.sys \SystemRoot\System32\Drivers\secdrv.SYS \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\System32\drivers\tcpipreg.sys \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\System32\DRIVERS\srv.sys \SystemRoot\system32\drivers\spsys.sys \SystemRoot\system32\DRIVERS\cdfs.sys \??\C:\Windows\system32\drivers\mbamchameleon.sys \??\C:\Windows\system32\drivers\mbamswissarmy.sys \Windows\System32\ntdll.dll \Windows\System32\smss.exe \Windows\System32\apisetschema.dll \Windows\System32\autochk.exe \Windows\System32\rpcrt4.dll \Windows\System32\iertutil.dll \Windows\System32\wininet.dll ----------- End ----------- <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xfffffa800260c790 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IdeDeviceP0T1L0-7\ Lower Device Object: 0xfffffa8002514060 Lower Device Driver Name: \Driver\atapi\ Driver name found: atapi Initialization returned 0x0 Port sub-driver loaded: \??\C:\Windows\System32\drivers\ataport.sys (0x0) Load Function returned 0x0 Initializing... Done! <<<2>>> Device number: 0, partition: 2 Physical Sector Size: 512 Drive: 0, DevicePointer: 0xfffffa800260c790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa800260c1e0, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa800260c790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa800250c520, DeviceName: Unknown, DriverName: \Driver\ACPI\ DevicePointer: 0xfffffa8002514060, DeviceName: \Device\Ide\IdeDeviceP0T1L0-7\, DriverName: \Driver\atapi\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ Upper DeviceData: 0xfffff8a00a649a50, 0xfffffa800260c790, 0xfffffa8002d2b790 Lower DeviceData: 0xfffff8a004cdf930, 0xfffffa8002514060, 0xfffffa800385b090 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning directory: C:\Windows\system32\drivers... <<<2>>> Device number: 0, partition: 2 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Done! Drive 0 Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: E43EF036 Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 2048 Numsec = 204800 Partition file system is NTFS Partition is bootable Partition 1 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 206848 Numsec = 163633152 Partition 2 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 163840000 Numsec = 270974976 Partition 3 type is Extended with LBA (0xf) Partition is NOT ACTIVE. Partition starts at LBA: 434814976 Numsec = 541956096 Disk Size: 500107862016 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)... Done! Performing system, memory and registry scan... Infected: c:\Users\user\AppData\Roaming\Bshades --> [stolen.Data] Infected: HKCU\SOFTWARE\VB AND VBA PROGRAM SETTINGS\SrvID --> [Malware.Trace] Done! Scan finished Scheduling clean up... <<<2>>> Device number: 0, partition: 2 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Removal successful. No system shutdown is required. =======================================
  5. Im afraid my pc is very much immune to viruses and malwares. Please help me wipe off all the viruses! Im very much concerned as i do all my transactions and billings through pc.. Also my pc is alot slower than before! Heres the log! dds.txt = DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 8.0.7600.16839 Run by user at 0:38:22 on 2013-05-23 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.1918.933 [GMT 5.5:30] . SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Program Files\Sandboxie\SbieSvc.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\SysWOW64\svchost.exe -k Akamai C:\Windows\system32\svchost.exe -k apphost C:\Windows\system32\mqsvc.exe F:\Program Files (x86)\MySQL\MySQL Server 5.1\bin\mysqld.exe C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe C:\PROGRA~2\VIDEOD~2\bar\2.bin\4zbarsvc.exe C:\Windows\system32\svchost.exe -k iissvcs C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\sppsvc.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\RunDll32.exe C:\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\datamngrUI.exe C:\Program Files (x86)\VideoDownloadConverter_4z\bar\2.bin\4zbrmon.exe C:\Users\user\AppData\Roaming\jqi4j.exe C:\Users\user\AppData\Roaming\7cf6r.exe E:\devil may cry 4\DAEMON Tools Pro\DTShellHlp.exe C:\Windows\system32\svchost.exe -k imgsvc G:\AutoHotkey\Extras\Scripts\F1 Spam.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Users\user\AppData\Local\Temp\AppLaunch\Service.exe G:\Phantasm RO\Phantasm RO.exe C:\Windows\system32\taskeng.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files (x86)\DAP\DAP.EXE C:\Windows\SysWOW64\mdm.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://tuvaro.com/ws/?source=8010b24e&tbp=homepage&toolbarid=base&u=1ed0c4e40000000000001c6f65524e48 mStart Page = hxxp://www.link2india.net?hp=IN-1000-23022013162126 uProxyOverride = 127.0.0.1:9421;<local> uURLSearchHooks: {CA3EB689-8F09-4026-AA10-B9534C691CE0} - <orphaned> uURLSearchHooks: free-downloads.net Toolbar: {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files (x86)\free-downloads.net\tbfree.dll uURLSearchHooks: {94366e2c-9923-431c-b0d6-747447dd0f2b} - <orphaned> uURLSearchHooks: <No Name>: {93a3111f-4f74-4ed8-895e-d9708497629e} - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\2.bin\4zSrcAs.dll mURLSearchHooks: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll mURLSearchHooks: free-downloads.net Toolbar: {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files (x86)\free-downloads.net\tbfree.dll mWinlogon: Userinit = userinit.exe, BHO: MediaBar: {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\Program Files (x86)\iMesh Applications\MediaBar\ToolBar\imeshdtxmltbpi.dll BHO: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll BHO: Toolbar BHO: {312f84fb-8970-4fd3-bddb-7012eac4afc9} - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\2.bin\4zbar.dll BHO: UrlHelper Class: {474597C5-AB09-49d6-A4D5-2E8D7341384E} - BHO: tuvaro Helper Object: {5CB02877-EFBC-4317-B608-9E24B11BAB40} - BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO: TBSB02381 Class: {77245F75-3D8C-40CD-8F64-F9AA1388406F} - C:\Program Files (x86)\TheChatPhone Toolbar\tbcore3.dll BHO: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: Search Assistant BHO: {c547c6c2-561b-4169-a2a5-20ba771ca93b} - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\2.bin\4zSrcAs.dll BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO: free-downloads.net Toolbar: {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files (x86)\free-downloads.net\tbfree.dll BHO: Download Accelerator Plus Integration: {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files (x86)\DAP\dapieloader.dll TB: BitTorrentBar Toolbar: {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll TB: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll TB: TheChatPhone Toolbar: {01193D00-C7F9-4C26-92A2-1CA91F170068} - C:\Program Files (x86)\TheChatPhone Toolbar\tbcore3.dll TB: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll TB: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll TB: TheChatPhone Toolbar: {01193D00-C7F9-4C26-92A2-1CA91F170068} - C:\Program Files (x86)\TheChatPhone Toolbar\tbcore3.dll TB: MediaBar: {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\Program Files (x86)\iMesh Applications\MediaBar\ToolBar\imeshdtxmltbpi.dll TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll TB: free-downloads.net Toolbar: {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files (x86)\free-downloads.net\tbfree.dll TB: VideoDownloadConverter: {48586425-6bb7-4f51-8dc6-38c88e3ebb58} - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\2.bin\4zbar.dll uRun: [DownloadAccelerator] "C:\Program Files (x86)\DAP\DAP.EXE" /STARTUP uRun: [AlcoholAutomount] "C:\Program Files (x86)\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe" -automount uRun: [Akamai NetSession Interface] "C:\Users\user\AppData\Local\Akamai\netsession_win.exe" uRun: [sandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe" uRun: [Facebook Update] "C:\Users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver uRun: [bitTorrent] "E:\bit torrent\BitTorrent.exe" /MINIMIZED uRun: [DAEMON Tools Pro Agent] "E:\devil may cry 4\DAEMON Tools Pro\DTAgent.exe" -autorun uRun: [Google Update] "C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe" /c uRun: [FaUpdate] C:\Users\user\AppData\Roaming\Adobe814.exe uRun: [Windows Live Messenger] C:\Users\user\AppData\Roaming\winni.exe mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" mRun: [DATAMNGR] C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\DATAMN~1.EXE mRun: [wmime] C:\Program Files (x86)\HEM\wmime.exe /STARTUP mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe mRun: [VideoDownloadConverter Search Scope Monitor] "C:\PROGRA~2\VIDEOD~2\bar\2.bin\4zsrchmn.exe" /m=2 /w /h mRun: [VideoDownloadConverter_4z Browser Plugin Loader] C:\PROGRA~2\VIDEOD~2\bar\2.bin\4zbrmon.exe StartupFolder: C:\Users\user\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MONITO~1.LNK - C:\Windows\System32\RunDll32.exe StartupFolder: C:\Users\user\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE uPolicies-Explorer: NoDriveTypeAutoRun = dword:221 mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: &Clean Traces - C:\Program Files (x86)\DAP\Privacy Package\dapcleanerie.htm IE: &Download with &DAP - C:\Program Files (x86)\DAP\dapextie.htm IE: Download &all with DAP - C:\Program Files (x86)\DAP\dapextie2.htm IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} LSP: %SystemRoot%\system32\PrxerDrv.dll DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: NameServer = 192.168.1.1 TCP: Interfaces\{89E2313C-6D3D-4D6E-9D22-FEFBCC9AD4BA} : DHCPNameServer = 192.168.1.1 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - C:\Program Files (x86)\DAP\dapie.dll Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - C:\Program Files (x86)\DAP\dapie.dll AppInit_DLLs= c:\progra~2\imesha~1\mediabar\datamngr\datamngr.dll c:\progra~2\imesha~1\mediabar\datamngr\iebho.dll c:\progra~2\browse~1\sprote~1.dll SSODL: WebCheck - <orphaned> SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll x64-BHO: UrlHelper Class: {474597C5-AB09-49d6-A4D5-2E8D7341384E} - C:\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\x64\IEBHO.dll x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll x64-BHO: Download Accelerator Plus Integration: {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files (x86)\DAP\DAPIELoader64.dll x64-Run: [snpstd3] C:\Windows\vsnpstd3.exe x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned> x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - C:\Program Files (x86)\DAP\dapie64.dll x64-Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - C:\Program Files (x86)\DAP\dapie64.dll x64-SSODL: WebCheck - <orphaned> Hosts: 173.212.255.178 ad.garenanow.com . ============= SERVICES / DRIVERS =============== . R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2012-6-27 283200] R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-14 27136] R2 StarWindServiceAE;StarWind AE Service;C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe [2009-12-24 370688] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248] R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-3-15 2886528] R2 VideoDownloadConverter_4zService;VideoDownloadConverterService;C:\PROGRA~2\VIDEOD~2\bar\2.bin\4zbarsvc.exe [2013-1-19 42504] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-1-16 347680] R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2011-11-23 158336] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 MBAMScheduler;MBAMScheduler;G:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-5-8 418376] S2 MBAMService;MBAMService;G:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-5-8 701512] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384] S2 WiseBootAssistant;Wise Boot Assistant;C:\Program Files (x86)\Wise\Wise Care 365\BootTime.exe [2013-5-22 580232] S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2012-10-26 79680] S3 dgderdrv;dgderdrv;C:\Windows\System32\drivers\dgderdrv.sys [2010-12-20 20552] S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-5-8 25928] S3 nosGetPlusHelper;getPlus® Helper 3004;C:\Windows\System32\svchost.exe -k nosGetPlusHelper [2009-7-14 27136] S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\System32\drivers\ssadbus.sys [2012-10-26 125416] S3 TFsExDisk;TFsExDisk;C:\Windows\System32\drivers\TFsExDisk.sys [2012-1-7 16392] S3 WatAdminSvc;WatAdminSvc;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-1-17 1255736] . =============== Created Last 30 ================ . 2013-05-22 14:33:09 -------- d-----w- C:\Program Files (x86)\ESET 2013-05-22 14:26:11 482304 --sh--w- C:\Users\user\AppData\Roaming\Adobe814.exe 2013-05-22 14:26:03 482304 --sh--w- C:\Users\user\AppData\Roaming\7cf6r.exe 2013-05-22 14:24:10 482304 --sh--w- C:\Users\user\AppData\Roaming\Adobe331.exe 2013-05-22 14:24:09 1169224 ----a-w- C:\Users\user\AppData\Roaming\D2AEB11IML.exe 2013-05-22 14:24:01 482304 --sh--w- C:\Users\user\AppData\Roaming\jqi4j.exe 2013-05-21 19:53:54 -------- d-----w- C:\Users\user\AppData\Roaming\Wise Game Booster 2013-05-21 19:53:18 -------- d-----w- C:\Program Files (x86)\tuvaro 2013-05-21 19:53:16 -------- d-----w- C:\Users\user\AppData\Roaming\tuvaro 2013-05-21 19:08:27 -------- d-----w- C:\Users\user\AppData\Roaming\Wise Care 365 2013-05-21 19:07:26 -------- d-----w- C:\Program Files (x86)\Wise 2013-05-21 18:28:40 -------- d-----w- C:\Users\user\AppData\Roaming\WinDefenders 2013-05-21 13:25:49 -------- d-----w- C:\Users\user\AppData\Roaming\FBpKz 2013-05-20 19:10:42 -------- d-sh--w- C:\Users\user\AppData\Roaming\msnmsg 2013-05-09 10:22:32 -------- d-----w- C:\Users\user\AppData\Roaming\Proxifier 2013-05-09 10:19:29 76392 ----a-w- C:\Windows\System32\PrxerDrv.dll 2013-05-09 10:19:29 70248 ----a-w- C:\Windows\SysWow64\PrxerDrv.dll 2013-05-09 10:19:29 57448 ----a-w- C:\Windows\System32\PrxerNsp.dll 2013-05-09 10:19:29 56424 ----a-w- C:\Windows\SysWow64\PrxerNsp.dll 2013-05-09 10:19:29 11264 ----a-w- C:\Windows\SysWow64\SPORDER.DLL 2013-05-09 10:19:29 103016 ----a-w- C:\Windows\System32\ProxifierShellExt.dll 2013-05-09 10:19:28 91240 ----a-w- C:\Windows\SysWow64\ProxifierShellExt.dll 2013-05-08 16:36:58 -------- d-----w- C:\Users\user\AppData\Roaming\Malwarebytes 2013-05-08 16:36:50 -------- d-----w- C:\ProgramData\Malwarebytes 2013-05-08 16:36:49 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys 2013-05-08 16:36:39 -------- d-----w- C:\Users\user\AppData\Local\Programs 2013-04-28 06:08:06 -------- d-sh--w- C:\Users\user\AppData\Local\ms-drivers 2013-04-28 06:07:57 -------- d-sh--w- C:\Users\user\AppData\Local\icsxml . ==================== Find3M ==================== . 2013-05-15 12:07:32 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-05-15 12:07:32 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe . ============= FINISH: 0:39:07.63 =============== attach.txt = . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Ultimate Boot Device: \Device\HarddiskVolume1 Install Date: 1/16/2011 4:17:05 PM System Uptime: 5/22/2013 2:37:19 PM (10 hours ago) . Motherboard: Gigabyte Technology Co., Ltd. | | GA-MA74GMT-S2 Processor: AMD Sempron 145 Processor | Socket M2 | 2800/200mhz . ==== Disk Partitions ========================= . A: is Removable C: is FIXED (NTFS) - 78 GiB total, 14.641 GiB free. D: is CDROM () E: is FIXED (NTFS) - 129 GiB total, 90.116 GiB free. F: is FIXED (NTFS) - 129 GiB total, 105.803 GiB free. G: is FIXED (NTFS) - 129 GiB total, 81.174 GiB free. H: is CDROM () J: is CDROM (CDFS) K: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP383: 4/28/2013 1:47:29 AM - Scheduled Checkpoint RP384: 5/6/2013 6:36:05 PM - Scheduled Checkpoint RP385: 5/14/2013 3:03:30 PM - Scheduled Checkpoint RP386: 5/22/2013 12:52:20 AM - Removed Ask Toolbar. RP387: 5/22/2013 1:10:40 AM - Created by Wise Care 365 . ==== Installed Programs ====================== . 1ClickDownloader A3FlamezEpi5Server 1.00 Able2Extract 7.0 Adobe AIR Adobe Download Manager Adobe Flash Player 11 ActiveX Adobe Shockwave Player 11.6 Akamai NetSession Interface Akamai NetSession Interface Service AnxietyRO v6.1 lite Ask Toolbar Assassin's Creed II Assassins Creed Revelations 1.0 AutoHotkey 1.1.10.00 Batman: Arkham Asylum BitTorrent BitTorrentBar Toolbar Browse2save BrowseToSave 1.74 Conduit Engine Coupon Printer for Windows DAEMON Tools Pro DAP Plug-in for 64 Bit IE Diablo.III.Collectors.Edition DotAlicious Gaming Client Download Accelerator Plus (DAP) Facebook Video Calling 1.2.0.287 ForceRO v1.3 Foxit Reader 5.1 free-downloads.net Toolbar Garena 2010 Garena Plus GOM Player Google Chrome HP Deskjet 2050 J510 series Basic Device Software HP Deskjet 2050 J510 series Help HP Deskjet 2510 series Basic Device Software HP Update ImagXpress India and The World James Bond 007 - Blood Stone Java Auto Updater Java 6 Update 31 jpg to pdf converter pro 4.0 League of Legends Malwarebytes Anti-Malware version 1.75.0.1300 MediaBar Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft DirectX SDK (June 2010) Microsoft Games for Windows - LIVE Microsoft Games for Windows - LIVE Redistributable Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office Groove MUI (English) 2007 Microsoft Office Groove Setup Metadata MUI (English) 2007 Microsoft Office InfoPath MUI (English) 2007 Microsoft Office Office 64-bit Components 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared 64-bit MUI (English) 2007 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Silverlight Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 Microsoft Visual Studio 6.0 Enterprise Edition Microsoft Web Publishing Wizard 1.53 MySQL Server 5.1 neroxml Neverlasting Ragnarok Online NVIDIA 3D Vision Controller Driver 285.62 NVIDIA 3D Vision Driver 285.62 NVIDIA Control Panel 285.62 NVIDIA Graphics Driver 285.62 NVIDIA Install Application NVIDIA PhysX NVIDIA PhysX System Software 9.11.0621 NVIDIA Stereoscopic 3D Driver NVIDIA Update 1.5.20 NVIDIA Update Components Pando Media Booster Phantasm RO PhotoScape Proxifier version 3.21 RaidCall Realtek Ethernet Controller Driver For Windows 7 Samsung New PC Studio SAMSUNG USB Driver for Mobile Phones Sandboxie 3.62 (64-bit) SinAstrea Ragnarok Online Lite-Installer Skype Click to Call Skype™ 6.3 Sony PC Companion 2.10.079 swMSM System Requirements Lab Tally.ERP 9 TeamViewer 7 TeraCopy 2.22 TheChatPhone Toolbar Tom Clancy's Splinter Cell Conviction Tuvaro toolbar Ubisoft Game Launcher VideoDownloadConverter Toolbar Virtual DJ Home - Atomix Productions Warkeys 1.16.0.0b WinRAR 4.00 beta 4 (32-bit) WinRAR 4.00 beta 4 (64-bit) Wise Care 365 version 2.45 Wise Game Booster 1.12 . ==== Event Viewer Messages From Past Week ======== . 5/23/2013 12:37:37 AM, Error: Service Control Manager [7023] - The SPP Notification Service service terminated with the following error: Access is denied. 5/22/2013 6:50:28 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the defragsvc service. 5/22/2013 12:37:33 AM, Error: Service Control Manager [7030] - The Wise Boot Assistant service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. 5/22/2013 10:19:22 AM, Error: Service Control Manager [7024] - The Windows Firewall service terminated with service-specific error Access is denied.. 5/22/2013 10:19:22 AM, Error: Service Control Manager [7000] - The Htsysm service failed to start due to the following error: The system cannot find the file specified. 5/20/2013 10:31:52 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service. 5/20/2013 10:31:01 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service. . ==== End Of File ===========================
  6. Hello, I have some problems with my pc and it seems to working slower than before.. There are also some unwanted programs which im unable to shut down through task manager. I have no idea what applications are those. Someone please help me with it. Are they some virus or Malware? I use my pc for online transactions and paying of bills and im much worried now about the safety.. Please help me.. Can someone suggest me a good anti virus which would make my computer virus free? im sending a screenshot.. If u need anything else about the pc please let me know! I have no idea whats jqj4j.exe and 7cf6r.exe and they dont seem to close at all.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.